100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CRISC IS – Questions & Complete Solutions $14.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. CRISC - Certified In Risk And Information Systems Control
  4.  
  5. CRISC - Certified in Risk and Information Systems Control

Exam (elaborations)

CRISC IS – Questions & Complete Solutions

 0 view  0 purchase
  • Course
  • CRISC - Certified in Risk and Information Systems Control
  • Institution
  • CRISC - Certified In Risk And Information Systems Control

CRISC IS – Questions & Complete Solutions

Preview 3 out of 16  pages

Document information

  • November 20, 2024
  • 16
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • crisc is questions complete solutions

Written for

  • CRISC - Certified in Risk and Information Systems Control
  • CRISC - Certified in Risk and Information Systems Control

Seller

avatar-seller
Studyhall

Reviews received

Content preview

CRISC IS – Questions & Complete Solutions

An enterprise expanded its operations into Europe, Asia, Latin America.
Enterprise has employee handbook that was updated 3 years ago. What is the
biggest concern? Right Ans - Handbook may violate local laws/regulations

Which of the following is the most important for effective risk management.
Right Ans - It is the utmost importance to assign risk to individual owners to
maximize accountability

When requesting info to comply with discovery, and enterprise lead learned
that its cloud provider was not contracted to backup messages. What is the
greatest concern? Right Ans - Validating the companies policies to
providers contract

Which of the following choices is the most important part of outsourcing a
contract? Right Ans - provisions to assess the compliance of the provider

Which of the following outcomes of outsourcing noncore processes is of
greatest concern to the management of an enterprise? Right Ans -
Processing of sensitive data was subcontracted by the vendor

An enterprise has outsourced several business functions to a firm in another
country, including IT development, data hosting, and support. What is the
most important question a risk professional will ask in relation to the
outsourcing arrangements? Right Ans - Are specific security controls
mandated in the outsourcing contract/agreement

Which of the following is most essential for a risk management program to be
effective? Right Ans - A new risk detection

Who must give final sign off on the IT Risk management plan? Right Ans -
Senior Management

Risk management are designed to reduce risk to: Right Ans - a level that
the enterprise is willing to accept.

Which of the following combinations of factors helps quantify risk? Right
Ans - Probability and Consequence

,The greatest risk posed by an absence of strategic planning is: Right Ans -
improper oversight of IT investments

Which of the following examples fo risk should be addressed during
application design? Right Ans - Lack of skilled resources

Which of the following is of most concern for the risk practitioner regarding
applications running in production? Right Ans - Backdoors

An enterprise security policy is an example of which control? Right Ans -
management control

Which of the following statements best describes the value of a risk register?
Right Ans - It drives the risk response plan

Who is accountable for business risk related to IT? Right Ans - Users of IT
services

Which of the following cloud computing models is most appropriate for a
collaborative research between universities? Right Ans - A community
cloud deployment model

Senior management will most likely have the highest tolerance for moving
which of the following to public cloud? Right Ans - Corporate email system

The most important external factors that should be considered in a risk
assessment are? Right Ans - The installations of many insecure devices on
the internet

Who is accountable for the overall enterprise strategy for risk governance?
Right Ans - Board of Directors

Which of the following most affects a risk scenario? Right Ans - An actor

Which of the following is the most prevalent risk in the development of end-
user computing applications? Right Ans - Failure et subject applications to
testing and general IT controls

, What is the most effective technique to evaluate the potential impact of legal,
regulatory, and contractual requirements on business objectives? Right
Ans - A compliance oriented BIA

A business impact analysis is primarily used to: Right Ans - Evaluate the
impact of disruption on enterprises ability to operate overtime. Recovery
times objectives and recovery point objective.

The likelihood of an attack being launched against an enterprise is most
dependent on: Right Ans - The skill and motivation of the potential attacker

A small software company has been flooded an insurance does not pay out
because premium has lapsed. In relation to risk management, the lapsed
premium is considered: Right Ans - A vulnerability

An organization is considering a cloud computing and accepts the risk of
confidential info in the cloud. Which os the best cloud deployment model that
offers the most safeguards for this information? Right Ans - Private Cloud

____ are software suites that help intruders gain un-authorized admin access to
a computer system. Right Ans - Rootkits

Obsolesce of context. (Tool needs to updated regularly with current
regulations. Right Ans - Which of the following is a major risk associated
with the use of GRC tools?

An interdisciplinary team within the enterprise helps provide enterprise wide
perspective. Right Ans - Which of the following provide the best
perspective of risk management to an enterprises employees and
stockholders?

Gather information on the current and future environment Right Ans - The
first step in identifying and assessing IT risk is to:

statement of work Right Ans - What document does an organization refer
to in order to determine the intellectual property ownership of an application
built by a third party service provider?

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Studyhall. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75057 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.99
  • (0)
  Add to cart