ISACA CRISC 시험

Question No : 1

Which of the following is the MOST important consideration when multiple risk practitioners capture risk scenarios in a single risk register?

• A.Aligning risk ownership and control ownership
• B.Developing risk escalation and reporting procedures
• C.Maintaining up-to-date risk treatment plans
• D.Using a consistent method for risk assessment

답을 확인하기

정답:

Question No : 2

An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program.
The PRIMARY goal of this program should be to:

• A.reduce the risk to an acceptable level.
• B.communicate the consequences for violations.
• C.implement industry best practices.
• D.reduce the organization's risk appetite

답을 확인하기

정답:

Question No : 3

Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?

• A.Corporate incident escalation protocols are established.
• B.Exposure is integrated into the organization's risk profile.
• C.Risk appetite cascades to business unit management
• D.The organization-wide control budget is expanded.

답을 확인하기

정답:

Question No : 4

Which of the following will BEST mitigate the risk associated with IT and business misalignment?

• A.Establishing business key performance indicators (KPIs)
• B.Introducing an established framework for IT architecture
• C.Establishing key risk indicators (KRIs)
• D.Involving the business process owner in IT strategy

답을 확인하기

정답:

Question No : 5

During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall .
Which of the following controls has MOST likely been compromised?

• A.Data validation
• B.Identification
• C.Authentication
• D.Data integrity

답을 확인하기

정답:

Question No : 6

The PRIMARY advantage of implementing an IT risk management framework is the:

• A.establishment of a reliable basis for risk-aware decision making.
• B.compliance with relevant legal and regulatory requirements.
• C.improvement of controls within the organization and minimized losses.
• D.alignment of business goals with IT objectives.

답을 확인하기

정답:

Question No : 7

Which of the following is the BEST metric to demonstrate the effectiveness of an organization's change management process?

• A.Increase in the frequency of changes
• B.Percent of unauthorized changes
• C.Increase in the number of emergency changes
• D.Average time to complete changes

답을 확인하기

정답:

Question No : 8

Which of the following is the MOST important outcome of reviewing the risk management process?

• A.Assuring the risk profile supports the IT objectives
• B.Improving the competencies of employees who performed the review
• C.Determining what changes should be nude to IS policies to reduce risk
• D.Determining that procedures used in risk assessment are appropriate

답을 확인하기

정답:

Question No : 9

The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?

• A.Logs and system events
• B.Intrusion detection system (IDS) rules
• C.Vulnerability assessment reports
• D.Penetration test reports

답을 확인하기

정답:

Question No : 10

An unauthorized individual has socially engineered entry into an organization's secured physical premises .
Which of the following is the BEST way to prevent future occurrences?

• A.Employ security guards.
• B.Conduct security awareness training.
• C.Install security cameras.
• D.Require security access badges.

답을 확인하기

정답:

Question No : 11

Which of the following would be MOST useful when measuring the progress of a risk response action plan?

• A.Percentage of mitigated risk scenarios
• B.Annual loss expectancy (ALE) changes
• C.Resource expenditure against budget
• D.An up-to-date risk register

답을 확인하기

정답:

Question No : 12

Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?

• A.Perform an m-depth code review with an expert
• B.Validate functionality by running in a test environment
• C.Implement a service level agreement.
• D.Utilize the change management process.

답을 확인하기

정답:

Question No : 13

A risk practitioner is organizing a training session lo communicate risk assessment methodologies to ensure a consistent risk view within the organization.
Which of the following i< the MOST important topic to cover in this training?

• A.Applying risk appetite
• B.Applying risk factors
• C.Referencing risk event data
• D.Understanding risk culture

답을 확인하기

정답:

Question No : 14

An organization has determined a risk scenario is outside the defined risk tolerance level .
What should be the NEXT course of action?

• A.Develop a compensating control.
• B.Allocate remediation resources.
• C.Perform a cost-benefit analysis.
• D.Identify risk responses

답을 확인하기

정답:

Question No : 15

Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?

• A.impact due to failure of control
• B.Frequency of failure of control
• C.Contingency plan for residual risk
• D.Cost-benefit analysis of automation

답을 확인하기

정답: