CRISC Exam | Comprehensive Questions and
Answers | A+ Graded | With Expert Solutions
Save
Terms in this set (106)
An enterprise recently developed a A. Data classification policy describes the data
breakthrough technology that classification categories; levels of protection to
could provide a significant be provided for each category of data; and roles
competitive edge. Which of the and responsibilities of potential users, including
following FIRST governs how this data owners
information is to be protected from
within the enterprise?
A. The data classification policy
B. The acceptable use policy
C. Encryption standards
D. The access control policy
,Which of the following is the BEST B. Centrally publishing the risk register and
way to ensure that an accurate risk enabling periodic polling of risk assessors
register is maintained over time? through workflow features will ensure accuracy
of content. A knowledge management platform
A. Monitor KRIs and record findings with workflow and polling features will automate
in the risk register the process of maintaining the risk register
B. Publish the risk register centrally
with workflow features that
periodically poll risk assessors
C. Distribute the risk register to
business process owners for review
and updating
D. Utilize audit personnel to
perform regular audits and to
maintain the risk register
Which of the following is the MOST C. The information security infrastructure should
important requirement for setting be based on a risk assessment
up an information security
infrastructure for a new system?
A. Performing a BIA
B. Considering personal devices as
part of the security policy
C. Basing the information security
infrastructure on a risk assessment
D. Initiating IT security training and
familiarization
,The MAIN objective of IT risk D. IT risk management should be conducted as
management is to: part of enterprise risk management (ERM), the
ultimate objective of which is to enable risk-
A. prevent loss of IT assets aware business decisions
B. provide timely management
reports
C. ensure regulatory compliance
D. enable risk-aware business
decisions
Which of the following is the B. The primary reason for determining the
PRIMARY reason that a risk security boundary is to establish what systems
practitioner determines the security and components are included in the risk
boundary prior to conducting a risk assessment
assessment?
A. To determine which laws and
regulations apply
B. To determine the scope of the
risk assessment
C. To determine the business
owner(s) of the system
D. To decide between conducting a
quantitative or qualitative analysis
The PRIMARY advantage of A. Once important assets and the risk that may
creating and maintaining a risk impact these assets are identified, the risk register
register is to: is used as an inventory of that risk. The risk
register can help enterprises accelerate their risk
A. ensure than an inventory of decision making and establish accountability for
potential risk is maintained specific risk
B. record all risk scenarios
considered during the risk
identification process
C. collect similar data on all risk
identified within the organization
D. run reports based on various risk
scenarios
, The board of directors of a one- A. The strategic IT plan is the first policy to be
year-old start-up company has created when setting up an enterprise's
asked their CIO to create all of the governance model
enterprise's IT policies and
procedures. Which of the following
should the CIO create FIRST?
A. The strategic IT plan
B. The data classification scheme
C. The information architecture
document
D. The technology infrastructure
plan
A BIA is primarily used to: B
A. estimate the resources required
to resume and return to normal
operations after a disruption
B. evaluate the impact of a
disruption to an enterprise's ability
to operate over time
C. calculate the likelihood and
impact of known threats on specific
functions
D. evaluate high-level business
requirements
Answers | A+ Graded | With Expert Solutions
Save
Terms in this set (106)
An enterprise recently developed a A. Data classification policy describes the data
breakthrough technology that classification categories; levels of protection to
could provide a significant be provided for each category of data; and roles
competitive edge. Which of the and responsibilities of potential users, including
following FIRST governs how this data owners
information is to be protected from
within the enterprise?
A. The data classification policy
B. The acceptable use policy
C. Encryption standards
D. The access control policy
,Which of the following is the BEST B. Centrally publishing the risk register and
way to ensure that an accurate risk enabling periodic polling of risk assessors
register is maintained over time? through workflow features will ensure accuracy
of content. A knowledge management platform
A. Monitor KRIs and record findings with workflow and polling features will automate
in the risk register the process of maintaining the risk register
B. Publish the risk register centrally
with workflow features that
periodically poll risk assessors
C. Distribute the risk register to
business process owners for review
and updating
D. Utilize audit personnel to
perform regular audits and to
maintain the risk register
Which of the following is the MOST C. The information security infrastructure should
important requirement for setting be based on a risk assessment
up an information security
infrastructure for a new system?
A. Performing a BIA
B. Considering personal devices as
part of the security policy
C. Basing the information security
infrastructure on a risk assessment
D. Initiating IT security training and
familiarization
,The MAIN objective of IT risk D. IT risk management should be conducted as
management is to: part of enterprise risk management (ERM), the
ultimate objective of which is to enable risk-
A. prevent loss of IT assets aware business decisions
B. provide timely management
reports
C. ensure regulatory compliance
D. enable risk-aware business
decisions
Which of the following is the B. The primary reason for determining the
PRIMARY reason that a risk security boundary is to establish what systems
practitioner determines the security and components are included in the risk
boundary prior to conducting a risk assessment
assessment?
A. To determine which laws and
regulations apply
B. To determine the scope of the
risk assessment
C. To determine the business
owner(s) of the system
D. To decide between conducting a
quantitative or qualitative analysis
The PRIMARY advantage of A. Once important assets and the risk that may
creating and maintaining a risk impact these assets are identified, the risk register
register is to: is used as an inventory of that risk. The risk
register can help enterprises accelerate their risk
A. ensure than an inventory of decision making and establish accountability for
potential risk is maintained specific risk
B. record all risk scenarios
considered during the risk
identification process
C. collect similar data on all risk
identified within the organization
D. run reports based on various risk
scenarios
, The board of directors of a one- A. The strategic IT plan is the first policy to be
year-old start-up company has created when setting up an enterprise's
asked their CIO to create all of the governance model
enterprise's IT policies and
procedures. Which of the following
should the CIO create FIRST?
A. The strategic IT plan
B. The data classification scheme
C. The information architecture
document
D. The technology infrastructure
plan
A BIA is primarily used to: B
A. estimate the resources required
to resume and return to normal
operations after a disruption
B. evaluate the impact of a
disruption to an enterprise's ability
to operate over time
C. calculate the likelihood and
impact of known threats on specific
functions
D. evaluate high-level business
requirements
