CRISC PRACTICE QUESTIONS WITH VERIFIED
ANSWERS/ GET IT 100% ACCURATE
A key objective when monitoring information systems control
effectiveness against the enterprise's external requirements is
to:
A. Design the applicable information security controls for
external audits.
B. Create the enterprise's information security policy provisions
for third parties.
C. Ensure that the enterprise's legal obligations have been
satisfied.
D. Identify those legal obligations that apply to the enterprise's
security practices. - correct answer- C. Ensure that the
enterprise's legal obligations have been satisfied.
Accountable key risk roles are - correct answer- Risk
owner and control owner
An enterprise has outsourced several business functions to a
firm in another country, including IT development, data hosting
and support. What is the MOST important question the risk
professional will ask in relation to the outsourcing
arrangements?
,A. Are policies and procedure in place to handle security
exceptions?
B. Is the outsourcing supplier meeting the terms of the service
level agreements?
C. Is the security program of the outsourcing provider based on
an internal standard?
D. Are specific security controls mandated in the outsourcing
contract/agreement? - correct answer- D. Are specific
security controls mandated in the outsourcing
contract/agreement?
Define BIA - correct answer- Business Impact Analysis
classifies business activities and resources needed to deliver the
most essential enterprise services.
Define Control Owner - correct answer- Ensures selected
controls are monitored, maintained and reported on
Define Risk Event - correct answer- Discrete, specific
occurrences that result in an impact upon an enterprise or its
assets
, Define Risk Owner - correct answer- Empowered to
make decisions on behalf of the enterprise with respect to risk
Define Risk Practitioner - correct answer- Communicate
with risk owners to ensure awareness of risk responses already
implemented and responses that are pending implementation
Define Threat Event - correct answer- Describe the series
of actions that may take place
Four ways to respond to risk - correct answer- Access,
Transfer, Mitigate, and Avoid
It is MOST important that risk appetite is aligned with business
objectives to ensure that:
A. resources are directed toward areas of low risk tolerance.
B. Major risk is identified and eliminated.
C. IT and business goals are aligned.
D. the risk strategy is adequately communicated. - correct
answer- A. resources are directed toward areas of low risk
tolerance.
ANSWERS/ GET IT 100% ACCURATE
A key objective when monitoring information systems control
effectiveness against the enterprise's external requirements is
to:
A. Design the applicable information security controls for
external audits.
B. Create the enterprise's information security policy provisions
for third parties.
C. Ensure that the enterprise's legal obligations have been
satisfied.
D. Identify those legal obligations that apply to the enterprise's
security practices. - correct answer- C. Ensure that the
enterprise's legal obligations have been satisfied.
Accountable key risk roles are - correct answer- Risk
owner and control owner
An enterprise has outsourced several business functions to a
firm in another country, including IT development, data hosting
and support. What is the MOST important question the risk
professional will ask in relation to the outsourcing
arrangements?
,A. Are policies and procedure in place to handle security
exceptions?
B. Is the outsourcing supplier meeting the terms of the service
level agreements?
C. Is the security program of the outsourcing provider based on
an internal standard?
D. Are specific security controls mandated in the outsourcing
contract/agreement? - correct answer- D. Are specific
security controls mandated in the outsourcing
contract/agreement?
Define BIA - correct answer- Business Impact Analysis
classifies business activities and resources needed to deliver the
most essential enterprise services.
Define Control Owner - correct answer- Ensures selected
controls are monitored, maintained and reported on
Define Risk Event - correct answer- Discrete, specific
occurrences that result in an impact upon an enterprise or its
assets
, Define Risk Owner - correct answer- Empowered to
make decisions on behalf of the enterprise with respect to risk
Define Risk Practitioner - correct answer- Communicate
with risk owners to ensure awareness of risk responses already
implemented and responses that are pending implementation
Define Threat Event - correct answer- Describe the series
of actions that may take place
Four ways to respond to risk - correct answer- Access,
Transfer, Mitigate, and Avoid
It is MOST important that risk appetite is aligned with business
objectives to ensure that:
A. resources are directed toward areas of low risk tolerance.
B. Major risk is identified and eliminated.
C. IT and business goals are aligned.
D. the risk strategy is adequately communicated. - correct
answer- A. resources are directed toward areas of low risk
tolerance.
