Risk Management and Insurance > QUESTIONS & ANSWERS > CRISC Practice Exam Questions (All)

CRISC Practice Exam Questions

Document Content and Description Below

CRISC Practice Exam Questions An enterprise recently developed a breakthrough technology that could provide a significant competitive edge. Which of the following FIRST governs how this information is to be protected from within the enterprise? A. The data classification policy B. The acceptable use policy C. Encryption standards D. The access control policy - ANS - A. Data classification policy describes the data classification categories; levels of protection to be provided for each category of data; and roles and responsibilities of potential users, including data owners Which of the following is the BEST way to ensure that an accurate risk register is maintained over time? A. Monitor KRIs and record findings in the risk register B. Publish the risk register centrally with workflow features that periodically poll risk assessors C. Distribute the risk register to business process owners for review and updating D. Utilize audit personnel to perform regular audits and to maintain the risk register - ANS - B. Centrally publishing the risk register and enabling periodic polling of risk assessors through workflow features will ensure accuracy of content. A knowledge management platform with workflow and polling features will automate the process of maintaining the risk register Which of the following is the MOST important requirement for setting up an information security infrastructure for a new system? A. Performing a BIA B. Considering personal devices as part of the security policy C. Basing the information security infrastructure on a risk assessment D. Initiating IT security training and familiarization - ANS - C. The information security infrastructure should be based on a risk assessment The MAIN objective of IT risk management is to: A. prevent loss of IT assets B. provide timely management reports C. ensure regulatory compliance D. enable risk-aware business decisions - ANS - D. IT risk management should be conducted as part of enterprise risk management (ERM), the ultimate objective of which is to enable riskaware business decisions Which of the following is the PRIMARY reason that a risk practitioner determines the security boundary prior to conducting a risk assessment? A. To determine which laws and regulations apply B. To determine the scope of the risk assessment C. To determine the business owner(s) of the system D. To decide between conducting a quantitative or qualitative analysis - ANS - B. The primary reason for determining the security boundary is to establish what systems and components are included in the risk assessment The PRIMARY advantage of creating and maintaining a risk register is to: A. ensure than an inventory of potential risk is maintained B. record all risk scenarios considered during the risk identification process C. collect similar data on all risk identified within the organization D. run reports based on various risk scenarios - ANS - A. Once important assets and the risk that may impact these assets are identified, the risk register is used as an inventory of that risk. The risk register can help enterprises accelerate their risk decision making and establish accountability for specific risk The board of directors of a one-year-old start-up company has asked their CIO to create all of the enterprise's IT policies and procedures. Which of the following should the CIO create FIRST? A. The strategic IT plan B. The data classification scheme C. The information architecture document D. The technology infrastructure plan - ANS - A. The strategic IT plan is the first policy to be created when setting up an enterprise's governance model A BIA is primarily used to: A. estimate the resources required to resume and return to normal operations after a disruption B. evaluate the impact of a disruption to an enterprise's ability to operate over time C. calculate the likelihood and impact of known threats on specific functions D. evaluate high-level business requirements - ANS - B Which of the following is the BIGGEST concern for a CISO regarding interconnections with systems outside of the enterprise? A. Requirements to comply with each other's contractual security requirements B. Uncertainty that the other sy

[Show More]

Last updated: 3 years ago

Preview 1 out of 30 pages

Buy Now

Instant download

We Accept: