ISACA CRISC Certified in Risk and Information Systems Control Online Training
ISACA CRISC Online Training
The questions for CRISC were last updated at Nov 23,2024.
- Exam Code: CRISC
- Exam Name: Certified in Risk and Information Systems Control
- Certification Provider: ISACA
- Latest update: Nov 23,2024
An unauthorized individual has socially engineered entry into an organization’s secured physical premises .
Which of the following is the BEST way to prevent future occurrences?
- A . Employ security guards.
- B . Conduct security awareness training.
- C . Install security cameras.
- D . Require security access badges.
The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?
- A . Logs and system events
- B . Intrusion detection system (IDS) rules
- C . Vulnerability assessment reports
- D . Penetration test reports
Which of the following is the MOST important outcome of reviewing the risk management process?
- A . Assuring the risk profile supports the IT objectives
- B . Improving the competencies of employees who performed the review
- C . Determining what changes should be nude to IS policies to reduce risk
- D . Determining that procedures used in risk assessment are appropriate
Which of the following is the BEST metric to demonstrate the effectiveness of an organization’s change management process?
- A . Increase in the frequency of changes
- B . Percent of unauthorized changes
- C . Increase in the number of emergency changes
- D . Average time to complete changes
The PRIMARY advantage of implementing an IT risk management framework is the:
- A . establishment of a reliable basis for risk-aware decision making.
- B . compliance with relevant legal and regulatory requirements.
- C . improvement of controls within the organization and minimized losses.
- D . alignment of business goals with IT objectives.
During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall .
Which of the following controls has MOST likely been compromised?
- A . Data validation
- B . Identification
- C . Authentication
- D . Data integrity
Which of the following will BEST mitigate the risk associated with IT and business misalignment?
- A . Establishing business key performance indicators (KPIs)
- B . Introducing an established framework for IT architecture
- C . Establishing key risk indicators (KRIs)
- D . Involving the business process owner in IT strategy
Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?
- A . Corporate incident escalation protocols are established.
- B . Exposure is integrated into the organization’s risk profile.
- C . Risk appetite cascades to business unit management
- D . The organization-wide control budget is expanded.
An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program.
The PRIMARY goal of this program should be to:
- A . reduce the risk to an acceptable level.
- B . communicate the consequences for violations.
- C . implement industry best practices.
- D . reduce the organization’s risk appetite
Which of the following is the MOST important consideration when multiple risk practitioners capture risk scenarios in a single risk register?
- A . Aligning risk ownership and control ownership
- B . Developing risk escalation and reporting procedures
- C . Maintaining up-to-date risk treatment plans
- D . Using a consistent method for risk assessment
Latest CRISC Dumps Valid Version with 933 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
