ISACA CRISC Certified in Risk and Information Systems Control Online Training
ISACA CRISC Online Training
The questions for CRISC were last updated at Nov 22,2024.
- Exam Code: CRISC
- Exam Name: Certified in Risk and Information Systems Control
- Certification Provider: ISACA
- Latest update: Nov 22,2024
Who should be accountable for ensuring effective cybersecurity controls are established?
- A . Risk owner
- B . Security management function
- C . IT management
- D . Enterprise risk function
Which of the following is the BEST method to identify unnecessary controls?
- A . Evaluating the impact of removing existing controls
- B . Evaluating existing controls against audit requirements
- C . Reviewing system functionalities associated with business processes
- D . Monitoring existing key risk indicators (KRIs)
Which of the following BEST describes the role of the IT risk profile in strategic IT-related decisions?
- A . It compares performance levels of IT assets to value delivered.
- B . It facilitates the alignment of strategic IT objectives to business objectives.
- C . It provides input to business managers when preparing a business case for new IT projects.
- D . It helps assess the effects of IT decisions on risk exposure
Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?
- A . Ensuring availability of resources for log analysis
- B . Implementing log analysis tools to automate controls
- C . Ensuring the control is proportional to the risk
- D . Building correlations between logs collected from different sources
Which of the following is the BEST method to ensure a terminated employee’s access to IT systems is revoked upon departure from the organization?
- A . Login attempts are reconciled to a list of terminated employees.
- B . A list of terminated employees is generated for reconciliation against current IT access.
- C . A process to remove employee access during the exit interview is implemented.
- D . The human resources (HR) system automatically revokes system access.
Who is the MOST appropriate owner for newly identified IT risk?
- A . The manager responsible for IT operations that will support the risk mitigation efforts
- B . The individual with authority to commit organizational resources to mitigate the risk
- C . A project manager capable of prioritizing the risk remediation efforts
- D . The individual with the most IT risk-related subject matter knowledge
Which of the following is the BEST indication of an improved risk-aware culture following the implementation of a security awareness training program for all employees?
- A . A reduction in the number of help desk calls
- B . An increase in the number of identified system flaws
- C . A reduction in the number of user access resets
- D . An increase in the number of incidents reported
Which of the following tools is MOST effective in identifying trends in the IT risk profile?
- A . Risk self-assessment
- B . Risk register
- C . Risk dashboard
- D . Risk map
A risk practitioner has determined that a key control does not meet design expectations .
Which of the following should be done NEXT?
- A . Document the finding in the risk register.
- B . Invoke the incident response plan.
- C . Re-evaluate key risk indicators.
- D . Modify the design of the control.
Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?
- A . Maintain and review the classified data inventor.
- B . Implement mandatory encryption on data
- C . Conduct an awareness program for data owners and users.
- D . Define and implement a data classification policy
Latest CRISC Dumps Valid Version with 933 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
