CRISC exam

You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission refers to?A . ProbabilitiesB . ThreatsC . VulnerabilitiesD . ImpactsView AnswerAnswer: C Explanation: Vulnerabilities represent characteristics of information resources that...

Which of the following is the priority of data owners when establishing risk mitigation method?A . User entitlement changesB . Platform securityC . Intrusion detectionD . Antivirus controlsView AnswerAnswer: A Explanation: Data owners are responsible for assigning user entitlement changes and approving access to the systems for which they are...

Mortality tables are based on what mathematical activity? Each correct answer represents a complete solution. Choose three.A . Normal distributionsB . ProbabilitiesC . ImpactD . SamplingView AnswerAnswer: ABD Explanation: Probability identifies the chances that a particular event will happen under certain circumstances. The variables provided are based on information gathered...

You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?A . DetectiveB . CorrectiveC . PreventativeD . RecoveryView AnswerAnswer:...

Which of the following controls do NOT come under technical class of control? A. Program management control B. System and Communications Protection control C. Identification and Authentication control D. Access ControlView AnswerAnswer: A Explanation: Program Management control comes under management class of controls, not technical. Program Management control is driven...

What is the value of exposure factor if the asset is lost completely?A . 1B . InfinityC . 10D . 0View AnswerAnswer: A Explanation: Exposure Factor represents the impact of the risk over the asset, or percentage of asset lost. For example, if the Asset Value is reduced to two...

Which of the following matrices is used to specify risk thresholds?A . Risk indicator matrixB . Impact matrixC . Risk scenario matrixD . Probability matrixView AnswerAnswer: A Explanation: Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or...

You have been assigned as the Project Manager for a new project that involves development of a new interface for your existing time management system. You have completed identifying all possible risks along with the stakeholders and team and have calculated the probability and impact of these risks. Which of...

For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"A . Level 3B . Level 0C . Level 5D . Level 2View AnswerAnswer: C Explanation: An enterprise's risk...

Which of the following are the principles of access controls? Each correct answer represents a complete solution. Choose three.A . ConfidentialityB . AvailabilityC . ReliabilityD . IntegrityView AnswerAnswer: ABD Explanation: The principles of access controls focus on availability, integrity, and confidentiality, as loss or danger is directly related to these...