FREE CRISC Certification MCQ Questions and Answers

Question 1

Which of the following BEST describes an effective incident response training program?

Accepted Answer

Increased reporting of security incidents to the response team

Answer

Increased number of identified system vulnerabilities

Answer

Decreased number of password resets

Answer

Decreased reporting of security incidents to the response team

Question 2

Which of the following elements will most strongly influence the kind of information security governance model a company chooses to implement?

Accepted Answer

The organizational structure

Answer

The type of technology that the enterprise uses

Answer

The enterprise’s budget

Answer

The number of employees

Question 3

Using comparable network technology, an enterprise learns of a security breach at another organization. The MOST crucial thing a risk practitioner should do is:

Accepted Answer

Assess the likelihood of the incident occurring at the risk practitioner’s enterprise

Answer

Discontinue the use of the vulnerable technology

Answer

Remind staff that no similar security breaches have taken place

Answer

Report to senior management that the enterprise is not affected

Question 4

An anti-malware system has been installed by an IT company to lower risk. Which of the following statements BEST explains how this control lowers risk, assuming it is operating within the parameters set?

Accepted Answer

The control reduces the impact of malware on company computers but does not reduce the probability of those attacks

Answer

The control reduces neither probability nor impact of malware on company computers

Answer

The control reduces the probability and impact of malware on company computers

Answer

The control reduces the probability of malware on company computers but does not reduce the impact of those attacks

Question 5

Which of the following will help you create a set of recovery time goals the MOST?

Accepted Answer

Business impact analysis

Answer

Gap analysis

Answer

Regression analysis

Answer

Risk analysis

Question 6

Which indicator would be MOST helpful in an operational analysis of the processing environment?

Accepted Answer

User satisfaction

Answer

Audit findings

Answer

Management changes

Answer

Regulatory changes

Question 7

Which of the following approaches is BEST for ensuring contract programmers abide by organizational security guidelines?

Accepted Answer

Perform periodic security reviews of the contractors

Answer

Explicitly refer to contractors in the security standards

Answer

Have the contractors acknowledge the security policies in writing

Answer

Create penalties for noncompliance in the contracting agreement