Certified in Risk and Information Systems Control (CRISC)

FREE CRISC Certification Questions and Answers

Which of the following factors should the cost-benefit analysis of a two-factor authentication system contain the MOST?

The frequency of incidents

The annual loss expectancy of security incidents

The total cost of ownership

The approved budget of the project

Correct! Wrong!

The cost baseline that must be taken into account for the whole life cycle of the control is established by total cost of ownership, making it the most pertinent piece of information to be included in the cost-benefit analysis.

Which of the following BEST guarantees that identified information system vulnerabilities are appropriately mitigated?

Incorporating the findings into the annual report to shareholders.

Presenting root cause analysis to the management of the enterprise

Assigning action plans with deadlines to responsible personnel.

Implementing software to input the action points.

Correct! Wrong!

When mitigation is assigned to personnel, accountability for meeting the deadline is established.

What is the MOST crucial protection that needs to be in place to prevent abuse of the company's social media account?

Two-factor authentication

Awareness training

Strong passwords

Social media account monitoring

Correct! Wrong!

The account will be actively guarded against unwanted access through the use of two-factor authentication.

After the likelihood of a loss event has been estimated, which of the following criteria should be evaluated?

Compensating controls

Residual risk

Risk tolerance

Magnitude of impact

Correct! Wrong!

The next stage is to determine the impact's magnitude after the likelihood has been established.

Where would the data ethics function MOST likely reside in an enterprise, based on the three lines of defense model?

The third line of defense

The first line of defense

The board of directors

The second line of defense

Correct! Wrong!

Compliance, ethics, and risk management make up the second line of defense, which serves as a guide.

When defining risk management methods, which of the following should be determined as being MOST important?

IT architecture complexity

Business objectives and operations

Risk assessment criteria

Enterprise disaster recovery plan

Correct! Wrong!

The risk practitioner must examine the enterprise's goals and risk tolerance when designing risk management strategies and define a risk management framework based on this study. While some businesses may opt to accept known risk, others may invest in and implement risk-mitigating systems.

The BIGGEST danger associated with not having a strategy is:

improper oversight of IT investment

increase in the number of licensing violation

unresolved current and past problems

increase in the number of obsolete systems

Correct! Wrong!

The biggest danger is improper oversight of IT investments. Without adequate management oversight, IT investments may not be in line with company strategies, and IT spending may not be supporting business goals.

FREE CRISC Certification Questions and Answers

Which of the following factors should the cost-benefit analysis of a two-factor authentication system contain the MOST?

Which of the following BEST guarantees that identified information system vulnerabilities are appropriately mitigated?

What is the MOST crucial protection that needs to be in place to prevent abuse of the company's social media account?

After the likelihood of a loss event has been estimated, which of the following criteria should be evaluated?

Where would the data ethics function MOST likely reside in an enterprise, based on the three lines of defense model?

When defining risk management methods, which of the following should be determined as being MOST important?

The BIGGEST danger associated with not having a strategy is:

Related Post