CRISC Online Practice Questions and Answers
You are the project manager of the PFO project. You are working with your project team members and two subject matter experts to assess the identified risk events in the project. Which of the following approaches is the best to assess the risk events in the project?
A. Interviews or meetings
B. Determination of the true cost of the risk event
C. Probability and Impact Matrix
D. Root cause analysis
When testing the security of an IT system, il is MOST important to ensure that;
A. tests are conducted after business hours.
B. operators are unaware of the test.
C. external experts execute the test.
D. agreement is obtained from stakeholders.
When a high-risk security breach occurs, which of the following would be MOST important to the person responsible for managing the incident?
A. An analysis of the security logs that illustrate the sequence of events
B. An analysis of the impact of similar attacks in other organizations
C. A business case for implementing stronger logical access controls
D. A justification of corrective action taken
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
A. Implement segregation of duties.
B. Enforce an internal data access policy.
C. Enforce the use of digital signatures.
D. Apply single sign-on for access control.
The PRIMARY basis for selecting a security control is:
A. to achieve the desired level of maturity.
B. the materiality of the risk.
C. the ability to mitigate risk.
D. the cost of the control.
Which of the following would MOST likely cause a risk practitioner to reassess risk scenarios?
A. A change in the risk management policy
B. A major security incident
C. A change in the regulatory environment
D. An increase in intrusion attempts
A payroll manager discovers that fields in certain payroll reports have been modified without authorization. Which of the following control weaknesses could have contributed MOST to this problem?
A. The user requirements were not documented.
B. Payroll files were not under the control of a librarian.
C. The programmer had access to the production programs.
D. The programmer did not involve the user in testing.
Which of the following should be of MOST concern to a risk practitioner reviewing findings from a recent audit of an organization's data center?
A. Ownership of an audit finding has not been assigned
B. The data center is not fully redundant
C. Audit findings were not communicated to senior management
D. Key risk indicators (KRIs) for the data center do not include critical components
Why select/choose certbus.com?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.
• 6000+ PDF and VCE exam dumps
• 6000+ Free demo downloads available
• 50+ Preparation Labs
• 20+ Representatives Providing 24/7 Support
Copyright © 2004-2024 certbus.com, All Rights Reserved.