Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

CRISC Exam Dumps - Certified in Risk and Information Systems Control

Go to page:
Question # 97

A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

A.

Business continuity manager (BCM)

B.

Human resources manager (HRM)

C.

Chief risk officer (CRO)

D.

Chief information officer (CIO)

Full Access
Question # 98

A trusted third-party service provider has determined that the risk of a client's systems being hacked is low. Which of the following would be the client's BEST course of action?

A.

Perform their own risk assessment

B.

Implement additional controls to address the risk.

C.

Accept the risk based on the third party's risk assessment

D.

Perform an independent audit of the third party.

Full Access
Question # 99

The PRIMARY reason for a risk practitioner to review business processes is to:

A.

Benchmark against peer organizations.

B.

Identify appropriate controls within business processes.

C.

Assess compliance with global standards.

D.

Identify risk owners related to business processes.

Full Access
Question # 100

Which of the following would BEST help to ensure that suspicious network activity is identified?

A.

Analyzing intrusion detection system (IDS) logs

B.

Analyzing server logs

C.

Using a third-party monitoring provider

D.

Coordinating events with appropriate agencies

Full Access
Question # 101

Which of the following is the FIRST step in managing the risk associated with the leakage of confidential data?

A.

Maintain and review the classified data inventor.

B.

Implement mandatory encryption on data

C.

Conduct an awareness program for data owners and users.

D.

Define and implement a data classification policy

Full Access
Question # 102

Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

A.

Login attempts are reconciled to a list of terminated employees.

B.

A list of terminated employees is generated for reconciliation against current IT access.

C.

A process to remove employee access during the exit interview is implemented.

D.

The human resources (HR) system automatically revokes system access.

Full Access
Question # 103

IT management has asked for a consolidated view into the organization's risk profile to enable project prioritization and resource allocation. Which of the following materials would

be MOST helpful?

A.

IT risk register

B.

List of key risk indicators

C.

Internal audit reports

D.

List of approved projects

Full Access
Question # 104

Which of the following will BEST mitigate the risk associated with IT and business misalignment?

A.

Establishing business key performance indicators (KPIs)

B.

Introducing an established framework for IT architecture

C.

Establishing key risk indicators (KRIs)

D.

Involving the business process owner in IT strategy

Full Access
Go to page: