CRISC UPDATED ACTUAL Questions and CORRECT Answers
1. How many steps 6
in NIST RMF?
2. Name steps of 1) Categorize Info Systems
the NIST RMF 2) Select Security Controls
3) Implement Security Controls
4) Assess Security Controls
5) Authorize Info Systems
6) Monitor Security Controls
3. What are the lay- Governance and Management
ers of COBIT?
4. What are 1) Align, Plan, and Organize
the Management 2) Build, Acquire, and Implement
layers of COBIT? 3) Deliver, Service, and Support
4) Monitor, Evaluate, and Assess
5. What are the lay- 1) Risk Governance
ers of ISACA Risk 2) Risk Evaluation
IT Framework? 3) Risk Response
6. What are the lev- 1) Initiation
els of SDLC? 2) Requirements
3) Design
4) Development/Acquisition
5) Implementation
6) Operations/Maintenance
7) Disposal/Retirement
7. What does SDLC Software Development Life Cycle
stand for?
,8. What is the NIST 800-34 "Contingency Planning Guide for Federal Information Systems"
Business Conti-
nuity Document?
9. What compo- 1) Asset
nents of risk do 2)Threat
Risk Scenarios in- 3) Threat Agent
clude? 4) Vulnerability
5) Time/Location
They leave off likelihood and impact
10. What elements 1) Risk factors
should a Risk 2) Threat agents, threats, and vulnerabilities
Register include? 3) Risk scenarios
4) Criticality, severity, or priority of risk
5) Asset information
6) Impact of the risk on an asset
7) Likelihood of the threat exploiting the vulnerability
8) Current status of risk response actions
9) Resources that may be committed to respond to risk
10) Risk ownership information
11) Planned milestones toward risk response
11. Which publica- 800-37
tion contains the
NIST RMF?
12. What are the dis- 1) Prepare for assessment
tinctive process- 2) Conduct assessment
es of the NIST 3) Communicate results
RMF? 4) Maintain assessment
, 13. Who developed Carnegie Mellon University
the OCTAVE
Methodology?
14. What is special Designed for big businesses
about OCTAVE?
15. What sets OC- Includes more business-centered and operation risk approaches
TAVE Allegro
apart?
16. What sets OC- Designed for smaller organizations
TAVE-S apart?
17. What is ISO/IEC It is a basic risk management standard that is totally geared towards Information
27005:2011? Security
18. What is ISO Risk Management - Principles and Guidelines
31000:2009?
19. What is IEC The meat of the risk management part of ISO 31000:2009
31010:2009
20. What are the RE1: Collect Data
three areas of RE2: Analyze Risk
the Risk Evalua- RE3: Maintain Risk Profile
tion portion of
the ISACA Risk Should develop KRI's in RE3
IT Framework,
and what is a
key component
of the last one?
21.
1. How many steps 6
in NIST RMF?
2. Name steps of 1) Categorize Info Systems
the NIST RMF 2) Select Security Controls
3) Implement Security Controls
4) Assess Security Controls
5) Authorize Info Systems
6) Monitor Security Controls
3. What are the lay- Governance and Management
ers of COBIT?
4. What are 1) Align, Plan, and Organize
the Management 2) Build, Acquire, and Implement
layers of COBIT? 3) Deliver, Service, and Support
4) Monitor, Evaluate, and Assess
5. What are the lay- 1) Risk Governance
ers of ISACA Risk 2) Risk Evaluation
IT Framework? 3) Risk Response
6. What are the lev- 1) Initiation
els of SDLC? 2) Requirements
3) Design
4) Development/Acquisition
5) Implementation
6) Operations/Maintenance
7) Disposal/Retirement
7. What does SDLC Software Development Life Cycle
stand for?
,8. What is the NIST 800-34 "Contingency Planning Guide for Federal Information Systems"
Business Conti-
nuity Document?
9. What compo- 1) Asset
nents of risk do 2)Threat
Risk Scenarios in- 3) Threat Agent
clude? 4) Vulnerability
5) Time/Location
They leave off likelihood and impact
10. What elements 1) Risk factors
should a Risk 2) Threat agents, threats, and vulnerabilities
Register include? 3) Risk scenarios
4) Criticality, severity, or priority of risk
5) Asset information
6) Impact of the risk on an asset
7) Likelihood of the threat exploiting the vulnerability
8) Current status of risk response actions
9) Resources that may be committed to respond to risk
10) Risk ownership information
11) Planned milestones toward risk response
11. Which publica- 800-37
tion contains the
NIST RMF?
12. What are the dis- 1) Prepare for assessment
tinctive process- 2) Conduct assessment
es of the NIST 3) Communicate results
RMF? 4) Maintain assessment
, 13. Who developed Carnegie Mellon University
the OCTAVE
Methodology?
14. What is special Designed for big businesses
about OCTAVE?
15. What sets OC- Includes more business-centered and operation risk approaches
TAVE Allegro
apart?
16. What sets OC- Designed for smaller organizations
TAVE-S apart?
17. What is ISO/IEC It is a basic risk management standard that is totally geared towards Information
27005:2011? Security
18. What is ISO Risk Management - Principles and Guidelines
31000:2009?
19. What is IEC The meat of the risk management part of ISO 31000:2009
31010:2009
20. What are the RE1: Collect Data
three areas of RE2: Analyze Risk
the Risk Evalua- RE3: Maintain Risk Profile
tion portion of
the ISACA Risk Should develop KRI's in RE3
IT Framework,
and what is a
key component
of the last one?
21.
