CRIS Exam QUESTIONS WITH CORRECT |\ |\ |\ |\ |\
ANSWERS
Which of the following is MOST important to determine when
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
defining risk management strategies? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\
✔✔Business objectives and operations. |\ |\ |\
While defining risk management strategies, the risk practitioner
|\ |\ |\ |\ |\ |\ |\ |\
needs to analyze the enterprise's objectives and risk tolerance
|\ |\ |\ |\ |\ |\ |\ |\ |\
and define a risk management framework based on this analysis.
|\ |\ |\ |\ |\ |\ |\ |\ |\
Some enterprises may accept known risk, while others may
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
invest in and apply mitigating controls to reduce risk.
|\ |\ |\ |\ |\ |\ |\ |\
Management wants to ensure that IT is successful in delivering |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
against business requirements. Which of the following BEST
|\ |\ |\ |\ |\ |\ |\ |\
supports that effort? - CORRECT ANSWERS ✔✔An internal control
|\ |\ |\ |\ |\ |\ |\ |\ |\
system or framework. |\ |\
For IT to be successful in delivering against business
|\ |\ |\ |\ |\ |\ |\ |\ |\
requirements, management should develop an internal control |\ |\ |\ |\ |\ |\ |\
system that supports its business requirements.
|\ |\ |\ |\ |\
Which of the following risk assessment outputs is MOST suitable
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to help justify an enterprise information security program? -
|\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔A list of appropriate controls for
|\ |\ |\ |\ |\ |\ |\ |\
addressing risk. |\
,A list of information security controls corresponding to risk
|\ |\ |\ |\ |\ |\ |\ |\ |\
scenarios identified during risk assessment is one of the primary
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
deliverables of the risk assessment exercise. The list |\ |\ |\ |\ |\ |\ |\ |\
demonstrates due consideration of risk and applicable controls to |\ |\ |\ |\ |\ |\ |\ |\
address the risk and therefore helps justify a program predicated
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
on risk mitigation.
|\ |\ |\
Whether a risk has been reduced to an acceptable level should
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
be determined by: - CORRECT ANSWERS ✔✔Enterprise
|\ |\ |\ |\ |\ |\ |\
requirements.
Enterprise requirements as dictated by enterprise goals and
|\ |\ |\ |\ |\ |\ |\ |\
objectives should determine when a risk has been reduced to an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
acceptable level. Information systems and security requirements
|\ |\ |\ |\ |\ |\ |\
and standards may help inform enterprise requirements, but in
|\ |\ |\ |\ |\ |\ |\ |\ |\
themselves lack the critical context of enterprise business goals. |\ |\ |\ |\ |\ |\ |\ |\
Commitment and support of senior management for information |\ |\ |\ |\ |\ |\ |\ |\
security investment can BEST be accomplished by a business
|\ |\ |\ |\ |\ |\ |\ |\ |\
case that: - CORRECT ANSWERS ✔✔Ties security risk to
|\ |\ |\ |\ |\ |\ |\ |\ |\
enterprise business objectives. |\ |\
Senior management seeks to understand the business
|\ |\ |\ |\ |\ |\ |\
justification for investing in security. This can best be |\ |\ |\ |\ |\ |\ |\ |\ |\
accomplished by tying security to key business objectives. |\ |\ |\ |\ |\ |\ |\
The PRIMARY reason for developing an enterprise security
|\ |\ |\ |\ |\ |\ |\ |\
architecture is to: - CORRECT ANSWERS ✔✔Align security |\ |\ |\ |\ |\ |\ |\ |\
strategies among the functional areas of an enterprise and
|\ |\ |\ |\ |\ |\ |\ |\ |\
external entities. |\ |\
, The enterprise security architecture must align strategies and
|\ |\ |\ |\ |\ |\ |\ |\
objectives of diverse functional areas within the enterprise,
|\ |\ |\ |\ |\ |\ |\ |\
optimize the flow of information within an enterprise, and support
|\ |\ |\ |\ |\ |\ |\ |\ |\
all required communication with external partners, customers
|\ |\ |\ |\ |\ |\ |\ |\
and suppliers. |\
Which of the following signifies the need to review an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
enterprise's risk practices? - CORRECT ANSWERS ✔✔Business |\ |\ |\ |\ |\ |\ |\
owners regularly challenge risk assessment findings.
|\ |\ |\ |\ |\ |\
An enterprise's risk management practices must be clearly
|\ |\ |\ |\ |\ |\ |\ |\
understood and supported by business stakeholders. This |\ |\ |\ |\ |\ |\ |\
principle must be documented in the enterprise's risk
|\ |\ |\ |\ |\ |\ |\ |\
management policy/framework/plan with senior management |\ |\ |\ |\ |\
approval and direction. Business owners who challenge the risk
|\ |\ |\ |\ |\ |\ |\ |\ |\
assessment findings either do not support the findings or do not
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
understand them clearly. |\ |\
Which of the following choices should drive the IT plan? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Strategic planning and business
|\ |\ |\ |\ |\ |\
requirements.
IT exists to support business objectives. Management of
|\ |\ |\ |\ |\ |\ |\ |\
enterprise IT should align the IT plan closely with the business.
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
The GREATEST risk posed by an absence of strategic planning is:
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- CORRECT ANSWERS ✔✔Improper oversight of IT investment.
|\ |\ |\ |\ |\ |\ |\ |\
ANSWERS
Which of the following is MOST important to determine when
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
defining risk management strategies? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\
✔✔Business objectives and operations. |\ |\ |\
While defining risk management strategies, the risk practitioner
|\ |\ |\ |\ |\ |\ |\ |\
needs to analyze the enterprise's objectives and risk tolerance
|\ |\ |\ |\ |\ |\ |\ |\ |\
and define a risk management framework based on this analysis.
|\ |\ |\ |\ |\ |\ |\ |\ |\
Some enterprises may accept known risk, while others may
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
invest in and apply mitigating controls to reduce risk.
|\ |\ |\ |\ |\ |\ |\ |\
Management wants to ensure that IT is successful in delivering |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
against business requirements. Which of the following BEST
|\ |\ |\ |\ |\ |\ |\ |\
supports that effort? - CORRECT ANSWERS ✔✔An internal control
|\ |\ |\ |\ |\ |\ |\ |\ |\
system or framework. |\ |\
For IT to be successful in delivering against business
|\ |\ |\ |\ |\ |\ |\ |\ |\
requirements, management should develop an internal control |\ |\ |\ |\ |\ |\ |\
system that supports its business requirements.
|\ |\ |\ |\ |\
Which of the following risk assessment outputs is MOST suitable
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to help justify an enterprise information security program? -
|\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔A list of appropriate controls for
|\ |\ |\ |\ |\ |\ |\ |\
addressing risk. |\
,A list of information security controls corresponding to risk
|\ |\ |\ |\ |\ |\ |\ |\ |\
scenarios identified during risk assessment is one of the primary
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
deliverables of the risk assessment exercise. The list |\ |\ |\ |\ |\ |\ |\ |\
demonstrates due consideration of risk and applicable controls to |\ |\ |\ |\ |\ |\ |\ |\
address the risk and therefore helps justify a program predicated
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
on risk mitigation.
|\ |\ |\
Whether a risk has been reduced to an acceptable level should
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
be determined by: - CORRECT ANSWERS ✔✔Enterprise
|\ |\ |\ |\ |\ |\ |\
requirements.
Enterprise requirements as dictated by enterprise goals and
|\ |\ |\ |\ |\ |\ |\ |\
objectives should determine when a risk has been reduced to an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
acceptable level. Information systems and security requirements
|\ |\ |\ |\ |\ |\ |\
and standards may help inform enterprise requirements, but in
|\ |\ |\ |\ |\ |\ |\ |\ |\
themselves lack the critical context of enterprise business goals. |\ |\ |\ |\ |\ |\ |\ |\
Commitment and support of senior management for information |\ |\ |\ |\ |\ |\ |\ |\
security investment can BEST be accomplished by a business
|\ |\ |\ |\ |\ |\ |\ |\ |\
case that: - CORRECT ANSWERS ✔✔Ties security risk to
|\ |\ |\ |\ |\ |\ |\ |\ |\
enterprise business objectives. |\ |\
Senior management seeks to understand the business
|\ |\ |\ |\ |\ |\ |\
justification for investing in security. This can best be |\ |\ |\ |\ |\ |\ |\ |\ |\
accomplished by tying security to key business objectives. |\ |\ |\ |\ |\ |\ |\
The PRIMARY reason for developing an enterprise security
|\ |\ |\ |\ |\ |\ |\ |\
architecture is to: - CORRECT ANSWERS ✔✔Align security |\ |\ |\ |\ |\ |\ |\ |\
strategies among the functional areas of an enterprise and
|\ |\ |\ |\ |\ |\ |\ |\ |\
external entities. |\ |\
, The enterprise security architecture must align strategies and
|\ |\ |\ |\ |\ |\ |\ |\
objectives of diverse functional areas within the enterprise,
|\ |\ |\ |\ |\ |\ |\ |\
optimize the flow of information within an enterprise, and support
|\ |\ |\ |\ |\ |\ |\ |\ |\
all required communication with external partners, customers
|\ |\ |\ |\ |\ |\ |\ |\
and suppliers. |\
Which of the following signifies the need to review an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
enterprise's risk practices? - CORRECT ANSWERS ✔✔Business |\ |\ |\ |\ |\ |\ |\
owners regularly challenge risk assessment findings.
|\ |\ |\ |\ |\ |\
An enterprise's risk management practices must be clearly
|\ |\ |\ |\ |\ |\ |\ |\
understood and supported by business stakeholders. This |\ |\ |\ |\ |\ |\ |\
principle must be documented in the enterprise's risk
|\ |\ |\ |\ |\ |\ |\ |\
management policy/framework/plan with senior management |\ |\ |\ |\ |\
approval and direction. Business owners who challenge the risk
|\ |\ |\ |\ |\ |\ |\ |\ |\
assessment findings either do not support the findings or do not
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
understand them clearly. |\ |\
Which of the following choices should drive the IT plan? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Strategic planning and business
|\ |\ |\ |\ |\ |\
requirements.
IT exists to support business objectives. Management of
|\ |\ |\ |\ |\ |\ |\ |\
enterprise IT should align the IT plan closely with the business.
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
The GREATEST risk posed by an absence of strategic planning is:
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- CORRECT ANSWERS ✔✔Improper oversight of IT investment.
|\ |\ |\ |\ |\ |\ |\ |\
