CRISC Questions With Answers 100%
Correct
What do different risk scenarios on the same bands/curve on a risk map indicate? All risk
scenarios on the same curve of a risk map have the same level of risk.
Update the risk register with the results of the risk assessment
Risk Register A listing of all risks identified for the enterprise
Risk indicators A metric capable of showing that the enterprise is subject to, or has a high
probability of being subject to, a risk that exceeds the defined risk appetite
Elements of a risk register a summarized account of the assessment process and is updated
at regularly, including upon completion of the risk assessment
Risk appetite and tolerance can change for a variety of reasons. This change can in turn
necessitate updates to the risk register.
, CRISC Questions With Answers 100%
Correct
common element between Risk assessment standards, frameworks and techniques an
emphasis on ensuring that risk is appropriately documented in order to convey the current state.
risk register a living document that needs to be continuously updated with new data
data you would update in a risk register emerging risk
changes in existing risk
resolution or completion of a risk response
status updates
changes in risk ownership and accountability
CIA Triad • Confidentiality: Pertains to the requirement to maintain the secrecy and
privacy of data
• Integrity: The guarding against improper information modification, exclusion or destruction;
includes ensuring information nonrepudiation and authenticity
• Availability: Availability refers to ensuring timely and reliable access to and use of information
, CRISC Questions With Answers 100%
Correct
Segregation of duties principle of ensuring that no one person controls an entire
transaction or operation that could result in fraudulent acts or errors
Job rotation the process of cross-training and developing personnel with various skills that
can step in where needed
Mandatory vacation used in some organizations as a means to deter and detect fraud; these
are often required by law
Secure state Consistent protection of a process to ensure that there is no time during a
process in which data or a system are vulnerable
the challenge of managing access control One of the most critical risks associated with
information systems
True or False.
Risk is often caused through misuse of access. True.
, CRISC Questions With Answers 100%
Correct
Especially in cases where an individual has a level of access that is not appropriate for his or her
current job responsibilities.
Access control is usually addressed through The IAAA Model
About IAAA Model Identification - unique identification of each person or process that
uses a system allows tracking and logging of the activity by the user and the possibility to
investigate a problem if it were to arise
Authentication - process of validating an identity. After a person or process has claimed or stated
his/her identity, the process of authentication verifies that the person is who they say they are.
Authorization - the privileges or permissions the person will have, including read-only, write-
only, read/write, create, update, delete, full control, etc. This is where the concept of least
privilege applies.
Accountability - logs or records all activity on a system and indicates the user ID responsible for
the activity.
Define IDENTITY MANAGEMENT the process of managing the identities of the entities
(users, processes, etc.) that require access to information or information systems.
Correct
What do different risk scenarios on the same bands/curve on a risk map indicate? All risk
scenarios on the same curve of a risk map have the same level of risk.
Update the risk register with the results of the risk assessment
Risk Register A listing of all risks identified for the enterprise
Risk indicators A metric capable of showing that the enterprise is subject to, or has a high
probability of being subject to, a risk that exceeds the defined risk appetite
Elements of a risk register a summarized account of the assessment process and is updated
at regularly, including upon completion of the risk assessment
Risk appetite and tolerance can change for a variety of reasons. This change can in turn
necessitate updates to the risk register.
, CRISC Questions With Answers 100%
Correct
common element between Risk assessment standards, frameworks and techniques an
emphasis on ensuring that risk is appropriately documented in order to convey the current state.
risk register a living document that needs to be continuously updated with new data
data you would update in a risk register emerging risk
changes in existing risk
resolution or completion of a risk response
status updates
changes in risk ownership and accountability
CIA Triad • Confidentiality: Pertains to the requirement to maintain the secrecy and
privacy of data
• Integrity: The guarding against improper information modification, exclusion or destruction;
includes ensuring information nonrepudiation and authenticity
• Availability: Availability refers to ensuring timely and reliable access to and use of information
, CRISC Questions With Answers 100%
Correct
Segregation of duties principle of ensuring that no one person controls an entire
transaction or operation that could result in fraudulent acts or errors
Job rotation the process of cross-training and developing personnel with various skills that
can step in where needed
Mandatory vacation used in some organizations as a means to deter and detect fraud; these
are often required by law
Secure state Consistent protection of a process to ensure that there is no time during a
process in which data or a system are vulnerable
the challenge of managing access control One of the most critical risks associated with
information systems
True or False.
Risk is often caused through misuse of access. True.
, CRISC Questions With Answers 100%
Correct
Especially in cases where an individual has a level of access that is not appropriate for his or her
current job responsibilities.
Access control is usually addressed through The IAAA Model
About IAAA Model Identification - unique identification of each person or process that
uses a system allows tracking and logging of the activity by the user and the possibility to
investigate a problem if it were to arise
Authentication - process of validating an identity. After a person or process has claimed or stated
his/her identity, the process of authentication verifies that the person is who they say they are.
Authorization - the privileges or permissions the person will have, including read-only, write-
only, read/write, create, update, delete, full control, etc. This is where the concept of least
privilege applies.
Accountability - logs or records all activity on a system and indicates the user ID responsible for
the activity.
Define IDENTITY MANAGEMENT the process of managing the identities of the entities
(users, processes, etc.) that require access to information or information systems.
