CRISC Exam Questions With Answers 100%
Correct
Which framework is developed by ISACA and integrates other frameworks?
a) (Val) IT
b) IT Assurance Framework (ITAF)
c) COBIT 5
d) Risk IT c. COBIT 5
What are the 3 domains of ISACA's Risk IT Framework? Risk Governance (RG), Risk
Evaluation (RE), Risk Response (RR)
What are the tenets of risk management? confidentiality, integrity, and availability
Which legal act requires U.S. Federal Govt agencies to establish an information security
program? Federal Information Security Management Act (FISMA)
What is the Gramm-Leach-Bliley Act (GLBA) GLBA requires periodic risk analysis
performed on processes that deal with nonpublic financial information and personal financial
data.
,CRISC Exam Questions With Answers 100%
Correct
The Risk Governance (RG) domain of the Risk IT framework is comprised of what 3 processes?
RG1: Establish and maintain a common risk view
RG2: Integrate with ERM
RG3: Make risk-aware business decisions
The Risk Evaluation (RE) domain of the Risk IT framework is comprised of what 3 processes?
RE1: Collect Data
RE2: Analyze Risk
RE3: Maintain risk profile
The Risk Response (RR) domain of the Risk IT framework is comprised of what 3 processes?
RR1: Articulate risk
RR2: Manage risk
RR3: React to events
What is a threat agent? The entity causing or enacting a threat against a vulnerability.
, CRISC Exam Questions With Answers 100%
Correct
What is the simple risk formula? threats x vulnerabilities = risk
What are the key areas of concern for emerging technologies? Interoperability and
Compatibility
What are the 5 components of a risk scenario? 1) Threat agent
2) Threat
3) Asset
4) Vulnerability
5) Time/location
Describe the bottom-up approach to risk scenario generation Look at all potential
scenarios beginning with what asset, process, or area of concern the risk scenarios might affect.
Describe the top-down approach to risk scenario generation Develop risk scenarios from a
specific business objective perspective
What document would list the different risk scenarios? The risk register could include:
Correct
Which framework is developed by ISACA and integrates other frameworks?
a) (Val) IT
b) IT Assurance Framework (ITAF)
c) COBIT 5
d) Risk IT c. COBIT 5
What are the 3 domains of ISACA's Risk IT Framework? Risk Governance (RG), Risk
Evaluation (RE), Risk Response (RR)
What are the tenets of risk management? confidentiality, integrity, and availability
Which legal act requires U.S. Federal Govt agencies to establish an information security
program? Federal Information Security Management Act (FISMA)
What is the Gramm-Leach-Bliley Act (GLBA) GLBA requires periodic risk analysis
performed on processes that deal with nonpublic financial information and personal financial
data.
,CRISC Exam Questions With Answers 100%
Correct
The Risk Governance (RG) domain of the Risk IT framework is comprised of what 3 processes?
RG1: Establish and maintain a common risk view
RG2: Integrate with ERM
RG3: Make risk-aware business decisions
The Risk Evaluation (RE) domain of the Risk IT framework is comprised of what 3 processes?
RE1: Collect Data
RE2: Analyze Risk
RE3: Maintain risk profile
The Risk Response (RR) domain of the Risk IT framework is comprised of what 3 processes?
RR1: Articulate risk
RR2: Manage risk
RR3: React to events
What is a threat agent? The entity causing or enacting a threat against a vulnerability.
, CRISC Exam Questions With Answers 100%
Correct
What is the simple risk formula? threats x vulnerabilities = risk
What are the key areas of concern for emerging technologies? Interoperability and
Compatibility
What are the 5 components of a risk scenario? 1) Threat agent
2) Threat
3) Asset
4) Vulnerability
5) Time/location
Describe the bottom-up approach to risk scenario generation Look at all potential
scenarios beginning with what asset, process, or area of concern the risk scenarios might affect.
Describe the top-down approach to risk scenario generation Develop risk scenarios from a
specific business objective perspective
What document would list the different risk scenarios? The risk register could include:
