CRISC Questions With Answers 100%
Correct
Which of the following is the MOST important requirement for setting up an information
security infrastructure for a new system?
A. Performing a BIA
B. Considering personal devices as part of the security policy
C. Basing the information security infrastructure on a risk assessment
D. Initiating IT security training and familiarization C. The information security
infrastructure should be based on a risk assessment
The MAIN objective of IT risk management is to:
A. prevent loss of IT assets
B. provide timely management reports
C. ensure regulatory compliance
D. enable risk-aware business decisions D. IT risk management should be conducted as
part of enterprise risk management (ERM), the ultimate objective of which is to enable risk-
aware business decisions
, CRISC Questions With Answers 100%
Correct
Which of the following is the PRIMARY reason that a risk practitioner determines the security
boundary prior to conducting a risk assessment?
A. To determine which laws and regulations apply
B. To determine the scope of the risk assessment
C. To determine the business owner(s) of the system
D. To decide between conducting a quantitative or qualitative analysis B. The primary
reason for determining the security boundary is to establish what systems and components are
included in the risk assessment
The PRIMARY advantage of creating and maintaining a risk register is to:
A. ensure than an inventory of potential risk is maintained
B. record all risk scenarios considered during the risk identification process
C. collect similar data on all risk identified within the organization
D. run reports based on various risk scenarios A. Once important assets and the risk that
may impact these assets are identified, the risk register is used as an inventory of that risk. The
, CRISC Questions With Answers 100%
Correct
risk register can help enterprises accelerate their risk decision making and establish
accountability for specific risk
The board of directors of a one-year-old start-up company has asked their CIO to create all of the
enterprise's IT policies and procedures. Which of the following should the CIO create FIRST?
A. The strategic IT plan
B. The data classification scheme
C. The information architecture document
D. The technology infrastructure plan A. The strategic IT plan is the first policy to be
created when setting up an enterprise's governance model
A BIA is primarily used to:
A. estimate the resources required to resume and return to normal operations after a disruption
B. evaluate the impact of a disruption to an enterprise's ability to operate over time
C. calculate the likelihood and impact of known threats on specific functions
D. evaluate high-level business requirements B
, CRISC Questions With Answers 100%
Correct
Which of the following is the BIGGEST concern for a CISO regarding interconnections with
systems outside of the enterprise?
A. Requirements to comply with each other's contractual security requirements
B. Uncertainty that the other system will be available as needed
C. The ability to perform risk assessments on the other system
D. Ensuring that communication between the two systems is encrypted through a VPN A
Which of the following BEST determines compliance with the risk appetite of an enterprise?
A. Balance between preventive and detective controls
B. Inherent risk and acceptable risk level
C. Residual risk level and acceptable risk level
D. Balance between countermeasures and preventive controls C
Risk scenarios should be created primarily based on which of the following:
Correct
Which of the following is the MOST important requirement for setting up an information
security infrastructure for a new system?
A. Performing a BIA
B. Considering personal devices as part of the security policy
C. Basing the information security infrastructure on a risk assessment
D. Initiating IT security training and familiarization C. The information security
infrastructure should be based on a risk assessment
The MAIN objective of IT risk management is to:
A. prevent loss of IT assets
B. provide timely management reports
C. ensure regulatory compliance
D. enable risk-aware business decisions D. IT risk management should be conducted as
part of enterprise risk management (ERM), the ultimate objective of which is to enable risk-
aware business decisions
, CRISC Questions With Answers 100%
Correct
Which of the following is the PRIMARY reason that a risk practitioner determines the security
boundary prior to conducting a risk assessment?
A. To determine which laws and regulations apply
B. To determine the scope of the risk assessment
C. To determine the business owner(s) of the system
D. To decide between conducting a quantitative or qualitative analysis B. The primary
reason for determining the security boundary is to establish what systems and components are
included in the risk assessment
The PRIMARY advantage of creating and maintaining a risk register is to:
A. ensure than an inventory of potential risk is maintained
B. record all risk scenarios considered during the risk identification process
C. collect similar data on all risk identified within the organization
D. run reports based on various risk scenarios A. Once important assets and the risk that
may impact these assets are identified, the risk register is used as an inventory of that risk. The
, CRISC Questions With Answers 100%
Correct
risk register can help enterprises accelerate their risk decision making and establish
accountability for specific risk
The board of directors of a one-year-old start-up company has asked their CIO to create all of the
enterprise's IT policies and procedures. Which of the following should the CIO create FIRST?
A. The strategic IT plan
B. The data classification scheme
C. The information architecture document
D. The technology infrastructure plan A. The strategic IT plan is the first policy to be
created when setting up an enterprise's governance model
A BIA is primarily used to:
A. estimate the resources required to resume and return to normal operations after a disruption
B. evaluate the impact of a disruption to an enterprise's ability to operate over time
C. calculate the likelihood and impact of known threats on specific functions
D. evaluate high-level business requirements B
, CRISC Questions With Answers 100%
Correct
Which of the following is the BIGGEST concern for a CISO regarding interconnections with
systems outside of the enterprise?
A. Requirements to comply with each other's contractual security requirements
B. Uncertainty that the other system will be available as needed
C. The ability to perform risk assessments on the other system
D. Ensuring that communication between the two systems is encrypted through a VPN A
Which of the following BEST determines compliance with the risk appetite of an enterprise?
A. Balance between preventive and detective controls
B. Inherent risk and acceptable risk level
C. Residual risk level and acceptable risk level
D. Balance between countermeasures and preventive controls C
Risk scenarios should be created primarily based on which of the following:
