Crisc exam questions Study guides, Class notes & Summaries

RISK MANAGEMENT is... Correct Answer the coordinated activities to direct and control an enterprise with regard to risk Risk Management starts with Correct Answer Understanding the organization which serves the environment or context in which it operates. Assessing an organization's context (environment) includes Correct Answer Evaluating the intent and capability of threats The relative value of, and trust required in, assets (or resources) The respective relationship of vulnerabilitie...

CRISC Exam Questions and Answers 100% Pass FMEA - Answer- failure modes effects analysis BPM - Answer- business process modeling SPC - Answer- statistical process control cusum - Answer- cumulative summary. each value is added for a cummulative total. EL - Answer- expected loss BCP - Answer- business continuity planning CSF - Answer- critical success factor ERM - Answer- enterprise risk management RCSA - Answer- risk control self assessment COSO - Answer- committee of sponsoring organi...

How many steps in NIST RMF? Correct Answer 6 Name steps of the NIST RMF Correct Answer 1) Categorize Info Systems 2) Select Security Controls 3) Implement Security Controls 4) Assess Security Controls 5) Authorize Info Systems 6) Monitor Security Controls What are the layers of COBIT? Correct Answer Governance and Management What are the Management layers of COBIT? Correct Answer 1) Align, Plan, and Organize 2) Build, Acquire, and Implement 3) Deliver, Service, and Support 4) Mo...

CRISC EXAM QUESTIONS WITH VERIFIED ANSWERS What is the primary force for driving privacy? What is Confidentiality? What is Integrity? What is Availability? What is the order of Information Security Risk Management Process steps? What does the Risk Identification Process involve? What are examples of Threats? The IT risk action plan is an output communication from? What is risk Magnitude? What are synonyms for Frequency and Magnitude? What is Risk Appetite? Wha...

What is the difference between a standard and a policy? Correct Answer Standard = A mandatory action, explicit rules, controls or configuration settings that are designed to support and conform to a policy. A standard should make a policy more meaningful and effective by including accepted specifications for hardware, software or behavior. Standards should always point to the policy to which they relate. Policy = IT policies help organizations to properly articulate the organization's desired ...

CRISC Exam Questions and correct Answers How many steps in NIST RMF? Name steps of the NIST RMF What are the layers of COBIT? What are the Management layers of COBIT? What are the layers of ISACA Risk IT Framework? What are the levels of SDLC? What does SDLC stand for? What is the NIST Business Continuity Document? " What components of risk do Risk Scenarios include? They leave off likelihood and impact What elements should a Risk Register include? Which pub...

Which of the following is the MOST important reason for conducting security awareness programs throughout an enterprise? A. Reducing the risk of a social engineering attack B. Training personnel in security incident response C. Informing business units about the security strategy D. Maintaining evidence of training records to ensure compliance - ANS - A Which of the following is MOST important to determine when defining risk management strategies? A. Risk assessment criteria B. IT arch...

CRISC Exam Questions and complete solutions What is the difference between a standard and a policy? What are the 4 risk elements? Describe risk appetite vs. risk tollerance Name the 6 steps of the NIST Risk Management Framework (RMF) Which framework is developed by ISACA and integrates other frameworks? What are the 3 domains of ISACA's Risk IT Framework? What are the tenets of risk management? Which legal act requires U.S. Federal Govt agencies to establish an information s...

What is the primary force for driving privacy? - ANS - Regulation What is Confidentiality? - ANS - Maintains the secrecy and privacy of data "need to know / least privilege" What is Integrity? - ANS - Guarding against improper information modification, exclusion, or destruction "authenticity" What is Availability? - ANS - Providing timely and reliable access to information What is the order of Information Security Risk Management Process steps? - ANS - 1) Context Establishment 2) Ri...

CRISC FULL EXAM QUESTIONS AND ANSWERS