CRISC FULL 400 PRACTICE EXAM QUESTIONS WITH SOLUTIONS|82 Pages

A business case developed to support risk mitigation efforts for a complex application development project should be retained until: A. the project is approved. B. user acceptance of the application. C. the application is deployed. D. the application's end of life - D;A business impact analysis (BIA) is PRIMARILY used to: A. estimate the resources required to resume and return to normal operations after a disruption. B. evaluate the impact of a disruption to an enterprise's ability to operate over time. C. calculate the likelihood and impact of known threats on specific functions. D. evaluate high-level business requirements. - B;A chief information security officer (CISO) has recommended several controls such as anti-malware to protect the enterprise's information systems. Which approach to handling risk is the CIsa recommending? A. Risk transference B. Risk mitigation C. Risk acceptance D. Risk avoidance - B;A company has set the unacceptable error level at 10 percent. Which of the following tools can be used to trigger a warning when the error level reaches eight percent? A. A fault tree analysis B. Statistical process control (SPC) C. A key performance indicator (KPI) D. A failure modes and effects analysis (FMEA) - C;A company is confident about the state of its organizational security and compliance program. Many improvements