CRISC無料問題集「ISACA Certified in Risk and Information Systems Control」

質問 1

Which of the following is the MOST effective key performance indicator (KPI) for change management?

（A）Number of changes implemented

（B）Percentage of successful changes

（C）Average time required to implement a change

（D）Percentage of changes with a fallback plan

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Which of the following provides the MOST useful information when developing a risk profile for management approval?

（A）Effectiveness and efficiency of controls

（B）Inherent risk and risk tolerance

（C）Strength of detective and preventative controls

（D）Residual risk and risk appetite

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

An IT risk threat analysis is BEST used to establish

（A）risk appetite

（B）risk maps

（C）risk ownership.

（D）risk scenarios

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following is MOST useful for measuring the existing risk management process against a desired state?

（A）Capability maturity model

（B）Risk management framework

（C）Balanced scorecard

（D）Risk scenario analysis

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

The PRIMARY purpose of IT control status reporting is to:

（A）assist internal audit in evaluating and initiating remediation efforts.

（B）ensure compliance with IT governance strategy.

（C）benchmark IT controls with Industry standards.

（D）facilitate the comparison of the current and desired states.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Improvements in the design and implementation of a control will MOST likely result in an update to:

（A）risk appetite

（B）risk tolerance

（C）residual risk.

（D）inherent risk.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A risk practitioner has been notified of a social engineering attack using artificial intelligence (Al) technology to impersonate senior management personnel. Which of the following would BEST mitigate the impact of such attacks?

（A）Subscription to data breach monitoring sites

（B）Suspension and takedown of malicious domains or accounts

（C）Training and awareness of employees for increased vigilance

（D）Increased monitoring of executive accounts

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following is a KEY responsibility of the second line of defense?

（A）Owning risk scenarios

（B）Conducting control self-assessments

（C）Monitoring control effectiveness

（D）Implementing control activities

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following poses the GREATEST risk to an organization's operations during a major it transformation?

（A）Lack of robust awareness programs

（B）Unavailability of critical IT systems

（C）infrequent risk assessments of key controls

（D）Rapid changes in IT procedures

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A risk practitioner has observed that there is an increasing trend of users sending sensitive information by email without using encryption. Which of the following would be the MOST effective approach to mitigate the risk associated with data loss?

（A）Implement a progressive disciplinary process for email violations.

（B）Implement a tool to create and distribute violation reports

（C）Block unencrypted outgoing emails which contain sensitive data.

（D）Raise awareness of encryption requirements for sensitive data.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

In an organization with a mature risk management program, which of the following would provide the BEST evidence that the IT risk profile is up to date?

（A）Compliance manual

（B）Management assertion

（C）Risk questionnaire

（D）Risk register

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

（A）Chief information officer (CIO)

（B）Chief risk officer (CRO)

（C）Human resources manager (HRM)

（D）Business continuity manager (BCM)

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

A risk practitioner has been asked to evaluate the adoption of a third-party blockchain integration platform based on the value added by the platform and the organization's risk appetite. Which of the following is the risk practitioner's BEST course of action?

（A）Conduct a risk assessment with stakeholders.

（B）Conduct third-party resilience tests.

（C）Update the risk register with the process changes.

（D）Review risk related to standards and regulations.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CRISC 無料問題集「ISACA Certified in Risk and Information Systems Control」

弊社を連絡する

関連リンク

トップ試験