CRISC無料問題集「ISACA Certified in Risk and Information Systems Control」

質問 1

An assessment of information security controls has identified ineffective controls. Which of the following should be the risk practitioner's FIRST course of action?

（A）Report the ineffective control for inclusion in the next audit report.

（B）Request a formal acceptance of risk from senior management.

（C）Deploy a compensating control to address the identified deficiencies.

（D）Determine whether the impact is outside the risk appetite.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An organization is planning to move its application infrastructure from on-premises to the cloud. Which of the following is the BEST course of the actin to address the risk associated with data transfer if the relationship is terminated with the vendor?

（A）Ensure the language in the contract explicitly states who is accountable for each step of the data transfer process

（B）Meet with the business leaders to ensure the classification of their transferred data is in place

（C）Collect requirements for the environment to ensure the infrastructure as a service (IaaS) is configured appropriately.

（D）Work closely with the information security officer to ensure the company has the proper security controls in place.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

An organization's IT department wants to complete a proof of concept (POC) for a security tool. The project lead has asked for approval to use the production data for testing purposes as it will yield the best results.
Which of the following is the risk practitioner's BEST recommendation?

（A）Benchmark against what peer organizations are doing with POC testing environments.

（B）Accept the risk of using the production data to ensure accurate results.

（C）Assess the risk of using production data for testing before making a decision.

（D）Deny the request, as production data should not be used for testing purposes.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

An organization is outsourcing a key database to be hosted by an external service provider. Who is BEST suited to assess the impact of potential data loss?

（A）Database manager

（B）Business manager

（C）Public relations manager

（D）Data privacy manager

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which of the following should be the PRIMARY driver for the prioritization of risk responses?

（A）Risk appetite

（B）Mitigation cost

（C）Inherent risk

（D）Residual risk

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Recovery the objectives (RTOs) should be based on

（A）maximum tolerable downtime.

（B）maximum tolerable loss of data

（C）minimum tolerable loss of data.

（D）minimum tolerable downtime

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which of the following should be of GREATEST concern when reviewing the results of an independent control assessment to determine the effectiveness of a vendor's control environment?

（A）The risk associated with multiple control gaps was accepted.

（B）The control owners disagreed with the auditor's recommendations.

（C）The report was provided directly from the vendor.

（D）The controls had recurring noncompliance.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Who is BEST suited to provide information to the risk practitioner about the effectiveness of a technical control associated with an application?

（A）Risk owner

（B）Internal auditor

（C）System owner

（D）Process owner

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following would BEST help to ensure that suspicious network activity is identified?

（A）Analyzing intrusion detection system (IDS) logs

（B）Coordinating events with appropriate agencies

（C）Using a third-party monitoring provider

（D）Analyzing server logs

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which of the following presents the GREATEST challenge for an IT risk practitioner who wants to report on trends in historical IT risk levels?

（A）Changes in owners for identified IT risk scenarios

（B）Changes in methods used to calculate probability

（C）Frequent use of risk acceptance as a treatment option

（D）Qualitative measures for potential loss events

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

What should be the PRIMARY driver for periodically reviewing and adjusting key risk indicators (KRIs)?

（A）Risk impact

（B）Control self-assessments (CSAs)

（C）Risk likelihood

（D）Risk appropriate

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

Which of the following is MOST helpful to review when identifying risk scenarios associated with the adoption of Internet of Things (loT) technology in an organization?

（A）The network that loT devices can access

（B）The loT threat landscape

（C）The business case for the use of loT

（D）Policy development for loT

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following is the BEST indication that key risk indicators (KRIs) should be revised?

（A）An increase in the number of change events pending management review

（B）A decrease in the number of key performance indicators (KPIs)

（C）A decrease in the number of critical assets covered by risk thresholds

（D）An increase in the number of risk threshold exceptions

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CRISC 無料問題集「ISACA Certified in Risk and Information Systems Control」

弊社を連絡する

関連リンク

トップ試験