CRISC無料問題集「ISACA Certified in Risk and Information Systems Control」

質問 1

Which of the following is the BEST risk management approach for the strategic IT planning process?

（A）The IT strategic plan is reviewed by the chief information security officer (CISO) and enterprise risk management (ERM).

（B）Key performance indicators (KPIs) are established to track IT strategic initiatives.

（C）Risk scenarios associated with IT strategic initiatives are identified and assessed.

（D）The IT strategic plan is developed from the organization-wide risk management plan.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Which of the following is MOST important for an organization to update following a change in legislation requiring notification to individuals impacted by data breaches?

（A）Risk appetite and tolerance

（B）Insurance coverage

（C）Policies and standards

（D）Security awareness training

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

What is the PRIMARY purpose of a business impact analysis (BIA)?

（A）To determine the likelihood and impact of threats to business operations

（B）To estimate resource requirements for related business processes

（C）To identify important business processes in the organization

（D）To evaluate the priority of business operations in case of disruption

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following is MOST important for a risk practitioner to update when a software upgrade renders an existing key control ineffective?

（A）Risk profile

（B）Change control documentation

（C）Audit engagement letter

（D）IT risk register

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which of the following would MOST effectively reduce risk associated with an increase of online transactions on a retailer website?

（A）Website activity monitoring

（B）Scalable infrastructure

（C）A hot backup site

（D）Transaction limits

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Which of the following is the MOST effective way to validate organizational awareness of cybersecurity risk?

（A）Conducting security awareness training

（B）Updating the information security policy

（C）Requiring two-factor authentication

（D）Implementing mock phishing exercises

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which of the following is MOST important for successful incident response?

（A）The ability to trace the source of the attack

（B）The timeliness of attack recognition

（C）Blocking the attack route immediately

（D）The quantity of data logged by the attack control tools

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following would BEST mitigate an identified risk scenario?

（A）Performing periodic audits

（B）Executing a risk response plan

（C）Conducting awareness training

（D）Establishing an organization's risk tolerance

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following should be the PRIMARY recipient of reports showing the progress of a current IT risk mitigation project?

（A）IT risk manager

（B）Senior management

（C）Project manager

（D）Project sponsor

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which of the following would be the BEST way for a risk practitioner to validate the effectiveness of a patching program?

（A）Review change control board documentation.

（B）Conduct penetration testing.

（C）Conduct vulnerability scans.

（D）Interview IT operations personnel.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

Which of the following should a risk practitioner do FIRST to support the implementation of governance around organizational assets within an enterprise risk management (ERM) program?

（A）Hire experienced and knowledgeable resources.

（B）Schedule internal audits across the business.

（C）Develop a detailed risk profile.

（D）Conduct risk assessments across the business.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

Which of the following is MOST helpful to understand the consequences of an IT risk event?

（A）Business impact analysis (BIA)

（B）Fault tree analysis

（C）Historical trend analysis

（D）Root cause analysis

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

When reviewing a risk response strategy, senior management's PRIMARY focus should be placed on the:

（A）alignment with risk appetite.

（B）key performance indicators (KPIs).

（C）investment portfolio.

（D）cost-benefit analysis.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

A risk practitioner has been notified that an employee sent an email in error containing customers' personally identifiable information (Pll). Which of the following is the risk practitioner's BEST course of action?

（A）Advise the employee to forward the email to the phishing team.

（B）Report it to the chief risk officer.

（C）follow incident reporting procedures.

（D）Advise the employee to permanently delete the email.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

When collecting information to identify IT-related risk, a risk practitioner should FIRST focus on IT:

（A）process maps.

（B）security policies

（C）risk appetite.

（D）risk tolerance level

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CRISC 無料問題集「ISACA Certified in Risk and Information Systems Control」

弊社を連絡する

関連リンク

トップ試験