Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

ISACA CRISC Certification Exam Questions and Answers, Exams of Cybercrime, Cybersecurity and Data Privacy

London School of Hygiene & Tropical Medicine (LSHTM)Cybercrime, Cybersecurity and Data Privacy

A set of questions and answers related to the isaca certified in risk and information systems control (crisc) certification exam. The questions cover various aspects of risk management, information security governance, incident response, cost-benefit analysis, and risk calculation. The document aims to help candidates prepare for the crisc exam by providing insights into the types of questions they may encounter and the correct answers. The questions cover a range of topics, including the effectiveness of incident response training, the factors that impact information security governance models, the actions a risk practitioner should take in response to a security breach, the relevant factors to include in a cost-benefit analysis of a two-factor authentication system, and the reasons for not taking further action on a denial-of-service vulnerability. The document also includes a link to a resource that provides preparation tips for the crisc exam.

Typology: Exams

2023/2024

Available from 10/07/2024

DANTUTOR
DANTUTOR 🇬🇧

62 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ISACA Certified in Risk and Information
Systems Control (CRISC) Certification
Exam Question and Answers
01. Which of the following is the BEST indicator that incident response training is
effective?
a) Decreased reporting of security incidents to the response team
b) Increased reporting of security incidents to the response team
c) Decreased number of password resets
d) Increased number of identified system vulnerabilities -
b) Increased reporting of security incidents to the response team
02. Which of the following factors will have the GREATEST impact on the type of
information security governance model that an enterprise adopts?
a) The number of employees
b) The enterprise's budget
c) The organizational structure
d) The type of technology that the enterprise uses -
c) The organizational structure
03. An enterprise learns of a security breach at another entity using similar network
technology. The MOST important action for a risk practitioner is to:
a) Assess the likelihood of the incident occurring at the risk practitioner's enterprise
b) Discontinue the use of the vulnerable technology
c) Report to senior management that the enterprise is not affected
d) Remind staff that no similar security breaches have taken place -
a) Assess the likelihood of the incident occurring at the risk practitioner's enterprise
04. Which of the following is MOST relevant to include in a cost-benefit analysis of a
two-factor authentication system?
a) The approved budget of the project
b) The frequency of incidents
c) The annual loss expectancy of incidents
d) The total cost of ownership -
d) The total cost of ownership
05. A global financial institution has decided not to take any further action on a denial-
of-service vulnerability found by the risk assessment team. The MOST likely reason for
making this decision is that:
pf3

Partial preview of the text

Download ISACA CRISC Certification Exam Questions and Answers and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

ISACA Certified in Risk and Information

Systems Control (CRISC) Certification

Exam Question and Answers

  1. Which of the following is the BEST indicator that incident response training is effective? a) Decreased reporting of security incidents to the response team b) Increased reporting of security incidents to the response team c) Decreased number of password resets d) Increased number of identified system vulnerabilities - b) Increased reporting of security incidents to the response team
  2. Which of the following factors will have the GREATEST impact on the type of information security governance model that an enterprise adopts? a) The number of employees b) The enterprise's budget c) The organizational structure d) The type of technology that the enterprise uses - c) The organizational structure
  3. An enterprise learns of a security breach at another entity using similar network technology. The MOST important action for a risk practitioner is to: a) Assess the likelihood of the incident occurring at the risk practitioner's enterprise b) Discontinue the use of the vulnerable technology c) Report to senior management that the enterprise is not affected d) Remind staff that no similar security breaches have taken place - a) Assess the likelihood of the incident occurring at the risk practitioner's enterprise
  4. Which of the following is MOST relevant to include in a cost-benefit analysis of a two-factor authentication system? a) The approved budget of the project b) The frequency of incidents c) The annual loss expectancy of incidents d) The total cost of ownership - d) The total cost of ownership
  5. A global financial institution has decided not to take any further action on a denial- of-service vulnerability found by the risk assessment team. The MOST likely reason for making this decision is that:

a) The needed countermeasure is too complicated to deploy b) There are sufficient safeguards in place to prevent this risk from happening c) The likelihood of the risk occurring is unknown d) The cost of countermeasure outweighs the value of the asset and potential loss - d) The cost of countermeasure outweighs the value of the asset and potential loss To get preparation tips for ISACA CRISC Exam: - Click Here: https://crisc-preparation-guide.tumblr.com/

  1. Which of the following examples includes ALL required components of a risk calculation? a) Over the next quarter, it is estimated that there is a 30 percent chance of two projects failing to meet a contract deadline, resulting in a US $500,000 fine related to breach of service level agreements b) Security experts believe that if a system is compromised, it will result in the loss of US $15 million in lost contracts c) The likelihood of disk corruption resulting from a single event of uncontrolled system power failure is estimated by engineers to be 15 percent d) The impact to security of a business line of a malware-related workstation event is estimated to be low - a) Over the next quarter, it is estimated that there is a 30 percent chance of two projects failing to meet a contract deadline, resulting in a US $500,000 fine related to breach of service level agreements
  2. Which of the following is MOST useful in developing a series of recovery time objectives? a) Regression analysis b) Risk analysis c) Gap analysis d) Business impact analysis - d) Business impact analysis
  3. In an operational review of the processing environment, which indicator would be MOST beneficial? a) User satisfaction b) Audit findings c) Regulatory changes d) Management changes - a) User satisfaction