CRISC試験無料問題集「ISACA Certified in Risk and Information Systems Control 認定」

A. Internal audit findings

B. Risk assessment results

C. Relevant risk case studies

D. Penetration testing results

A. Tokenized personal data only in test environments

B. Data loss prevention tools (DLP) installed in passive mode

C. Multi-factor authentication for access to non-production environments

D. Anonymized personal data in non-production environments

A. The percentage of systems with long recovery target times has decreased.

B. The number of systems requiring a recovery plan has increased.

C. The percentage of systems meeting recovery target times has increased.

D. The number of systems tested in the last year has increased.

A. Evaluate alternative controls.

B. Define a process for monitoring risk.

C. Redefine the business process to reduce the risk.

D. Develop a plan to upgrade technology.

A. Monitor risk controls.

B. Transfer the risk.

C. Implement preventive measures.

D. Implement detective controls.

A. Changes in the number of intrusions detected

B. Changes in the position in the maturity model

C. Changes in the number of security exceptions

D. Changes to the structure of the risk register

A. Risk management committee

B. Human resources (HR)

C. Audit committee

D. Board of directors

A. availability of automated solutions

B. business process requirements.

C. organizational risk appetite.

D. business sector best practices.

A. Security control reviews

B. Random sampling checks

C. Control self-assessment (CSA)

D. Log analysis

A. Business process owner

B. Application owner

C. Senior management

D. Risk practitioner

A. Evaluate the sensitivity of data that the business needs to handle.

B. Review the organization's data retention policy and regulatory requirements.

C. Evaluate the organization's existing data protection controls.

D. Reassess the risk appetite and tolerance levels of the business.

A. provide an enterprise-wide view of risk

B. support risk response tracking

C. assign risk ownership

D. facilitate risk response decisions.

A. resource utilization.

B. strategic alignment.

C. performance evaluation.

D. solution delivery.

A. Ensure the contract includes provisions for sharing personal information.

B. Require the business partner to delete personal information following the audit.

C. Obfuscate the customers' personal information.

D. Use a secure channel to transmit the files.

A. Standards and frameworks

B. Policies and procedures

C. internal audit recommendations

D. Laws and regulations

A. Password policies

B. Segregation of duties

C. Monetary approval limits

D. Clear roles and responsibilities

A. communication

B. treatment.

C. identification.

D. assessment.