CRISC試験無料問題集（1572題）「ISACA Certified in Risk and Information Systems Control 認定」

出題：1

During an IT department reorganization, the manager of a risk mitigation action plan was replaced. The new manager has begun implementing a new control after identifying a more effective option. Which of the following is the risk practitioner's BEST course of action?

A. Modify the action plan in the risk register.

B. Identify an owner for the new control.

C. Communicate the decision to the risk owner for approval

D. Seek approval from the previous action plan manager.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which of the following practices BEST mitigates risk related to enterprise-wide ethical decision making in a multi-national organization?

A. Policies requiring central reporting of potential procedure exceptions

B. Ongoing awareness training to support a common risk culture

C. Zero-tolerance policies for risk taking by middle-level managers

D. Customized regional training on local laws and regulations

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following is MOST important for a risk practitioner to verify when evaluating the effectiveness of an organization's existing controls?

A. Senior management has approved the control design.

B. Inherent risk has been reduced from original levels.

C. Residual risk remains within acceptable levels.

D. Costs for control maintenance are reasonable.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following is the PRIMARY objective of aggregating the impact of IT risk scenarios and reflecting the results in the enterprise risk register?

A. To ensure IT risk scenarios are consistently assessed within the organization

B. To ensure IT risk impact can be compared to the IT risk appetite

C. To ensure IT risk appetite is communicated across the organization

D. To ensure IT risk ownership is assigned at the appropriate organizational level

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

An organization has identified that terminated employee accounts are not disabled or deleted within the time required by corporate policy. Unsure of the reason, the organization has decided to monitor the situation for three months to obtain more information. As a result of this decision, the risk has been:

A. mitigated.

B. avoided.

C. accepted.

D. transferred.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which of the following resources is MOST helpful to a risk practitioner when updating the likelihood rating in the risk register?

A. Penetration test results

B. Business impact analysis (BIA)

C. Audit reports with risk ratings

D. Risk control assessment

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

When developing a new risk register, a risk practitioner should focus on which of the following risk management activities?

A. Risk management strategy planning

B. Risk identification

C. Risk response planning

D. Risk monitoring and control

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following is the BEST way to detect zero-day malware on an end user's workstation?

A. Database activity monitoring

B. Firewall log monitoring

C. File integrity monitoring

D. An antivirus program

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which of the following is MOST commonly compared against the risk appetite?

A. IT risk

B. Residual risk

C. Inherent risk

D. Financial risk

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which of the following can be used to assign a monetary value to risk?

A. Cost-benefit analysis

B. Annual loss expectancy (ALE)

C. Inherent vulnerabilities

D. Business impact analysis

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Which of the following is MOST important when defining controls?

A. Identifying monitoring mechanisms

B. Including them in the risk register

C. Prototyping compensating controls

D. Aligning them with business objectives

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

While evaluating control costs, management discovers that the annual cost exceeds the annual loss expectancy (ALE) of the risk. This indicates the:

A. control is ineffective and should be strengthened

B. control is weak and should be removed.

C. risk is inefficiently controlled.

D. risk is efficiently controlled.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

Which of the following BEST supports the management of identified risk scenarios?

A. Using key risk indicators (KRIs)

B. Defining risk parameters

C. Collecting risk event data

D. Maintaining a risk register

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

Which of the following is MOST important to include when reporting the effectiveness of risk management to senior management?

A. Impact due to changes in external and internal risk factors

B. Changes in residual risk levels against acceptable levels

C. Gaps in best practices and implemented controls across the industry

D. Changes in the organization's risk appetite and risk tolerance levels

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CRISC試験無料問題集「ISACA Certified in Risk and Information Systems Control 認定」