CRISC試験無料問題集（1478題）「ISACA Certified in Risk and Information Systems Control 認定」

出題：1

Who is the BEST person to an application system used to process employee personal data?

A. Compliance manager

B. System administrator

C. Data privacy manager

D. Human resources (HR) manager

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which of the following would be the BEST justification to invest in the development of a governance, risk, and compliance (GRC) solution?

A. Closing audit findings on a timely basis

B. Demonstrating management commitment to mitigate risk

C. Facilitating risk-aware decision making by stakeholders

D. Ensuring compliance to industry standards

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following is the MOST important consideration for the board and senior leadership regarding the organization's approach to risk management for emerging technologies?

A. Ensuring IT risk scenarios are updated and include emerging technologies

B. Ensuring the risk framework and policies are suitable for emerging technologies

C. Ensuring the organization follows risk management industry best practices

D. Ensuring threat intelligence services are used to gather data about emerging technologies

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following is the PRIMARY accountability for a control owner?

A. Ensure the control operates effectively.

B. Communicate risk to senior management.

C. Identify and assess control weaknesses.

D. Own the associated risk the control is mitigating.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which of the following would be the GREATEST challenge when implementing a corporate risk framework for a global organization?

A. Privacy risk controls

B. Management support

C. Business continuity

D. Risk taxonomy

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

An organization has decided to implement an emerging technology and incorporate the new capabilities into its strategic business plan. Business operations for the technology will be outsourced. What will be the risk practitioner's PRIMARY role during the change?

A. Developing risk scenarios

B. Managing third-party risk

C. Managing the threat landscape

D. Updating risk appetite

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which of the following should be the MOST important consideration when determining controls necessary for a highly critical information system?

A. The organization's available budget

B. The level of acceptable risk to the organization

C. The number of threats to the system

D. The number of vulnerabilities to the system

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following management action will MOST likely change the likelihood rating of a risk scenario related to remote network access?

A. Creating metrics to track remote connections

B. Updating the organizational policy for remote access

C. Updating remote desktop software

D. Implementing multi-factor authentication

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which stakeholder is MOST important to include when defining a risk profile during me selection process for a new third party application'?

A. The application vendor

B. The information security manager

C. The third-party risk manager

D. The business process owner

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which of the following provides the BEST evidence that risk responses are effective?

A. Residual risk is within risk tolerance.

B. Compliance breaches are addressed in a timely manner.

C. Risk ownership is identified and assigned.

D. Risk with low impact is accepted.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

A bank is experiencing an increasing incidence of customer identity theft. Which of the following is the BEST way to mitigate this risk?

A. Implement monitoring techniques.

B. Implement layered security.

C. Conduct an awareness campaign.

D. Outsource to a local processor.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

Which of the following is the GREATEST benefit to an organization when updates to the risk register are made promptly after the completion of a risk assessment?

A. Improved senior management communication

B. Optimized risk treatment decisions

C. Improved collaboration among risk professionals

D. Enhanced awareness of risk management

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?

A. Risk factors might not be relevant to the organization

B. Inherent risk might not be considered.

C. Quantitative analysis might not be possible.

D. Implementation costs might increase.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CRISC試験無料問題集「ISACA Certified in Risk and Information Systems Control 認定」