CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 94)

Page 94 of 451
PDF with 1871 Questions

Which of the following come under the management class of controls? Each correct answer represents a complete solution. (Choose two.)

  1. Risk assessment control
  2. Audit and accountability control
  3. Program management control
  4. Identification and authentication control

Answer(s): A,C

Explanation:

The Management class of controls includes five families. These families include over 40 individual controls. Following is a list of each of the families in the Management class:
Certification, Accreditation, and Security Assessment (CA): This family of controls addresses steps to implement a security and assessment program. It includes controls to ensure only authorized systems are allowed on a network. It includes details on important security concepts, such as continuous monitoring and a plan of action and milestones.
Planning (PL): The PL family focuses on security plans for systems. It also covers Rules of Behaviour for users. Rules of Behaviour are also called an acceptable use policy.
Risk Assessment (RA): This family of controls provides details on risk assessments and vulnerability scanning.
System and Services Acquisition (SA): The SA family includes any controls related to the purchase of products and services. It also includes controls related to software usage and user installed software. Program Management (PM): This family is driven by the Federal Information Security Management Act (FISMA). It provides controls to ensure compliance with FISMA. These controls complement other controls. They don't replace them.

Incorrect Answers:
B, D: Identification and authentication, and audit and accountability control are technical class of controls.



Which of the following parameters are considered for the selection of risk indicators? Each correct answer represents a part of the solution. Choose three.

  1. Size and complexity of the enterprise
  2. Type of market in which the enterprise operates
  3. Risk appetite and risk tolerance
  4. Strategy focus of the enterprise

Answer(s): A,B,D

Explanation:

Risk indicators are placed at control points within the enterprise and are used to collect data. These collected data are used to measure the risk levels at that point. They also track events or incidents that may indicate a potentially harmful situation.

Risk indicators can be in form of logs, alarms and reports. Risk indicators are selected depending on a number of parameters in the internal and external environment, such as:
Size and complexity of the enterprise
Type of market in which the enterprise operates Strategy focus of the enterprise

Incorrect Answers:
C: Risk appetite and risk tolerance are considered when applying various risk responses.



David is the project manager of HRC project. He concluded while HRC project is in process that if he adopts e- commerce, his project can be more fruitful. But he did not engage in electronic commerce (e-commerce) so that he would escape from risk associated with that line of business. What type of risk response had he adopted?

  1. Acceptance
  2. Avoidance
  3. Exploit
  4. Enhance

Answer(s): B

Explanation:

As David did not engage in e-commerce in order to avoid risk, hence he is following risk avoidance strategy.



Which of the following is the final step in the policy development process?

  1. Management approval
  2. Continued awareness activities
  3. Communication to employees
  4. Maintenance and review

Answer(s): D

Explanation:

Organizations should create a structured ISG document development process. A formal process gives many areas the opportunity to comment on a policy. This is very important for high-level policies that apply to the whole organization. A formal process also makes sure that final policies are communicated to employees. It also provides organizations with a way to make sure that policies are reviewed regularly.

In general, a policy development process should include the following steps:
1. Development
2. Stakeholder review
3. Management approval
4. Communication to employees
5. Documentation of compliance or exceptions
6. Continued awareness activities
7. Maintenance and review

Incorrect Answers:
A, B, C: These are the earlier phases in policy development process.



Page 94 of 451



Post your Comments and Discuss ISACA CRISC exam with other Community members:

Fei commented on November 26, 2024
Very good resources
UNITED STATES
upvote

Yingying Li commented on December 02, 2023
Very useful practice tests.
Anonymous
upvote

Stephen commented on August 27, 2023
Can you please share CIMAPRA19-FO2-1 Exam dumps please
Anonymous
upvote

Parsad commented on June 04, 2023
Thank you for the buy 1 get 1 free discount. This helped me a lot. I donot have a lot of money.
INDIA
upvote

Petros commented on May 01, 2023
I could not have passed my certification test without the help of this study guide - highly recommend it!
PORTUGAL
upvote

Bobby commented on January 18, 2022
Passed easily.
UNITED STATES
upvote

Santosh commented on January 29, 2020
Passed my exam today with a score of 798. This is good material.
INDIA
upvote

Arron commented on January 26, 2020
This saved me so much time. The questions and answers are adequate and close to real exam. I like the PDF and its format. Just put it on my iPad and studied while traveling to work. This was my first time using this site and I am pretty happy about their service and price.
GERMANY
upvote

Suresh commented on April 17, 2019
This download is a waste of time . I downloaded the windows app and installed and it is asking to load the test. No documentation provided on how to use the desk top tool. Unable to install on my MAC not Iphone compatible. RE- Admin: Suresh, our website clearly says that the Test Engine software is for Windows only. We have not advertised anywhere in our website saying the Test Engine Software is for MAC as well.
UNITED STATES
upvote