CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 89)

Page 88 of 451
PDF with 1871 Questions

You are working in Bluewell Inc. which make advertisement Websites. Someone had made unauthorized changes to your Website. Which of the following terms refers to this type of loss?

  1. Loss of confidentiality
  2. Loss of integrity
  3. Loss of availability
  4. Loss of revenue

Answer(s): B

Explanation:

Loss of integrity refers to the following types of losses: An e-mail message is modified in transit
A virus infects a file
Someone makes unauthorized changes to a Web site

Incorrect Answers:
A: Someone sees a password or a company's secret formula, this is referred to as loss of confidentiality.

C: An e-mail server is down and no one has e-mail access, or a file server is down so data files aren't available comes under loss of availability.

D: This refers to the events which would eventually cause loss of revenue.



Which of the following is NOT true for Key Risk Indicators?

  1. They are selected as the prime monitoring indicators for the enterprise
  2. They help avoid having to manage and report on an excessively large number of risk indicators
  3. The complete set of KRIs should also balance indicators for risk, root causes and business impact.
  4. They are monitored annually

Answer(s): D

Explanation:

They are monitored on regular basis as they indicate high probability and high impact risks. As risks change over time, hence KRIs should also be monitored regularly for its effectiveness on these changing risks.

Incorrect Answers:
A, B, C: These all are true for KRIs. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.

The complete set of KRIs should also balance indicators for risk, root causes and business impact, so as to indicate the risk and its impact completely.



Which of the following is the BEST way to determine the ongoing efficiency of control processes?

  1. Interview process owners
  2. Review the risk register
  3. Perform annual risk assessments
  4. Analyze key performance indicators (KPIs)

Answer(s): D



You are the project manager of the GHT project. You are accessing data for further analysis. You have chosen such a data extraction method in which management monitors its own controls. Which of the following data extraction methods you are using here?

  1. Extracting data directly from the source systems after system owner approval
  2. Extracting data from the system custodian (IT) after system owner approval
  3. Extracting data from risk register
  4. Extracting data from lesson learned register

Answer(s): A

Explanation:

Direct extraction from the source system involves management monitoring its own controls, instead of auditors/ third parties monitoring management's controls. It is preferable over extraction from the system custodian.

Incorrect Answers:
B: Extracting data from the system custodian (IT) after system owner approval, involves auditors or third parties monitoring management's controls. Here, in this management does not monitors its own control.

C, D: These are not data extraction methods.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts