Which of the following should be of MOST concern to a risk practitioner?

Failure to internally report a successful attack

Failure to notify the public of an intrusion

Failure to notify the police of an attempted intrusion

Failure to examine access rights periodically

Which of the following choices provide the BEST view of risk management?

An interdisciplinary team within the enterprise

A third party risk assessment service provider

The enterprise's internal compliance department

Which of the following is one of the MAIN purposes of the 1st line of defense in the 3 lines of defense model?

Ensure control deficiencies are addressed

Ensure that financial controls are in place

Ensure risk management practices are effective

Ensure compliance with rules and regulations

Senior management has defined the enterprise risk appetite as moderate. A business critical application has been determined to pose a high risk. What is the NEXT action the risk practitioner should take?

Assess the impact of planned controls to the application

Remove the high risk application and replace it with another system

Recommend that management increase its acceptable risk level for the application

Restrict access to the application only to trusted users

A key objective when monitoring information systems control effectiveness against the enterprise's external requirements is to:

ensure that the enterprise's legal obligations have been satisfied

design the applicable information security controls for external audits

create the enterprise's information security policy provisions for third parties

identify those legal obligations that apply to the enterprise's security practices

Shortly after performing the annual review and revision of corporate policies, a risk practitioner becomes aware that a new law may affect security requirements for the human resources system. The risk practitioner should:

analyse in detail how the law may affect the enterprise

ensure that necessary adjustments are made during the next review cycle

initiate an adhoc revision of the corporate policy

notify the system custodian to implement changes

It is most important that risk appetite aligns with business objectives to ensure that:

resources are directed toward areas of low risk tolerance

major risk is identified and eliminated

IT and business goals are aligned

the risk strategy is adequately communicated

CRISC Domain 1 MCQ

Authored by John Lee

Professional Development

Used 4+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

14 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

IT Risk is measured by it's:

Level of damage to IT systems

Impact on business operations

Cost of countermeasures

Annual Loss Expectancy

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is MOST important to determine when defining risk management strategies?

Risk assessment criteria

IT architecture complexity

Enterprise disaster recovery plan

Business objectives and operations

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Who is responsible for explaining the ramifications of a new zero-day exploit to the enterprise to senior management?

Chief Operating Officer

Chief Risk Officer

Chief Information Security Officer

Chief Information Officer

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The risk to an information system that supports a critical business process is owned by:

the IT Director

Senior Management

the Risk Management department

the system users

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is MOST important when selecting an appropriate risk management methodology?

Risk culture

Countermeasure analysis

Cost benefit analysis

Risk transfer strategy

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is MOST useful when computing annual loss exposure?

The cost of existing controls

The number of vulnerabilities

The net present value of the asset

The business value of the asset

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following provides the GREATEST support to a risk practitioner recommending encryption of corporate laptops and removable media as a risk mitigation measure?

Benchmarking with peers

Evaluating public reports on encryption algorithms in the public domain

Developing a business case

Scanning unencrypted systems for vulnerabilities

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

Personal Effectiveness 1

Quiz

•

Professional Development

15 questions

Pelatihan Excellent Service

Quiz

•

Professional Development

15 questions

Gangguan Perkembangan Bahasa dan Oromotor

Quiz

•

Professional Development

15 questions

NPO Quiz

Quiz

•

Professional Development

17 questions

Telangana cuisine

Quiz

•

Professional Development

15 questions

Labor Relations and Negotations 1

Quiz

•

University - Professi...

10 questions

Gestión de Compras y Contrataciones

Quiz

•

Professional Development

12 questions

2023 Independent Day Quiz

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Professional Development

44 questions

Would you rather...

Quiz

•

Professional Development