CRISC Domain 2 MCQ

Destruction of obsolete computer equipment

Theft of a smartphone from an office

Sanitization and reuse of a flash drive

Employee deletion of a file

Risk assessments are not always precise.

Reviewers can optimize and reduce the cost of controls

Risk assessments demonstrate the value of risk management to senior management

Business risk is subject to frequent change

an emerging vulnerability

a vulnerability event

an emerging threat

an environmental risk factor

Gap analysis

The current IT risk profile

The IT controls framework

Countermeasure analysis

Input from senior management

Previous security incidents

Threats that the enterprise faces

Results of the risk analysis

assess the likelihood of the incident occurring at the risk practitioner's enterprise

discontinue the use of the vulnerable technology

report to senior management that the enterprise is not affected

remind staff that no similar security breaches have taken place

strength of controls

likelihood and impact

current risk profiles

scenario root cause

It captures the risk inventory

it drives the risk response plan

It is a risk reporting tool

It lists internal risk and external risk

record and mitigate serious risk and disregard low-level risk

obtain management commitment to mitigate all identified risk within a reasonable time frame

document identified risk in the risk register and maintain the remediation status

conduct an annual risk assessment, but disregard previous assessments to prevent risk bias

Delphi method

Quantitative analysis

Qualitative analysis

Financial risk modeling