Which of the following is a true statement regarding interoperability and mapping among the various control standards?

Many control frameworks are derived from and map to the ISO/IEC standards.

None of the existing control standards are compatible with each other.

All control standards map to NIST as the baseline control standards.

Control standards are exactly mapped to each other and identical, making them completely interchangeable.

Which of the following are key indicators designed to show how well a security mechanism or measure is performing?

Key performance indicators (KPIs)

When would an organization need to use multiple control frameworks?

When the organization is under multiple sources of governance

When the organization reassesses risk

When the organization wishes to modify its controls

When the organization requires a stronger risk response

Security controls serve all of the following purposes except which one?

Ensuring compliance with governance

Which of the following are true statements regarding how effective control implementation affects risk?

Effective control implementation can reduce likelihood and impact elements of risk.

Effective control implementation can completely eliminate a threat to an asset.

Effective control implementation can increase a vulnerability.

Effective control implementation can completely eliminate risk.

Which of the following best describes control standards and frameworks?

Control standards and frameworks are defined sets of controls.

Control standards and frameworks define risk management processes.

Control standards and frameworks define operational controls only.

Control standards and frameworks define risk response options.

Which of the following control standards was developed by payment card providers, such as Discovery, Visa, MasterCard, and American Express, for use with merchants that process credit card transactions?

NIST Special Publication 800-53, Revision 5

NIST Special Publication 800-171, Revision 2

Which of the following control functions is able to reduce or prevent a threat or a threat source?

No control function can prevent or eliminate a threat or a threat source.

Which of the following are key indicators designed to accurately state levels of risk based on defined thresholds?

Key performance indicators (KPIs)

Which of the following should be included in risk treatment plans submitted to senior management?

Reasonable alternatives to any recommendations for risk treatment.

Nonnegotiable requirements for risk treatment options so that risk can be definitively dealt with.

Only risk analysis should be included in risk treatment plans; management must be allowed to determine its own risk treatment options.

Only the optimal risk treatment options should be presented.

All of the following are true statements regarding control standards and frameworks except which one?

All control frameworks cost the same to implement.

They all describe controls to different depths and levels of detail.

Not all frameworks or control standards are technical in nature.

Some control frameworks are better suited for specific environments or areas than others.

Which of the following about risk ownership is not true?

The control is always owned by the risk owner of the risk it is mitigating

The purpose of determining risk ownership is to ensure accountability

A risk owner has the mandate, budget and authority to select an appropriate risk response

Risk owners need to drive the risk management activities performed by risk professionals

Risk response needs to be aligned with the business objectives. For it to happen

A risk response that may negatively impact the ability of the organization to meet its mission must be considered very carefully

The risk register documents only high priority risks

The risk professional must evaluate the risk and determine the best response.

Recommendations in the risk assessment report must be implemented

An example of risk mitigation is

Use compensating controls to address areas of persistence weaknesses in the system

Evacuating staff from a work area where there is civil unrest

Decide not to use an emerging technology for the operations

Using a service provider to overcome the current resource shortages

Risk mitigation is a response to risk that impacts the organization. The following are valid responses except

Reduce the exposure by not performing the operations

Which of the following helps in guiding management in selectin the appropriate risk response

Alignment of the response with organization strategy

Complexity of recommended mitigating controls

CRISC Domain 3 MCQ (A)

Authored by John Lee

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

38 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following control functions is used to keep someone from violating a policy or committing an illegal act, whether or not they are aware that the control exists?

Detective

Preventive

Corrective

Compensating

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following accurately describes the items that should be considered by the organization in control selection?

Governance, control effectiveness, and data type

Control effectiveness, organizational mission, and cost to implement and maintain

Governance, control effectiveness, and cost to implement and maintain

Cost to implement and maintain, data type, and organizational mission

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following are important considerations in evaluating risk response options?

Cost and effectiveness of response options

Resistance by personnel to response options

Cost and expected profit from response options.

Governance-mandated response options

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is NOT considered one of the three types of security controls implemented to protect assets?

Administrative

Technical

Physical

Financial

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is a true statement regarding emerging risk?

Organizations can avoid emerging risks by not adopting new technologies

Once a particular risk has been assessed, it does not change

The dynamic nature of risk means that it must be constantly monitored, reassessed, and reevaluated.

Emerging risks are limited to only the implementation of new technologies

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Security controls are typically assessed for all of the following except which one?

Effectiveness

Cost

Risk reduction

Compliance

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is the most important characteristic of data presented in a risk report?

Data must be trustworthy and accurate.

Data must align with what management expects the report to reflect.

Data must consider management’s attitude toward risk.

Data must be favorable toward risk analysts and risk owners

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

40 questions

Chapter 18: Haircoloring and Lightening

Quiz

•

Professional Development

34 questions

LV08 Chassis A

Quiz

•

Professional Development

40 questions

ITIL 4-8

Quiz

•

Professional Development

42 questions

Exchange Revision

Quiz

•

Professional Development

42 questions

Electrical Principles 6035-02 | Revision

Quiz

•

Professional Development

41 questions

VERBS AND SPELLING MKGBFIN79F PART 3

Quiz

•

Professional Development

34 questions

Module 9 - Surface Grinding

Quiz

•

Professional Development

34 questions

SAMR Model Quiz

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Professional Development

20 questions

Employability Skills

Quiz

•

Professional Development

CRISC Domain 3 MCQ (A)

Which of the following control functions is used to keep someone from violating a policy or committing an illegal act, whether or not they are aware that the control exists?

Which of the following accurately describes the items that should be considered by the organization in control selection?

Which of the following are important considerations in evaluating risk response options?

Which of the following is NOT considered one of the three types of security controls implemented to protect assets?

Which of the following is a true statement regarding emerging risk?

Security controls are typically assessed for all of the following except which one?

Which of the following is the most important characteristic of data presented in a risk report?

Which of the following is senior leadership’s commitment to risk management and provides an overall long-term direction for where the organization wants to be in terms of managing its risk?

Which of the following will always remain unless the source of a risk is completely avoided?

Which the following takes the place of a primary or desired control on a longer-term basis to mitigate risk if the desired control cannot be implemented for some reason?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development