CRISC Certified in Risk and Information Systems Control – Question833

When establishing an enterprise IT risk management program, it is MOST important to:

A.
review alignment with the organization’s strategy.
B. understand the organization’s information security policy.
C. validate the organization’s data classification scheme.
D. report identified IT risk scenarios to senior management.

Correct Answer: A

CRISC Certified in Risk and Information Systems Control – Question832

Which of the following BEST indicates the effectiveness of anti-malware software?

A.
Number of staff hours lost due to malware attacks.
B. Number of patches made to anti-malware software.
C. Number of successful attacks by malicious software.
D. Number of downtime hours in business critical servers.

Correct Answer: C

CRISC Certified in Risk and Information Systems Control – Question831

Which of the following BEST indicates the efficiency of a process for granting access privileges?

A.
Average time to grant access privileges.
B. Number of changes in access granted to users.
C. Average number of access privilege exceptions.
D. Number and type of locked obsolete accounts.

Correct Answer: A

CRISC Certified in Risk and Information Systems Control – Question830

Which of the following is the MOST appropriate key risk indicator (KRI) for backup media that is recycled monthly?

A.
Time required for backup restoration testing.
B. Change in size of data backed up.
C. Successful completion of backup operations.
D. Percentage of failed restore tests.

Correct Answer: D

CRISC Certified in Risk and Information Systems Control – Question828

Which of the following is the BEST way for a risk practitioner to verify that management has addressed control issues identified during a previous external audit?

A.
Inspect external audit documentation.
B. Review management’s detailed action plans.
C. Observe the control enhancements in operation.
D. Interview control owners.

Correct Answer: C

CRISC Certified in Risk and Information Systems Control – Question827

To reduce costs, an organization is combining the second and third lines of defense in a new department that reports to a recently appointed C-level executive. Which of the following is the GREATEST concern with this situation?

A.
The risk governance approach of the second and third lines of defense may differ.
B. The independence of the internal third line of defense may be compromised.
C. The new structure is not aligned to the organization’s internal control framework.
D. Cost reductions may negatively impact the productivity of other departments.

Correct Answer: B