Which of the following attributes of a key risk indicator (KRI) is MOST important?
A. Repeatable
B. Qualitative
C. Automated
D. Quantitative
A. Repeatable
B. Qualitative
C. Automated
D. Quantitative
Tag: CRISC Certified in Risk and Information Systems Control
CRISC Certified in Risk and Information Systems Control – Question563
An effective control environment is BEST indicated by controls that:
A. minimize senior management’s risk tolerance
B. manage risk within the organization’s risk appetite
C. are cost-effective to implement
D. reduce the thresholds of key risk indicators (KRIs)
A. minimize senior management’s risk tolerance
B. manage risk within the organization’s risk appetite
C. are cost-effective to implement
D. reduce the thresholds of key risk indicators (KRIs)
CRISC Certified in Risk and Information Systems Control – Question562
Which of the following is the MOST common concern associated with outsourcing to a service provider?
A. Combining incompatible duties
B. Unauthorized data usage
C. Denial of service attacks
D. Lack of technical expertise
A. Combining incompatible duties
B. Unauthorized data usage
C. Denial of service attacks
D. Lack of technical expertise
CRISC Certified in Risk and Information Systems Control – Question561
Which of the following BEST measures the efficiency of an incident response process?
A. Number of incidents lacking responses
B. Number of incidents escalated to management
C. Average time between changes and updating of escalation matrix
D. Average gap between actual and agreed response times
A. Number of incidents lacking responses
B. Number of incidents escalated to management
C. Average time between changes and updating of escalation matrix
D. Average gap between actual and agreed response times
CRISC Certified in Risk and Information Systems Control – Question560
Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?
A. Gather scenarios from senior management
B. Derive scenarios from IT risk policies and standards
C. Benchmark scenarios against industry peers
D. Map scenarios to a recognized risk management framework
A. Gather scenarios from senior management
B. Derive scenarios from IT risk policies and standards
C. Benchmark scenarios against industry peers
D. Map scenarios to a recognized risk management framework
CRISC Certified in Risk and Information Systems Control – Question559
Which of the following is the BEST method to ensure a terminated employee’s access to IT systems is revoked upon departure from the organization?
A. Login attempts are reconciled to a list of terminated employees
B. A process to remove employee access during the exit interview is implemented
C. The human resources (HR) system automatically revokes system access
D. A list of terminated employees is generated for reconciliation against current IT access
A. Login attempts are reconciled to a list of terminated employees
B. A process to remove employee access during the exit interview is implemented
C. The human resources (HR) system automatically revokes system access
D. A list of terminated employees is generated for reconciliation against current IT access
CRISC Certified in Risk and Information Systems Control – Question558
Which of the following elements of a risk register is MOST likely to change as a result of change in management’s risk appetite?
A. Risk likelihood and impact
B. Risk velocity
C. Inherent risk
D. Key risk indicator (KRI) thresholds
A. Risk likelihood and impact
B. Risk velocity
C. Inherent risk
D. Key risk indicator (KRI) thresholds
CRISC Certified in Risk and Information Systems Control – Question557
Which of the following is the BEST evidence that a user account has been properly authorized?
A. Notification from human resources that the account is active
B. Formal approval of the account by the user’s manager
C. User privileges matching the request form
D. An email from the user accepting the account
A. Notification from human resources that the account is active
B. Formal approval of the account by the user’s manager
C. User privileges matching the request form
D. An email from the user accepting the account
CRISC Certified in Risk and Information Systems Control – Question556
Which of the following is the BEST way to identify changes to the risk landscape?
A. Access reviews
B. Root cause analysis
C. Internal audit reports
D. Threat modeling
A. Access reviews
B. Root cause analysis
C. Internal audit reports
D. Threat modeling
CRISC Certified in Risk and Information Systems Control – Question555
Which of the following is the MOST effective key performance indicator (KPI) for change management?
A. Percentage of successful changes
B. Number of changes implemented
C. Percentage of changes with a fallback plan
D. Average time required to implement a change
A. Percentage of successful changes
B. Number of changes implemented
C. Percentage of changes with a fallback plan
D. Average time required to implement a change