CRISC無料問題集「ISACA Certified in Risk and Information Systems Control」

質問 1

Which of the following would MOST likely cause management to unknowingly accept excessive risk?

（A）Lack of preventive controls

（B）Satisfactory audit results

（C）Risk tolerance being set too low

（D）Inaccurate risk ratings

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Which of the following should be the PRIMARY driver for an organization on a multi-year cloud implementation to publish a cloud security policy?

（A）Evaluating gaps in the on-premise and cloud security profiles

（B）Enforcing compliance with cloud security parameters

（C）Educating IT staff on variances between on premise and cloud security

（D）Establishing minimum cloud security requirements

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use:

（A）the cost associated with each control.

（B）information from the risk register.

（C）key risk indicators (KRls).

（D）historical risk assessments.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which of the following is the PRIMARY reason for conducting peer reviews of risk analysis?

（A）To enhance compliance with standards

（B）To provide assessments for benchmarking

（C）To minimize subjectivity of assessments

（D）To increase consensus among peers

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

In a public company, which group is PRIMARILY accountable for ensuring sufficient attention and resources are applied to the risk management process?

（A）Line management

（B）Board of directors

（C）Senior management

（D）Risk officers

正解：B 解答を投票する

質問 6

Which of the following is the BEST way to ensure adequate resources will be allocated to manage identified risk?

（A）Assigning risk ownership to appropriate roles

（B）Promoting an organizational culture of risk awareness

（C）Prioritizing risk within each business unit

（D）Reviewing risk ranking methodology

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

An organization's risk practitioner learns a new third-party system on the corporate network has introduced vulnerabilities that could compromise corporate IT systems. What should the risk practitioner do FIRST?

（A）Identify procedures to mitigate the vulnerabilities.

（B）Notify information security management.

（C）Request IT to remove the system from the network.

（D）Confirm the vulnerabilities with the third party

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following is a PRIMARY benefit of engaging the risk owner during the risk assessment process?

（A）Identification of controls gaps that may lead to noncompliance

（B）Early detection of emerging threats

（C）Accurate measurement of loss impact

（D）Prioritization of risk action plans across departments

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following is the PRIMARY reason for an organization to include an acceptable use banner when users log in?

（A）To reduce the likelihood of insider threat

（B）To reduce the impact of insider threat

（C）To enable rapid discovery of insider threat

（D）To eliminate the possibility of insider threat

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which of the following would be the BEST recommendation if the level of risk in the IT risk profile has decreased and is now below management's risk appetite?

（A）Reduce the risk management budget.

（B）Realign risk appetite to the current risk level.

（C）Decrease the number of related risk scenarios.

（D）Optimize the control environment.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

The risk associated with inadvertent disclosure of database records from a public cloud service provider (CSP) would MOST effectively be reduced by:

（A）encrypting the data

（B）reviewing CSP access privileges

（C）assessing the data classification scheme

（D）including a nondisclosure clause in the CSP contract

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

An organization must make a choice among multiple options to respond to a risk. The stakeholders cannot agree and decide to postpone the decision. Which of the following risk responses has the organization adopted?

（A）Transfer

（B）Avoidance

（C）Mitigation

（D）Acceptance

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following BEST facilitates the development of effective IT risk scenarios?

（A）Validation by senior management

（B）Integration of contingency planning

（C）Utilization of a cross-functional team

（D）Participation by IT subject matter experts

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

Which of the following would BEST assist in reconstructing the sequence of events following a security incident across multiple IT systems in the organization's network?

（A）Centralized vulnerability management

（B）Centralized log management

（C）Network monitoring infrastructure

（D）Incident management process

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

Which of the following is the PRIMARY benefit of identifying and communicating with stakeholders at the onset of an IT risk assessment?

（A）Selecting the risk assessment framework

（B）Defining the risk assessment scope

（C）Obtaining funding support

（D）Establishing inherent risk

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

Which of the following should be implemented to BEST mitigate the risk associated with infrastructure updates?

（A）Risk assessment

（B）Change control process

（C）Change management audit

（D）Role-specific technical training

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 17

Which of the following is MOST likely to cause a key risk indicator (KRI) to exceed thresholds?

（A）A performance measurement

（B）Occurrences of specific events

（C）Risk scenarios

（D）The risk tolerance level

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 18

An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?

（A）Require vendor to sign a confidentiality agreement.

（B）Enforce criminal background checks.

（C）Restrict access to customer data on a "need to know'' basis.

（D）Mask customer data fields.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 19

Malware has recently affected an organization. The MOST effective way to resolve this situation and define a comprehensive risk treatment plan would be to perform:

（A）a vulnerability assessment.

（B）an impact assessment.

（C）a gap analysis

（D）a root cause analysis.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CRISC 無料問題集「ISACA Certified in Risk and Information Systems Control」

弊社を連絡する

関連リンク

トップ試験