CRISC Practice Test

An organization has engaged a third party to provide an Internet gateway encryption service that protects sensitive data uploaded to a cloud service. This is an example of risk:

A.

mitigation.

B.

avoidance.

C.

transfer.

D.

acceptance.

Which of the following would be the BEST key performance indicator (KPI) for monitoring the effectiveness of the IT asset management process?

A.

Percentage of unpatched IT assets

B.

Percentage of IT assets without ownership

C.

The number of IT assets securely disposed during the past year

D.

The number of IT assets procured during the previous month

Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure? 

A.

Relevance to the business process

B.

Regulatory compliance requirements

C.

Cost-benefit analysis

D.

Comparison against best practice

Which of the following would be a risk practitioners BEST recommendation for preventing cyber intrusion?

A.

Establish a cyber response plan

B.

Implement data loss prevention (DLP) tools.

C.

Implement network segregation.

D.

Strengthen vulnerability remediation efforts

Which of the following is an IT business owner's BEST course of action following an unexpected increase in emergency changes?

A.

Evaluating the impact to control objectives

B.

Conducting a root cause analysis

C.

Validating the adequacy of current processes

D.

Reconfiguring the IT infrastructure