CRISC Practice Test

The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?

A.

Logs and system events

B.

Intrusion detection system (IDS) rules

C.

Vulnerability assessment reports

D.

Penetration test reports

From a risk management perspective, which of the following is the PRIMARY benefit of using automated system configuration validation tools?

 

A.

Residual risk is reduced.

B.

Staff costs are reduced.

C.

Operational costs are reduced.

D.

Inherent risk is reduced.

Which of the following should be the PRIMARY input when designing IT controls?

A.

Benchmark of industry standards

B.

Internal and external risk reports

C.

Recommendations from IT risk experts

D.

Outcome of control self-assessments

An organization is preparing to transfer a large number of customer service representatives to the sales department. Of the following, who is responsible for mitigating the risk associated with residual system access?

A.

IT service desk manager

B.

Sales manager

C.

Customer service manager

D.

Access control manager

Which of the following would BEST provide early warning of a high-risk condition?

A.

Risk register

B.

Risk assessment

C.

Key risk indicator (KRI)

D.

Key performance indicator (KPI)