CRISC Practice Test

A risk practitioner recently discovered that sensitive data from the production environment is required for testing purposes in non-production environments. Which of the following i the BEST recommendation to address this situation?

A.

Enable data encryption in the test environment

B.

Implement equivalent security in the test environment

C.

Prevent the use of production data for test purposes

D.

Mask data before being transferred to the test environment

Which of the following BEST describes the role of the IT risk profile in strategic IT-related decisions?

A.

It compares performance levels of IT assets to value delivered.

 

B.

It facilitates the alignment of strategic IT objectives to business objectives.

 

C.

It provides input to business managers when preparing a business case for new IT projects.

 

D.

It helps assess the effects of IT decisions on risk exposure

 

Which of the following is MOST important when developing risk scenarios?

A.

The scenarios are based on industry best practice.

B.

The scenarios focus on current vulnerabilities.

C.

The scenarios are relevant to the organization.

D.

The scenarios include technical consequences.

Which of the following controls will BEST detect unauthorized modification of data by a database
administrator?

A.

Reviewing database access rights

B.

Reviewing database activity logs

C.

Comparing data to input records

D.

Reviewing changes to edit checks

Which of the following is the MOST important topic to cover in a risk awareness training program for all staff?

A.

Internal and external information security incidents

B.

The risk department's roles and responsibilities

C.

Policy compliance requirements and exceptions process

D.

The organization's information security risk profile