CRISC試験無料問題集（1725題）「ISACA Certified in Risk and Information Systems Control 認定」

出題：1

Which of the following would BEST help to address the risk associated with malicious outsiders modifying application data?

A. Activation of control audits

B. Role-based access controls

C. Acceptable use policies

D. Multi-factor authentication

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which of the following would be MOST helpful to a risk practitioner when ensuring that mitigated risk remains within acceptable limits?

A. Implementing a process for ongoing monitoring of control effectiveness

B. Ensuring risk owners participate in a periodic control testing process

C. Building an organizational risk profile after updating the risk register

D. Designing a process for risk owners to periodically review identified risk

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Who is ULTIMATELY accountable for the confidentiality of data in the event of a data breach within a Software as a Service (SaaS) environment?

A. Customer's data owner

B. Vendor's information security officer

C. Vendor's application owner

D. Customer's data privacy officer

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

An organization recently implemented an extensive risk awareness program after a cybersecurity incident.
Which of the following is MOST likely to be affected by the implementation of the program?

A. Threat landscape

B. Residual risk

C. Risk appetite

D. Inherent risk

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which of the following is the MOST important concern when assigning multiple risk owners for an identified risk?

A. Risk ratings may be inconsistently applied.

B. Mitigation efforts may be duplicated.

C. Different risk taxonomies may be used.

D. Accountability may not be clearly defined.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which of the following controls will BEST mitigate risk associated with excessive access privileges?

A. Separation of duties

B. Entitlement reviews

C. Review of user access logs

D. Frequent password expiration

正解：B 解答を投票する

出題：7

Which of the following is a risk practitioner's MOST important responsibility in managing risk acceptance that exceeds risk tolerance?

A. Verify authorization by senior management.

B. Ensure the acceptance is set to expire over lime

C. Increase the risk appetite to align with the current risk level

D. Update the risk response in the risk register.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following is the PRIMARY objective for automating controls?

A. Complying with functional requirements

B. Improving control process efficiency

C. Reducing the need for audit reviews

D. Facilitating continuous control monitoring

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which of the following BEST indicates the effective implementation of a risk treatment plan?

A. Residual risk is managed within appetite and tolerance.

B. Key controls are identified and documented.

C. Inherent risk is managed within an acceptable level.

D. Risk treatments are aligned with industry peers.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which of the following is MOST important to the effectiveness of a senior oversight committee for risk monitoring?

A. Organizational risk appetite

B. Key risk indicators (KRIs)

C. Risk governance charter

D. Cross-business representation

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

An organization striving to be on the leading edge in regard to risk monitoring would MOST likely implement:

A. procedures to monitor the operation of controls.

B. monitoring activities for all critical assets.

C. Perform a controls assessment.

D. real-time monitoring of risk events and control exceptions.

E. a tool for monitoring critical activities and controls.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

Which of the following should be the GREATEST concern to a risk practitioner when process documentation is incomplete?

A. Inability to identify the risk owner

B. Inability to complete the risk register

C. Inability to identify process experts

D. Inability to allocate resources efficiently

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

The FIRST task when developing a business continuity plan should be to:

A. identify critical business functions and resources.

B. identify recovery time objectives (RTOs) for critical business applications.

C. determine data backup and recovery availability at an alternate site.

D. define roles and responsibilities for implementation.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

An organization recently implemented a cybersecurity awareness program that includes phishing simul-ation exercises for all employees. What type of control is being utilized?

A. Detective

B. Deterrent

C. Preventive

D. Compensating

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

Which of the following, who should be PRIMARILY responsible for performing user entitlement reviews?

A. Data owner

B. IT personnel

C. IT security manager

D. Data custodian

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CRISC試験無料問題集「ISACA Certified in Risk and Information Systems Control 認定」