CRISC 試験問題を無料オンラインアクセス

Management has required information security awareness training to reduce the risk associated with credential compromise. What is the BEST way to assess the effectiveness of the training?

• A.Perform a vulnerability assessment.
• B.Administer an end-of-training quiz.
• C.Conduct social engineering testing.
• D.Audit security awareness training materials.

Which of the following is the PRIMARY benefit of consistently recording risk assessment results in the risk register?

• A.Accuracy of risk profiles
• B.Assessment of organizational risk appetite
• C.Compliance with best practice
• D.Accountability for loss events

Which of the following should be included in a risk scenario to be used for risk analysis?

• A.Risk tolerance
• B.Threat type
• C.Residual risk
• D.Risk appetite

A recently purchased IT application does not meet project requirements. Of the following, who is accountable for the potential impact?

• A.IT project management office (PMO)
• B.Project sponsor
• C.Business analyst
• D.IT project team

Which of the following is the PRIMARY reason to use administrative controls in conjunction with technical controls?

• A.To improve the effectiveness of controls that mitigate risk
• B.To gain stakeholder support for the implementation of controls
• C.To comply with industry best practices by balancing multiple types of controls
• D.To address multiple risk scenarios mitigated by technical controls