[2024-10-23更新,999問] 無料ISACA CRISC試験問題集、CRISC問題集(ページ 67)

CRISC 試験問題 326

Which of the following is the MOST effective way 10 identify an application backdoor prior to implementation'?

A. Source code review

B. Database activity monitoring

C. User acceptance testing (UAT)

D. Vulnerability analysis

CRISC 試験問題 327

Which of the following components of risk scenarios has the potential to generate internal or external threat on an enterprise?

A. Timing dimension

B. Events

C. Assets

D. Actors

正解: D

Section: Volume A
Explanation:
Components of risk scenario that are needed for its analysis are:
* Actor: Actors are those components of risk scenario that has the potential to generate the threat that can be internal or external, human or non-human. Internal actors are within the enterprise like staff, contractors, etc. On the other hand, external actors include outsiders, competitors, regulators and the market.
* Threat type: Threat type defines the nature of threat, that is, whether the threat is malicious, accidental, natural or intentional.
* Event: Event is an essential part of a scenario; a scenario always has to contain an event. Event describes the happenings like whether it is a disclosure of confidential information, or interruption of a system or project, or modification, theft, destruction, etc.
* Asset: Assets are the economic resources owned by business or company. Anything tangible or intangible that one possesses, usually considered as applicable to the payment of one's debts, is considered an asset. An asset can also be defined as a resource, process, product, computing infrastructure, and so forth that an organization has determined must be protected. Tangible asset: Tangible are those asset that has physical attributes and can be detected with the senses, e.g., people, infrastructure, and finances.
Intangible asset: Intangible are those assets that has no physical attributes and cannot be detected with the senses, e.g., information, reputation and customer trust.
* Timing dimension: The timing dimension is the application of the scenario to detect time to respond to or recover from an event. It identifies if the event occurs at a critical moment and its duration. It also specifies the time lag between the event and the consequence, that is, if there an immediate consequence (e.g., network failure, immediate downtime) or a delayed consequence (e.g., wrong IT architecture with accumulated high costs over a long period of time).

CRISC 試験問題 328

Ned は、あなたの会社の HNN プロジェクトのプロジェクトマネージャーです。Ned は、プロジェクトの確率分布をいくつか完成させるのを手伝ってほしいとあなたに依頼しました。プロジェクトのどの部分を確率分布に使用する可能性が最も高いでしょうか。

A. 新しいリソースに対するリスクへの偏り

B. リスク確率と影響マトリックス

C. スケジュールアクティビティの期間などの値の不確実性

D. リスクの特定

E. 説明:
リスク確率分布は、時間やコストなどの不確実な値に利用される可能性が高い。
プロジェクトの見積もり。

F. は正しくありません。リスク確率分布は、リスクの特定には適していません。

G. は誤りです。リスク確率分布は、リスク確率で使用される可能性は低いです。
および影響マトリックス。

CRISC 試験問題 329

リスク認識トレーニングの有効性を確保するのに最も役立つアプローチは次のどれですか?

A. 上級管理職とコンテンツを確認する

B. 信頼できるサードパーティのトレーニングプログラムを使用する

C. フォーカスグループによるパイロットコース

D. 対象ユーザー向けのモジュールの作成

CRISC 試験問題 330

Which of the following aspects are included in the Internal Environment Framework of COSO ERM?
Each correct answer represents a complete solution. Choose three.

A. Enterprise's integrity and ethical values

B. Enterprise's working environment

C. Enterprise's human resource standards

D. Enterprise's risk appetite

他のバージョン: 1551ISACA.CRISC.v2025-03-28.q924; 1103ISACA.CRISC.v2024-07-31.q668; 3309ISACA.CRISC.v2023-07-03.q712; 5737ISACA.CRISC.v2022-10-19.q897

最新アップロード: 104CII.M05.v2025-09-13.q42; 111CBIC.CIC.v2025-09-13.q68; 128Salesforce.Advanced-Administrator.v2025-09-12.q111; 178IIBA.CCBA.v2025-09-12.q144; 148PaloAltoNetworks.PSE-PrismaCloud.v2025-09-11.q65; 129SAP.C-TS452-2410.v2025-09-11.q32; 132ASHRAE.HFDP.v2025-09-11.q40; 206Salesforce.Sales-Cloud-Consultant.v2025-09-09.q128; 134SAP.C-C4H56I-34.v2025-09-08.q74; 220Salesforce.Agentforce-Specialist.v2025-09-08.q82

CRISC 試験問題 326

CRISC 試験問題 327

CRISC 試験問題 328

CRISC 試験問題 329

CRISC 試験問題 330

PDFファイルをダウンロード