Вы находитесь на странице: 1из 3

1 of 3

file:///C:/Users/bpankey/CRISC/criscPracticeQuiz_fall2011_AnswerSheet.htm

Answer Sheet
CRISC Fall 2011 Practice Quiz #1
1) What is the most significant risk for the online retailer?
( ) Criminal Internet hacker
(x) Denial of service
( ) PCI DSS non-compliance
( ) Poor change management
2) Preventive controls are most appropriate where
( ) Event frequency is high
(x) Impact is high
( ) Timely detect controls are unavailable
( ) Event frequency is low but impact very large

3) Who is most directly responsible to balance IT-related KRI and IT KPI?


( ) Chief Executive Officer
( ) Business process owners
( ) Chief Risk Officer
(x) Chief Information Officer

4) Which of the following is the best indicator of operational risk?


( ) Staff turnover
( ) Percentage of unscheduled downtime
( ) Number of security incidents
(x) Number of escalated help desk 'trouble tickets'

5) Strategic risk is best mitigated by


( ) Increases in IT budget

12/8/2011 1:32 PM

2 of 3

file:///C:/Users/bpankey/CRISC/criscPracticeQuiz_fall2011_AnswerSheet.htm

(x) Business management training


( ) Emerging technology skills
( ) Standardized processes

6) Which of the following risk scenarios is least appropriate for an enterprise IT-related risk register?
( ) Project delivery
( ) Service provider performance (3rd Party)
( ) Natural disaster
(x) Earthquake

7) Which of the following typically attempts to share risk?


I. User agreements (internal)
II. End user license agreements (customer)
III. Consent agreements
IV. Diffie-Hellman
[ ] I only
[x] II only
[ ] II and III
[ ] I, II, IV

8) The statement that "Industry surveys report losses of corporate laptops exceeding 10% per annum"
does not effectively communicate risk because?
(x) Does not calculate the impact of a lost laptop
( ) Fails to account for Enterprise controls
( ) Does not identify rate of recovery
( ) Does not account for Enterprise plan to migrate to smart phones

9) What is the most cost effective mitigation strategy?


( ) Minimize exposure to common risk factors
(x) Implement prevent controls for high priority risks
( ) Efficient detect controls and incident response
( ) Accept low priority risk

12/8/2011 1:32 PM

3 of 3

file:///C:/Users/bpankey/CRISC/criscPracticeQuiz_fall2011_AnswerSheet.htm

10) Which of the following controls is most important to monitor?


( ) Password quality
( ) User acceptance testing
(x) Change approval
( ) Firewall

12/8/2011 1:32 PM

Вам также может понравиться