Free ISACA CRISC Übungsprüfungen - Seite 12 von 65

Question #111

In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner’s BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

A . two-factor authentication.
B . continuous data backup controls.
C . encryption for data at rest.
D . encryption for data in motion.

Lösung einblenden Lösung ausblenden

Question #112

Which of the following is MOST important information to review when developing plans for using emerging technologies?

A . Existing IT environment
B . IT strategic plan
C . Risk register
D . Organizational strategic plan

Lösung einblenden Lösung ausblenden

Question #113

A review of an organization s controls has determined its data loss prevention {DLP) system is currently failing to detect outgoing emails containing credit card data.

Which of the following would be MOST impacted?

A . Key risk indicators (KRls)
B . Inherent risk
C . Residual risk
D . Risk appetite

Lösung einblenden Lösung ausblenden

Question #114

Which risk response strategy could management apply to both positive and negative risk that has been identified?

A . Transfer
B . Accept
C . Exploit
D . Mitigate

Lösung einblenden Lösung ausblenden

Question #115

Who should be responsible for determining which stakeholders need to be involved in the development of a risk scenario?

A . Risk owner
B . Risk practitioner
C . Compliance manager
D . Control owner

Lösung einblenden Lösung ausblenden

Question #116

A risk assessment has identified that an organization may not be in compliance with industry regulations.

The BEST course of action would be to:

A . conduct a gap analysis against compliance criteria.
B . identify necessary controls to ensure compliance.
C . modify internal assurance activities to include control validation.
D . collaborate with management to meet compliance requirements.

Lösung einblenden Lösung ausblenden

Question #117

Which of the following poses the GREATEST risk to an organization’s operations during a major it transformation?

A . Lack of robust awareness programs
B . infrequent risk assessments of key controls
C . Rapid changes in IT procedures
D . Unavailability of critical IT systems

Lösung einblenden Lösung ausblenden

Question #118

Which of the following would BEST help to address the risk associated with malicious outsiders modifying application data?

A . Multi-factor authentication
B . Role-based access controls
C . Activation of control audits
D . Acceptable use policies

Lösung einblenden Lösung ausblenden

Question #119

An organization recently implemented a cybersecurity awareness program that includes phishing simulation exercises for all employees.

What type of control is being utilized?

A . Preventive
B . Detective
C . Compensating
D . Deterrent

Lösung einblenden Lösung ausblenden

Question #120

A rule-based data loss prevention {DLP) tool has recently been implemented to reduce the risk of sensitive data leakage.

Which of the following is MOST likely to change as a result of this implementation?

A . Risk likelihood
B . Risk velocity
C . Risk appetite
D . Risk impact

Lösung einblenden Lösung ausblenden

Richtige Antwort: A
A

Explanation:

A rule-based data loss prevention (DLP) tool is a software solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. It can help an organization monitor and protect sensitive information across on-premises systems, cloud-based locations, and endpoint devices. It can also help an organization comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR). A rule-based DLP tool works by comparing content to the organization’s DLP policy, which defines how the organization labels, shares, and protects data without exposing it to unauthorized users. The tool can then apply protective actions such as encryption, access restrictions, and alerts. As a result of implementing a rule-based DLP tool, the most likely change is the reduction of risk likelihood, which is the probability of a risk event occurring. By detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data, a rule-based DLP tool can lower the chance of such incidents happening and thus decrease the risk likelihood. The other options are less likely to change as a result of implementing a rule-based DLP tool. Risk velocity is the speed at which a risk event impacts an organization, which depends on factors such as the nature of the threat, the response time, and the recovery process. Risk appetite is the amount and type of risk that an organization is willing to accept in pursuit of its objectives, which depends on factors such as the organization’s culture, strategy, and stakeholder expectations. Risk impact is the potential loss or damage that a risk event can cause to an organization, which depends on factors such as the severity of the incident, the extent of the exposure, and the resilience of the organization. While a rule-based DLP tool may have some influence on these factors, it is not the primary driver of change for them.

Reference: = Risk IT Framework, ISACA, 2022, p. 13