Free ISACA CRISC Übungsprüfungen - Seite 21 von 65

Question #201

It is MOST important for a risk practitioner to have an awareness of an organization s processes in order to:

A . perform a business impact analysis.
B . identify potential sources of risk.
C . establish risk guidelines.
D . understand control design.

Question #202

An organization is analyzing the risk of shadow IT usage.

Which of the following is the MOST important input into the assessment?

A . Business benefits of shadow IT
B . Application-related expresses
C . Classification of the data
D . Volume of data

Lösung einblenden Lösung ausblenden

Question #203

Which of the following is the MOST important success factor when introducing risk management in an organization?

A . Implementing a risk register
B . Defining a risk mitigation strategy and plan
C . Assigning risk ownership
D . Establishing executive management support

Lösung einblenden Lösung ausblenden

Question #204

An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program.

The PRIMARY goal of this program should be to:

A . reduce the risk to an acceptable level.
B . communicate the consequences for violations.
C . implement industry best practices.
D . reduce the organization’s risk appetite

Lösung einblenden Lösung ausblenden

Question #205

Which of the following will be MOST effective in uniquely identifying the originator of electronic transactions?

A . Digital signature
B . Edit checks
C . Encryption
D . Multifactor authentication

Lösung einblenden Lösung ausblenden

Question #206

A newly hired risk practitioner finds that the risk register has not been updated in the past year.

What is the risk practitioner’s BEST course of action?

A . Identify changes in risk factors and initiate risk reviews.
B . Engage an external consultant to redesign the risk management process.
C . Outsource the process for updating the risk register.
D . Implement a process improvement and replace the old risk register.

Lösung einblenden Lösung ausblenden

Question #207

Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization’s security incident handling process?

A . The number of security incidents escalated to senior management
B . The number of resolved security incidents
C . The number of newly identified security incidents
D . The number of recurring security incidents

Lösung einblenden Lösung ausblenden

Richtige Antwort: D
D

Explanation:

A security incident handling process is a set of procedures and activities that aim to identify, analyze, contain, eradicate, recover from, and learn from security incidents that affect the confidentiality, integrity, or availability of information assets12.

The maturity of a security incident handling process is the degree to which the process is defined, managed, measured, controlled, and improved, and the extent to which it meets the organization’s objectives and expectations34.

The best key performance indicator (KPI) to measure the maturity of a security incident handling process is the number of recurring security incidents, which is the frequency or rate of security incidents that are repeated or reoccur after being resolved or closed56.

The number of recurring security incidents is the best KPI because it reflects the effectiveness and efficiency of the security incident handling process, and the ability of the process to prevent or reduce the recurrence of security incidents through root cause analysis, corrective actions, and continuous improvement56.

The number of recurring security incidents is also the best KPI because it is directly related to the organization’s objectives and expectations, such as minimizing the impact and cost of security incidents, enhancing the security posture and resilience of the organization, and complying with the relevant standards and regulations56.

The other options are not the best KPIs, but rather possible metrics that may support or complement the measurement of the maturity of the security incident handling process.

For example:

The number of security incidents escalated to senior management is a metric that indicates the severity or complexity of security incidents, and the involvement or awareness of the senior management in the security incident handling process56. However, this metric does not measure the effectiveness or efficiency of the process, or the ability of the process to prevent or reduce security incidents56.

The number of resolved security incidents is a metric that indicates the output or outcome of the security incident handling process, and the performance or productivity of the security incident handling team56. However, this metric does not measure the quality or sustainability of the resolution, or the ability of the process to prevent or reduce security incidents56.

The number of newly identified security incidents is a metric that indicates the input or demand of the security incident handling process, and the capability or capacity of the security incident detection and identification mechanisms56. However, this metric does not measure the effectiveness or efficiency of the process, or the ability of the process to prevent or reduce security incidents56.

Reference: =

1: Computer Security Incident Handling Guide, NIST Special Publication 800-61, Revision 2, August 2012

2: ISO/IEC 27035:2016 Information technology ― Security techniques ― Information security incident management

3: Capability Maturity Model Integration (CMMI) for Services, Version 1.3, November 2010

4: COBIT 2019 Framework: Introduction and Methodology, ISACA, 2018

5: KPIs for Security Operations & Incident Response, SecurityScorecard Blog, June 7, 2021

6: Key Performance Indicators (KPIs) for Security Operations and Incident Response, DFLabs White Paper, 2018

Question #208

Which of the following key performance indicators (KPis) would BEST measure me risk of a service outage when using a Software as a Service (SaaS) vendors

A . Frequency of business continuity plan (BCP) lasting
B . Frequency and number of new software releases
C . Frequency and duration of unplanned downtime
D . Number of IT support staff available after business hours

Lösung einblenden Lösung ausblenden

Question #209

Which of the following key risk indicators (KRIs) is MOST effective for monitoring risk related to a bring your own device (BYOD) program?

A . Number of users who have signed a BYOD acceptable use policy
B . Number of incidents originating from BYOD devices
C . Budget allocated to the BYOD program security controls
D . Number of devices enrolled in the BYOD program

Lösung einblenden Lösung ausblenden

Question #209

Which of the following key risk indicators (KRIs) is MOST effective for monitoring risk related to a bring your own device (BYOD) program?

A . Number of users who have signed a BYOD acceptable use policy
B . Number of incidents originating from BYOD devices
C . Budget allocated to the BYOD program security controls
D . Number of devices enrolled in the BYOD program

Lösung einblenden Lösung ausblenden