Free ISACA CRISC Übungsprüfungen - Seite 22 von 65

Question #211

The PRIMARY purpose of vulnerability assessments is to:

A . provide clear evidence that the system is sufficiently secure.
B . determine the impact of potential threats.
C . test intrusion detection systems (IDS) and response procedures.
D . detect weaknesses that could lead to system compromise.

Question #212

An organization has established a policy prohibiting ransom payments if subjected to a ransomware attack.

Which of the following is the MOST effective control to support this policy?

A . Conducting periodic vulnerability scanning
B . Creating immutable backups
C . Performing required patching
D . Implementing continuous intrusion detection monitoring

Lösung einblenden Lösung ausblenden

Question #213

Which of the following is the PRIMARY purpose for ensuring senior management understands the organization’s risk universe in relation to the IT risk management program?

A . To define effective enterprise IT risk appetite and tolerance levels
B . To execute the IT risk management strategy in support of business objectives
C . To establish business-aligned IT risk management organizational structures
D . To assess the capabilities and maturity of the organization’s IT risk management efforts

Lösung einblenden Lösung ausblenden

Question #214

Which of the following criteria is MOST important when developing a response to an attack that would compromise data?

A . The recovery time objective (RTO)
B . The likelihood of a recurring attack
C . The organization’s risk tolerance
D . The business significance of the information

Lösung einblenden Lösung ausblenden

Question #215

Which of the following BEST facilitates the development of effective IT risk scenarios?

A . Utilization of a cross-functional team
B . Participation by IT subject matter experts
C . Integration of contingency planning
D . Validation by senior management

Lösung einblenden Lösung ausblenden

Question #216

Which of the following is BEST used to aggregate data from multiple systems to identify abnormal behavior?

A . Cyber threat intelligence
B . Anti-malware software
C . Endpoint detection and response (EDR)
D . SIEM systems

Lösung einblenden Lösung ausblenden

Question #217

Which of the following is the MOST useful information an organization can obtain from external sources about emerging threats?

A . Solutions for eradicating emerging threats
B . Cost to mitigate the risk resulting from threats
C . Indicators for detecting the presence of threatsl)
D . Source and identity of attackers

Lösung einblenden Lösung ausblenden

Richtige Antwort: C
C

Explanation:

• External sources of emerging threats are sources that provide information about the latest cyberattacks, hacking techniques, malware, and vulnerabilities that can affect an organization’s IT systems and data. Examples of external sources are security blogs, forums, newsletters, reports, and alerts from reputable organizations such as ISACA, Imperva, Aura, and BitSight123.

• The most useful information an organization can obtain from external sources is the indicators for detecting the presence of threats. Indicators are observable signs or patterns that can help identify, prevent, or mitigate cyberattacks. Examples of indicators are IP addresses, domain names, file hashes, network traffic, system logs, and user behavior4.

• Indicators for detecting the presence of threats are more useful than the other options because they can help an organization to:

o Monitor and analyze its IT environment for any suspicious or malicious activity

o Respond quickly and effectively to any potential or actual incidents

o Reduce the impact and damage of cyberattacks

o Improve its security posture and resilience

• Solutions for eradicating emerging threats are not the most useful information because they may not be applicable or effective for every organization, depending on its specific context, needs, and resources. Moreover, solutions may not be available or known for some new or sophisticated threats.

• Cost to mitigate the risk resulting from threats is not the most useful information because it does not help an organization to identify or prevent cyberattacks. Cost is only one factor to consider when deciding how to manage IT risk, and it may not reflect the true value or impact of the threats.

• Source and identity of attackers are not the most useful information because they may not be relevant or accurate for every organization. Source and identity of attackers are often difficult to trace or verify, and they may not affect the organization’s risk level or response strategy.

Reference: =

• Risk and Information Systems Control Study Manual, 7th Edition, ISACA, 2020, Chapter 2: IT Risk Assessment, Section 2.3: Risk Identification, pp. 83-84

• Risk and Information Systems Control Review Questions, Answers & Explanations Database, 12 Month Subscription, ISACA, 2020, Question ID: 100000

Question #218

Which of the following BEST measures the efficiency of an incident response process?

A . Number of incidents escalated to management
B . Average time between changes and updating of escalation matrix
C . Average gap between actual and agreed response times
D . Number of incidents lacking responses

Lösung einblenden Lösung ausblenden

Question #219

Which of the following is the GREATEST benefit of a three lines of defense structure?

A . An effective risk culture that empowers employees to report risk
B . Effective segregation of duties to prevent internal fraud
C . Clear accountability for risk management processes
D . Improved effectiveness and efficiency of business operations

Lösung einblenden Lösung ausblenden

Question #220

Which of the following is the MOST effective way to help ensure an organization’s current risk scenarios are relevant?

A . Adoption of industry best practices
B . Involvement of stakeholders in risk assessment
C . Review of risk scenarios by independent parties
D . Documentation of potential risk in business cases

Lösung einblenden Lösung ausblenden