Free ISACA CRISC Übungsprüfungen - Seite 57 von 65

Question #561

What information is MOST helpful to asset owners when classifying organizational assets for risk assessment?

A . Potential loss to tie business due to non-performance of the asset
B . Known emerging environmental threats
C . Known vulnerabilities published by the asset developer
D . Cost of replacing the asset with a new asset providing similar services

Question #562

If concurrent update transactions to an account are not processed properly, which of the following will MOST likely be affected?

A . Confidentiality
B . Accountability
C . Availability
D . Integrity

Lösung einblenden Lösung ausblenden

Question #563

A key risk indicator (KRI) threshold has reached the alert level, indicating data leakage incidents are highly probable.

What should be the risk practitioner’s FIRST course of action?

A . Update the KRI threshold.
B . Recommend additional controls.
C . Review incident handling procedures.
D . Perform a root cause analysis.

Lösung einblenden Lösung ausblenden

Richtige Antwort: C
C

Explanation:

A key risk indicator (KRI) is a metric that measures the level of risk exposure or the likelihood of a risk event1. A KRI threshold is a predefined value or range that triggers an alert or action when the KRI reaches or exceeds it2. A data leakage incident is an unauthorized or accidental exposure of sensitive or confidential data to external parties3.

When a KRI threshold reaches the alert level, indicating that data leakage incidents are highly probable, the risk practitioner’s first course of action should be to review the incident handling procedures. Incident handling procedures are the plans and actions to be taken in the event of a data breach or security incident, such as data leakage4.

Reviewing the incident handling procedures can help the risk practitioner to:

Verify the roles and responsibilities of the incident response team and other stakeholders Confirm the communication and escalation channels and protocols

Identify the tools and resources available for incident detection, containment, analysis, eradication, recovery, and reporting

Evaluate the readiness and preparedness of the organization to respond to a data leakage incident Update or revise the procedures as needed to reflect the current situation and risk level Reviewing the incident handling procedures can help the risk practitioner to ensure that the organization can respond to a data leakage incident effectively and efficiently, minimizing the potential or expected impact on the organization’s operations, reputation, or objectives.

The other options are not the first course of action for the risk practitioner, although they may be relevant or necessary at later stages of the risk management process. Updating the KRI threshold, which means adjusting the value or range that triggers an alert or action, may be appropriate if the KRI threshold is too high or too low, but it does not address the imminent risk of data leakage or the response plan. Recommending additional controls, which means suggesting new or improved measures to prevent, detect, or mitigate data leakage, may be useful for reducing the risk exposure or impact, but it does not ensure that the organization is ready or capable to handle a data leakage incident. Performing a root cause analysis, which means finding and identifying the underlying factors that contributed to the risk event, may be helpful for learning from the incident and improving the risk management strategy, but it is usually done after the incident has occurred and resolved, not before.

Reference: = Key Risk Indicators: Definition, Examples, and Best Practices, KRI Framework for Operational Risk Management | Workiva, What is Data Leakage? Definition, Causes, and Prevention, Incident Response Planning: Best Practices for Businesses

Question #564

Which of the following is the PRIMARY reason for an organization to include an acceptable use banner when users log in?

A . To reduce the likelihood of insider threat
B . To eliminate the possibility of insider threat
C . To enable rapid discovery of insider threat
D . To reduce the impact of insider threat

Lösung einblenden Lösung ausblenden

Question #565

A recent internal risk review reveals the majority of core IT application recovery time objectives (RTOs) have exceeded the maximum time defined by the business application owners.

Which of the following is MOST likely to change as a result?

A . Risk forecasting
B . Risk tolerance
C . Risk likelihood
D . Risk appetite

Lösung einblenden Lösung ausblenden

Richtige Antwort: B
B

Explanation:

Recovery time objectives (RTOs) are the maximum acceptable time frames for restoring the critical functions and processes after a disruption1. RTOs are derived from the business impact analysis (BIA) and reflect the organization’s risk appetite, which is the amount of risk that an organization is willing to accept to achieve its objectives2. Risk tolerance is the level of risk a company is willing to tolerate, and it is affected by a number of factors, including how much uncertainty or financial loss can be tolerated and where those losses will impact operations3. Risk tolerance is used to measure if the risk exposure is within the risk appetite and to implement controls to reduce the residual risk to an acceptable level2. If the majority of core IT application RTOs have exceeded the maximum time defined by the business application owners, it means that the organization is not meeting its risk appetite and is exposed to more risk than it can accept. Therefore, the most likely change as a result is to adjust the risk tolerance to reflect the current reality and to take actions to improve the recovery capabilities and reduce the risk exposure4. Risk forecasting is the process of estimating the potential outcomes and impacts of future events that may affect the organization’s objectives5. Risk forecasting may change as a result of the RTOs exceeding the maximum time, but it is not the most likely change, as it does not directly address the gap between the risk appetite and the risk exposure. Risk likelihood is the probability of a risk event occurring5. Risk likelihood may change as a result of the RTOs exceeding the maximum time, but it is not the most likely change, as it does not directly measure the impact of the risk event on the organization’s objectives. Risk appetite is the amount of risk that an organization is willing to accept to achieve its objectives2. Risk appetite may change as a result of the RTOs exceeding the maximum time, but it is not the most likely change, as it is a strategic decision that reflects the organization’s vision and mission, and not a tactical response to a specific risk event.

Reference: = Risk and Information Systems Control Study Manual, Chapter 5: Risk Response and Mitigation, Section 5.3: Business Continuity Planning, pp. 227-238.

Question #566

An organization has implemented a policy requiring staff members to take a minimum of five consecutive days‘ leave per year to mitigate the risk of malicious insider activities.

Which of the following is the BEST key performance indicator (KPI) of the effectiveness of this policy?

A . Percentage of staff turnover following five consecutive days of leave
B . Average number of consecutive days of leave per staff member
C . Number of suspected malicious activities reported since policy implementation
D . Financial loss incurred due to malicious activities since policy implementation

Lösung einblenden Lösung ausblenden

Question #567

Improvements in the design and implementation of a control will MOST likely result in an update to:

A . inherent risk.
B . residual risk.
C . risk appetite
D . risk tolerance

Lösung einblenden Lösung ausblenden

Question #568

An organization wants to transfer risk by purchasing cyber insurance.

Which of the following would be MOST important for the risk practitioner to communicate to senior management for contract negotiation purposes?

A . Most recent IT audit report results
B . Replacement cost of IT assets
C . Current annualized loss expectancy report
D . Cyber insurance industry benchmarking report

Lösung einblenden Lösung ausblenden

Question #569

Which of the following is a crucial component of a key risk indicator (KRI) to ensure appropriate action is taken to mitigate risk?

A . Management intervention
B . Risk appetite
C . Board commentary
D . Escalation triggers

Lösung einblenden Lösung ausblenden

Richtige Antwort: D
D

Explanation:

The best answer is

D. Escalation triggers. Escalation triggers are predefined thresholds or conditions that indicate when a key risk indicator (KRI) has reached a critical level that requires immediate attention or action. Escalation triggers can be based on quantitative or qualitative measures, such as percentages, scores, ratings, or colors. Escalation triggers can help to ensure appropriate action is taken to mitigate risk, because they provide clear and timely signals that alert the risk owners, managers, and other stakeholders of the need to review and revise the risk response plan, or to implement additional or alternative controls. Escalation triggers can also help to communicate and report the risk status and the risk response actions to the senior management and the board, and to obtain their support and approval, if needed. The other options are not the best answer, although they may be related or influential to the KRI and the risk mitigation. Management intervention is a part of the risk response process, which involves the actions and decisions taken by the management to address the risk, such as approving, implementing, or monitoring the controls. Management intervention can help to mitigate risk, but it is not a component of the KRI, rather it is a consequence or a result of the escalation triggers. Risk appetite is the amount and type of risk that an organization is willing to accept or pursue in order to achieve its objectives. Risk appetite can help to define and align the KRI and the escalation triggers with the organizational strategy and culture, but it is not a component of the KRI, rather it is a factor or a driver of the KRI. Board commentary is a part of the risk reporting process, which involves the feedback and guidance provided by the board on the risk management process and performance. Board commentary can help to improve and enhance the KRI and the risk mitigation, but it is not a component of the KRI, rather it is a source or a resource of the KRI.

Reference: = Key Risk Indicators: A Practical Guide | SafetyCulture, KRI Framework for Operational Risk Management | Workiva

Question #570

Which of the following is MOST helpful in verifying that the implementation of a risk mitigation control has been completed as intended?

A . An updated risk register
B . Risk assessment results
C . Technical control validation
D . Control testing results

Lösung einblenden Lösung ausblenden