Free ISACA CRISC Übungsprüfungen - Seite 58 von 65

Question #571

Management has noticed storage costs have increased exponentially over the last 10 years because most users do not delete their emails.

Which of the following can BEST alleviate this issue while not sacrificing security?

A . Implementing record retention tools and techniques
B . Establishing e-discovery and data loss prevention (DLP)
C . Sending notifications when near storage quota
D . Implementing a bring your own device 1BVOD) policy

Lösung einblenden Lösung ausblenden

Question #572

Which of the following is the BEST approach for determining whether a risk action plan is effective?

A . Comparing the remediation cost against budget
B . Assessing changes in residual risk
C . Assessing the inherent risk
D . Monitoring changes of key performance indicators (KPIs)

Lösung einblenden Lösung ausblenden

Question #573

The PRIMARY reason a risk practitioner would be interested in an internal audit report is to:

A . plan awareness programs for business managers.
B . evaluate maturity of the risk management process.
C . assist in the development of a risk profile.
D . maintain a risk register based on noncompliance.

Lösung einblenden Lösung ausblenden

Question #574

When establishing leading indicators for the information security incident response process it is MOST important to consider the percentage of reported incidents:

A . that results in a full root cause analysis.
B . used for verification within the SLA.
C . that are verified as actual incidents.
D . resolved within the SLA.

Lösung einblenden Lösung ausblenden

Richtige Antwort: D
D

Explanation:

When establishing leading indicators for the information security incident response process, it is most important to consider the percentage of reported incidents that are resolved within the service level agreement (SLA). A leading indicator is a metric that can predict or influence the future performance or outcome of a process or activity. A leading indicator for the information security incident response process should measure how well the process is achieving its objectives, such as minimizing the impact of incidents, restoring normal operations as quickly as possible, and preventing recurrence of incidents. The percentage of reported incidents that are resolved within the SLA is a leading indicator that reflects the efficiency and effectiveness of the information security incident response process. It shows how well the process is meeting the expectations and requirements of the stakeholders, such as the business units, customers, and regulators. It also shows how well the process is managing the resources, such as time, budget, and personnel, that are allocated for incident response. A high percentage of reported incidents that are resolved within the SLA indicates that the information security incident response process is performing well and delivering value to the organization. A low percentage of reported incidents that are resolved within the SLA indicates that the information security incident response process is facing challenges and needs improvement. The percentage of reported incidents that are resolved within the SLA can also help identify the root causes of incidents, the gaps in the process, and the areas for improvement. For example, if the percentage of reported incidents that are resolved within the SLA is low, it may indicate that the process has issues with the following aspects: – Incident detection and reporting: The process may not have adequate tools, techniques, or procedures to detect and report incidents in a timely and accurate manner. – Incident prioritization and classification: The process may not have clear and consistent criteria to prioritize and classify incidents based on their severity, impact, and urgency. – Incident analysis and investigation: The process may not have sufficient skills, knowledge, or evidence to analyze and investigate the incidents and determine their root causes, scope, and consequences. – Incident containment and eradication: The process may not have effective methods or measures to contain and eradicate the incidents and prevent them from spreading or escalating. – Incident recovery and restoration: The process may not have reliable backup and recovery plans or systems to restore the normal operations and functionality of the affected systems or services. – Incident communication and escalation: The process may not have proper communication and escalation channels or protocols to inform and involve the relevant stakeholders, such as the management, the users, the vendors, or the authorities. – Incident documentation and closure: The process may not have adequate documentation and closure procedures to record and report the incidents and their resolution. – Incident review and improvement: The process may not have regular review and improvement activities to evaluate and enhance the process and its performance. Therefore, the percentage of reported incidents that are resolved within the SLA is the most important leading indicator for the information security incident response process, as it can provide valuable insights and feedback for the process and its improvement.

Reference: = Information Security Incident Response | Process Street1, Key Performance Indicators (KPIs) for Security Operations and Incident Response2, 7 Incident Response Metrics and How to Use Them3

Question #575

Which of the following controls would BEST reduce the risk of account compromise?

A . Enforce password changes.
B . Enforce multi-factor authentication (MFA).
C . Enforce role-based authentication.
D . Enforce password encryption.

Lösung einblenden Lösung ausblenden

Question #576

A financial institution has identified high risk of fraud in several business applications.

Which of the following controls will BEST help reduce the risk of fraudulent internal transactions?

A . Periodic user privileges review
B . Log monitoring
C . Periodic internal audits
D . Segregation of duties

Lösung einblenden Lösung ausblenden

Question #577

Which of the following controls BEST enables an organization to ensure a complete and accurate IT asset inventory?

A . Prohibiting the use of personal devices for business
B . Performing network scanning for unknown devices
C . Requesting an asset list from business owners
D . Documenting asset configuration baselines

Lösung einblenden Lösung ausblenden

Question #578

Who is MOST likely to be responsible for the coordination between the IT risk strategy and the business risk strategy?

A . Chief financial officer
B . Information security director
C . Internal audit director
D . Chief information officer

Lösung einblenden Lösung ausblenden

Question #579

An organization has decided to implement a new Internet of Things (loT) solution.

Which of the following should be done FIRST when addressing security concerns associated with this new technology?

A . Develop new loT risk scenarios.
B . Implement loT device monitoring software.
C . Introduce controls to the new threat environment.
D . Engage external security reviews.

Lösung einblenden Lösung ausblenden

Question #580

Which of the following should be considered when selecting a risk response?

A . Risk scenarios analysis
B . Risk response costs
C . Risk factor awareness
D . Risk factor identification

Lösung einblenden Lösung ausblenden