187253_634589568388913750
3
Answer Sheet CRISC Fall 2011 Practice Quiz #1 1) What is the most significant risk for the online retailer? ( ) Criminal Internet hacker (x) Denial of service ( ) PCI DSS non-compliance ( ) Poor change management 2) Preventive controls are most appropriate where ( ) Event frequency is high (x) Impact is high ( ) Timely detect controls are unavailable ( ) Event frequency is low but impact very large 3) Who is most directly responsible to balance IT-related KRI and IT KPI? ( ) Chief Executive Officer ( ) Business process owners ( ) Chief Risk Officer (x) Chief Information Officer 4) Which of the following is the best indicator of operational risk? ( ) Staff turnover ( ) Percentage of unscheduled downtime ( ) Number of security incidents (x) Number of escalated help desk 'trouble tickets' 5) Strategic risk is best mitigated by ( ) Increases in IT budget file:///C:/Users/bpankey/CRISC/criscPracticeQuiz_fall2011_AnswerSheet.htm 1 of 3 12/8/2011 1:32 PM
-
Upload
envisage123 -
Category
Documents
-
view
3 -
download
0
description
Crisc
Transcript of 187253_634589568388913750
-
Answer Sheet
CRISC Fall 2011 Practice Quiz #1
1) What is the most significant risk for the online retailer?
( ) Criminal Internet hacker
(x) Denial of service
( ) PCI DSS non-compliance
( ) Poor change management
2) Preventive controls are most appropriate where
( ) Event frequency is high
(x) Impact is high
( ) Timely detect controls are unavailable
( ) Event frequency is low but impact very large
3) Who is most directly responsible to balance IT-related KRI and IT KPI?
( ) Chief Executive Officer
( ) Business process owners
( ) Chief Risk Officer
(x) Chief Information Officer
4) Which of the following is the best indicator of operational risk?
( ) Staff turnover
( ) Percentage of unscheduled downtime
( ) Number of security incidents
(x) Number of escalated help desk 'trouble tickets'
5) Strategic risk is best mitigated by
( ) Increases in IT budget
file:///C:/Users/bpankey/CRISC/criscPracticeQuiz_fall2011_AnswerSheet.htm
1 of 3 12/8/2011 1:32 PM
-
(x) Business management training
( ) Emerging technology skills
( ) Standardized processes
6) Which of the following risk scenarios is least appropriate for an enterprise IT-related risk register?
( ) Project delivery
( ) Service provider performance (3rd Party)
( ) Natural disaster
(x) Earthquake
7) Which of the following typically attempts to share risk?I. User agreements (internal)II. End user license agreements (customer)III. Consent agreementsIV. Diffie-Hellman
[ ] I only
[x] II only
[ ] II and III
[ ] I, II, IV
8) The statement that "Industry surveys report losses of corporate laptops exceeding 10% per annum"does not effectively communicate risk because?
(x) Does not calculate the impact of a lost laptop
( ) Fails to account for Enterprise controls
( ) Does not identify rate of recovery
( ) Does not account for Enterprise plan to migrate to smart phones
9) What is the most cost effective mitigation strategy?
( ) Minimize exposure to common risk factors
(x) Implement prevent controls for high priority risks
( ) Efficient detect controls and incident response
( ) Accept low priority risk
file:///C:/Users/bpankey/CRISC/criscPracticeQuiz_fall2011_AnswerSheet.htm
2 of 3 12/8/2011 1:32 PM
-
10) Which of the following controls is most important to monitor?
( ) Password quality
( ) User acceptance testing
(x) Change approval
( ) Firewall
file:///C:/Users/bpankey/CRISC/criscPracticeQuiz_fall2011_AnswerSheet.htm
3 of 3 12/8/2011 1:32 PM
