[2022年01月] 最新のISACA CRISC認定練習テスト問題 [Q33-Q50]

Share

[2022年01月] 最新のISACA CRISC認定練習テスト問題

確認済みCRISC問題集と解答で一年間無料最速更新

質問 33
The MOST effective approach to prioritize risk scenarios is by:

  • A. evaluating the cost of risk response
  • B. soliciting input from risk management experts
  • C. assessing impact to the strategic plan
  • D. aligning with industry best practices

正解: C

解説:
Section: Volume D

 

質問 34
Prudent business practice requires that risk appetite not exceed:

  • A. inherent risk.
  • B. risk tolerance.
  • C. risk capacity.
  • D. residual risk.

正解: D

 

質問 35
You are the project manager of a HGT project that has recently finished the final compilation process. The project customer has signed off on the project completion and you have to do few administrative closure activities. In the project, there were several large risks that could have wrecked the project but you and your project team found some new methods to resolve the risks without affecting the project costs or project completion date. What should you do with the risk responses that you have identified during the project's monitoring and controlling process?

  • A. Include the risk responses in the risk management plan.
  • B. Nothing. The risk responses are included in the project's risk register already.
  • C. Include the responses in the project management plan.
  • D. Include the risk responses in the organization's lessons learned database.

正解: D

解説:
Explanation/Reference:
Explanation:
The risk responses that do not exist up till then, should be included in the organization's lessons learned database so other project managers can use these responses in their project if relevant.
Incorrect Answers:
A: The responses are not in the project management plan, but in the risk response plan during the project and they'll be entered into the organization's lessons learned database.
B: The risk responses are included in the risk response plan, but after completing the project, they should be entered into the organization's lessons learned database.
D: If the new responses that were identified is only included in the project's risk register then it may not be shared with project managers working on some other project.

 

質問 36
Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes?

  • A. Qualitative Risk Analysis
  • B. Quantitative Risk Analysis
  • C. Identify Risks
  • D. Plan Risk Management

正解: A

解説:
Explanation/Reference:
Explanation:
The purpose of qualitative risk analysis is to determine what impact the identified risk events will have on the project and the probability they'll occur. It also puts risks in priority order according to their effects on the project objectives and assigns a risk score for the project.
Incorrect Answers:
B: Risk Management is used to identify, assess, and control risks. It includes analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats. Assessing the probability and consequences of identified risks is only the part of risk management.
C: It involves listing of all the possible risks so as to cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry some level of risk with them.
D: This process does not involve assessing the probability and consequences of identified risks.
Quantitative analysis is the use of numerical and statistical techniques rather than the analysis of verbal material for analyzing risks. Some of the quantitative methods of risk analysis are:
Internal loss method

External data analysis

Business process modeling (BPM) and simulation

Statistical process control (SPC)

 

質問 37
What are the responsibilities of the CRO?
Each correct answer represents a complete solution. Choose three.

  • A. Implement corrective actions
  • B. Managing the supporting risk management function
  • C. Advising Board of Directors
  • D. Managing the risk assessment process

正解: A,B,D

解説:
Section: Volume A
Explanation:
Chief Risk Officer is the executive-level manager in an organization. They provide corporate, guidance, governance, and oversight over the enterprise's risk management activities. The main priority for the CRO is to ensure that the organization is in full compliance with applicable regulations. They may also deal with areas regarding insurance, internal auditing, corporate investigations, fraud, and information security.
CRO's responsibilities include:
* Managing the risk assessment process
* Implementation of corrective actions
* Communicate risk management issues
* Supporting the risk management functions

 

質問 38
What are the key control activities to be done to ensure business alignment?
Each correct answer represents a part of the solution. Choose two.

  • A. Periodically identify critical data that affect business operations
  • B. is incorrect. Conducting IT continuity tests on a regular basis or when there are major
    changes in the IT infrastructure is done for testing IT continuity plan. It does not ensure alignment
    with business.
  • C. Explanation:
    Business alignment require following control activities:
    Defining the business requirements for the management of data by IT.
    Periodically identifying critical data that affect business operations, in alignment with the risk
    management model and IT service as well as the business continuity plan.
  • D. Establish an independent test task force that keeps track of all events
  • E. Define the business requirements for the management of data by IT
  • F. Conduct IT continuity tests on a regular basis or when there are major changes in the IT infrastructure

正解: A,E

解説:
is incorrect. This is not valid answer.
TestsQuizNotesArticlesItemsReportsHelpBuy

 

質問 39
You are the risk professional of your enterprise. You have performed cost and benefit analysis of control that you have adopted. What are all the benefits of performing cost and benefit analysis of control? Each correct answer represents a complete solution. Choose three.

  • A. It helps making smart choices based on potential risk mitigation costs and losses
  • B. It helps in determination of the cost of protecting what is important
  • C. It helps in taking risk response decisions
  • D. It helps in providing a monetary impact view of risk

正解: A,B,D

 

質問 40
An organization maintains independent departmental risk registers that are not automatically aggregated. Which of the following is the GREATEST concern?

  • A. Multiple risk treatment efforts may be initiated to treat a given risk.
  • B. The same risk factor may be identified in multiple areas.
  • C. Resources may be inefficiently allocated.
  • D. Management may be unable to accurately evaluate the risk profile.

正解: D

 

質問 41
Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

  • A. Chief information officer (CIO)
  • B. Chief risk officer (CRO)
  • C. Business management
  • D. Business process owner

正解: B

解説:
Section: Volume A
Explanation:
Business management is the business individuals with roles relating to managing a program. They are typically accountable for analyzing risks, maintaining risk profile, and risk-aware decisions. Other than this, they are also responsible for managing risks, react to events, etc.
Incorrect Answers:
B: Business process owner is an individual responsible for identifying process requirements, approving process design and managing process performance. He/she is responsible for analyzing risks, maintaining risk profile, and risk-aware decisions but is not accounted for them.
C: CIO is the most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources. CIO has some responsibility analyzing risks, maintaining risk profile, and risk-aware decisions but is not accounted for them.

 

質問 42
Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?

  • A. Obtain an objective view of process gaps and systemic errors.
  • B. Obtain objective assessment of the control environment.
  • C. Ensure the risk profile is defined and communicated.
  • D. Validate the threat management process.

正解: B

 

質問 43
Which of the following is the BEST method to ensure a terminated employee's access to IT systems is revoked upon departure from the organization?

  • A. The human resources (HR) system automatically revokes system access
  • B. A list of terminated employees is generated for reconciliation against current IT access
  • C. A process to remove employee access during the exit interview is implemented
  • D. Login attempts are reconciled to a list of terminated employees

正解: B

解説:
Section: Volume D

 

質問 44
Which of the following would provide executive management with the BEST information to make risk decisions as a result of a risk assessment?

  • A. A quantitative presentation of risk assessment results
  • B. A comparison of risk assessment results to the desired state
  • C. An assessment of organizational maturity levels and readiness
  • D. A qualitative presentation of risk assessment results

正解: A

解説:
Section: Volume D

 

質問 45
Jeff works as a Project Manager for www.company.com Inc. He and his team members are involved in the identify risk process. Which of the following
tools & techniques will Jeff use in the identify risk process?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Information gathering technique
  • B. Documentation reviews
  • C. Risk categorization
  • D. Checklist analysis

正解: A,B,D

解説:
The various tools & techniques used in the identify risk process are as follows: Documentation reviews Information gathering technique Checklist analysis Assumption analysis Diagramming techniques SWOT analysis Expert judgment

 

質問 46
Controls should be defined during the design phase of system development because:

  • A. technical specifications are defined during this phase.
  • B. its more cost-effective to determine controls in the early design phase.
  • C. structured analysis techniques exclude identification of controls.
  • D. structured programming techniques require that controls be designed before coding begins.

正解: D

解説:
Section: Volume D

 

質問 47
Which of the following facilitates a completely independent review of test results for evaluating control effectiveness?

  • A. Segregation of duties
  • B. Three lines of defense
  • C. Quality assurance review
  • D. Compliance review

正解: B

 

質問 48
Which of the following would BEST help to address the risk associated with malicious outsiders modifying application data?

  • A. Multi-factor authentication
  • B. Activation of control audits
  • C. Role-based access controls
  • D. Acceptable use policies

正解: A

 

質問 49
Which of the following should be PRIMARILY considered while designing information systems controls?

  • A. The present IT budget
  • B. The IT strategic plan
  • C. The organizational strategic plan
  • D. The existing IT environment

正解: C

解説:
Explanation/Reference:
Explanation:
Review of the enterprise's strategic plan is the first step in designing effective IS controls that would fit the enterprise's long-term plans.
Incorrect Answers:
A: The IT strategic plan exists to support the enterprise's strategic plan but is not solely considered while designing information system control.
B: Review of the existing IT environment is also useful and necessary but is not the first step that needs to be undertaken.
D: The present IT budget is just one of the components of the strategic plan.

 

質問 50
......


ISACA CRISC 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Task and Knowledge Statements
トピック 2
  • Suggested Resources For Further Study
トピック 3
  • Confirms One’s Ability To Recognize And Gauge Threats And Vulnerabilities To The Organization’s People, Processes And Technology.
トピック 4
  • Risk and Control Monitoring and Reporting
トピック 5
  • Attests To Advanced Skill In Identifying The Current State Of Existing Controls And Evaluating Their Effectiveness For It Risk Mitigation.

 

最新の2022年最新の実際に出ると確認されたCRISC問題集で100%無料CRISC試験問題集:https://jp.fast2test.com/CRISC-premium-file.html

無料提供中2022年最新の無料更新されたISACA CRISC試験問題と解答:https://drive.google.com/open?id=1PsdbKnheydKQSC62K-uGuEq-Sksz6FcY


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어