Question 1

The PRIMARY advantage of involving end users in continuity planning is that they:

Options :

A : can see the overall impact to the business.

B : have a better understanding of specific business needs.

C : can balance the overall technical and business concerns.

D : are more objective than information security management.

Answer: B

Question 2

Which of the following should be the PRIMARY consideration when quantifying the risk associated with regulatory noncompliance?

Options :

A : Time requirements and cost of remediation

B : Cost of continuous compliance activities

C : Historical noncompliance events

D : Value of punitive penalties and fines

Answer: D

Question 3

You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?

Options :

A : risk avoidance

B : risk treatment

C : risk acceptance

D : risk transfer

Answer: A

Question 4

Which of the following should be the PRIMARY consideration when identifying and assigning ownership of IT-related risk?

Options :

A : Accountability for control operation

B : Accountability for losses due to impact

C : Ability to design controls to mitigate the risk

D : Span of control within the organization

Answer: A

Question 5

Which of the following should be the PRIMARY role of the data owner in a risk management program?

Options :

A : Maintaining data syntax rules

B : Establishing enterprise system security levels

C : Applying data classification policy

D : Specifying retention requirements

Answer: C

Higher Test Marks with Free Online CRISC Exam Practice

Buying Options: