ISACA CRISC学習指導: Certified in Risk and Information Systems Control - JPNTest クリア試験をアシストISACAのCRISC認証試験はIT業界にとても重要な地位があることがみんなが、たやすくその証本をとることはではありません。いまの市場にとてもよい問題集が探すことは難しいです。JPNTestは認定で優秀なIT資料のウエブサイトで、ここでISACA CRISC認定試験「Certified in Risk and Information Systems Control」の先輩の経験と暦年の試験の材料を見つけることができるとともに部分の最新の試験の題目と詳しい回答を無料にダウンロードこともできますよ。 ISACA Certified in Risk and Information Systems Control 認定 CRISC 試験問題 (Q52-Q57):質問 # 52
A recent big data project has resulted in the creation of an application used to support important investment decisions. Which of the following should be of GREATEST concern to the risk practitioner?
A. System integration
B. Data redundancy
C. Maintenance costs
D. Data quality
正解:D
解説:
The greatest concern for the risk practitioner when a big data project has resulted in the creation of an application used to support important investment decisions is the data quality. Data quality is the degree to which the data is accurate, complete, consistent, reliable, relevant, and timely. Data quality is essential for the success of any big data project, as it affects the validity and reliability of the analysis and the outcomes. Poor data quality could lead to erroneous or misleading results, which could have negative consequences for the investment decisions and the organization's performance and reputation. The other options are not as concerning as the data quality, although they may also pose some challenges or risks for the big data project.
Maintenance costs, data redundancy, and system integration are all factors that could affect the efficiency and effectiveness of the big data project, but they do not directly affect the accuracy and reliability of the analysis and the outcomes. References = Risk and Information Systems Control Study Manual, Chapter 3, Section
3.3.1, page 3-20.
質問 # 53
What are the steps that are involved in articulating risks? Each correct answer represents a complete solution. Choose three.
A. Identify the response
B. Interpret independent risk assessment findings.
C. Identify business opportunities.
D. Communicate risk analysis results and report risk management activities and the state of compliance.
正解:B、C、D
解説:
Explanation/Reference:
Explanation:
Following are the tasks that are involved in articulating risk:
Communicate risk analysis results.
Report risk management activities and the state of compliance.
Interpret independent risk assessment findings.
Identify business opportunities.
質問 # 54
Which of the following key risk indicators (KRIs) is MOST effective for monitoring risk related to a bring your own device (BYOD) program?
A. Number of incidents originating from BYOD devices
B. Budget allocated to the BYOD program security controls
C. Number of users who have signed a BYOD acceptable use policy
D. Number of devices enrolled in the BYOD program
正解:C
質問 # 55
Which of the following would be MOST beneficial as a key risk indicator (KRI)?
A. Project cost variances
B. Annualized loss projections
C. Current capital allocation reserves
D. Negative security return on investment (ROI)
正解:B
質問 # 56
The following is the snapshot of a recently approved IT risk register maintained by an organization's information security department.
After implementing countermeasures listed in ''Risk Response Descriptions'' for each of the Risk IDs, which of the following component of the register MUST change?
A. Risk Impact Rating
B. Risk Exposure
C. Risk Owner
D. Risk Likelihood Rating
正解:B
解説:
Risk exposure is the product of risk likelihood and risk impact ratings. It represents the potential loss or damage that may result from a risk event. After implementing countermeasures, the risk likelihood and/or impact ratings may change, depending on the effectiveness of the countermeasures. Therefore, the risk exposure must also change to reflect the updated risk ratings. The other components of the register, such as risk owner, risk impact rating, and risk likelihood rating, may or may not change depending on the nature and scope of the countermeasures. References = Risk and Information Systems Control Study Manual, Chapter 2:
IT Risk Assessment, Section 2.4: IT Risk Response, page 87.
