CRISC_Q_A.pdf | Information Security

Please download to get full document.

View again

of 212
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report



Views: 14 | Pages: 212

Extension: PDF | Download: 1

Related documents
e Certified in Risk ã and Information SC Systems Control AnISACA CertIIIelUon TABLE OF CONTENTS TABLE OF CONTENTS PREFACE iii ACKNOWLEDGMENTS
  e Certified in Riskã and Information SC  Systems Control A n IS A C A C ertIIIelU on TABLE OF CONTENTS TABLE OF CONTENTS PREFACE  iii ACKNOWLEDGMENTS  iv NEW-CRISC JOB  PRACTICE  V INTRODUCTION ixDOCUMENT STRUCTURE ixTYPES OF QUESTIONS ON THE CRISC EXAM  X PRETEST  xi QUESTIONS, ANSWERS AND EXPLANATIONS BY  DOMAIN 1DOMAIN I-IT RISK IDENTIFICATION (27%) 1DOMAIN 2-IT RISK ASSESSMENT (28%) 43DOMAIN 3-RISK RESPONSE AND MITIGATION (23%) 89DOMAIN 4--RISK AND CONTROL MONITORING AND REPORTING (22%) 145 POSTTEST  179 SAMPLE  EXAM 181 SAMPLE EXAM ANSWER AND REFERENCE  KEY 203 SAMPLE EXAM ANSWER SHEET (PRETEST)  205 SAMPLE EXAM ANSWER SHEET (POSTTEST)  207 EVALUATION  209 PREPARE FOR THE 2015 CRISC EXAMS  210 CRISCReview Questions, Answers   & Explanations   Manual 2015  ISACA. All Rights Reserved. vii  e Certified in Risk ã and Information C  Systems Control AnISACA'CertiflcllUon Page intentionally left blank viii  CRISC Review Questions, Answers   & Explanations   Manual 2015  ISACA.  All  Rights Reserved.  e Certified in Riskã and Information C  ~ ~ : . : ~ , ~ : ~ r o l  INTRODUCTION INTRODUCTION The  CRISCTMReview Questions, Answers  &  Explanations Manual 2015  has been developed to assist the CRISC candidatein studying and preparing for the CRISC exam. As you use this publication to prepare for the exam, please note that theexam covers a broad spectrum of IS control solutions and how they relate to business and  IT  risk management issues. Donot assume that reading and working the questions in this manual will fully prepare you for the exam. Since exam questionsoften relate to practical experience, CRISC candidates are advised to refer to their own experience and to other publicationsand frameworks referred to in the  CRISCTMReview Manual 2015,  such as the COBIT 5 framework and  COBIT   5  for Risk. These additional references are excellent sources of further detailed information and clarification.  It is suggested thatcandidates evaluate the domains in which they feel weak or require a further understanding and then study accordingly. DOCUMENT STRUCTURE This manual consists of 400 sample multiple-choice questions, answers and explanations. These questions are provided intwo formats:1. Questions Sorted by Domain2. Sample Exam 1.  Questions Sorted by Domain Questions, answers and explanations are provided (sorted) by CRISC job practice domains. This allows the CRISC candidateto refer to specific questions to evaluate comprehension of the topics covered within each domain. These questions arerepresentative of CRISC questions, although they are not actual exam items. They are provided to assist the CRISCcandidate in understanding the material in the  CRISCTMReview Manual 2015  and to depict the type of question formattypically found on the CRISC exam. The numbers of questions, answers and explanations provided in the four domainchapters in this publication provide the CRISC candidate with a maximum number of study questions. Scenarios Some of the questions are presented in scenarios. Scenarios are mini-case studies that describe a situation or an enterpriseand require candidates to answer one or more questions based on the information provided. A scenario can focus on one ormore domains. The CRISC exam may include scenario questions. 2. Sample Exam A random sample exam of 150 of the questions is also provided in this manual.  This exam is organized according to thedomain percentages specified in the CRISC job practice and used on the CRISC exam: Domain I-IT Risk Identification 27 percentDomain 2-IT Risk Assessment. 28 percentDomain 3-Risk Response and Mitigation 23 percentDomain 4--Risk and Control Monitoring and Reporting 22 percentCandidates are urged to use this sample exam and the answer sheets provided in this publication to simulate an actualexam. Many candidates use this sample exam as a pretest to determine their specific strengths or weaknesses, or as a finaltest to determine their readiness to sit for the exam. Sample exam answer sheets have been provided for both uses, and ananswer/reference key is included. These sample exam questions have been cross-referenced to the questions, answers andexplanations by domain so it is convenient to refer back to the explanations of the correct answers. This publication is idealto use in conjunction with the  CRISC™ Review Questions, Answers  &  Explanation Manual 2015 Supplement. CRISCReview Questions, Answers   & Explanations   Manual 2015  ISACA. All Rights Reserved. ix  INTRODUCTION e Certified in Riskã and Information C  ~ ~ : ' : i ~ : t r o r It should be noted that the  CR1SC™ Review Questions, Answers  &  Explanations Manual 2015  has been developed to assistthe CRISC candidate in studying and preparing for the CRISC exam. As you use this publication for the exam, pleaserecognize that individual perceptions and experiences may not reflect the more global position or circumstance. Since theCRISC exam and manuals are written from a global perspective, the candidate will be required to be somewhat flexiblewhen reading about a condition that may be contrary to the candidate's experience.  It should be noted that actual CRISCexam questions are written by experienced IS risk and control practitioners from around the world. Each question on theexam is reviewed by ISACA's CRISC Test Enhancement Subcommittee and ISACA's CRISC Certification Committee, bothof which consist of international members. This geographic representation ensures that all test questions will be understoodequally in each country and language.Also, please note that this publication has been written using standard American English. TYPES OF QUESTIONS ON THE CRISC EXAM CRISC exam questions are developed with the intent of measuring and testing practical knowledge and applying generalconcepts and standards. As previously mentioned, all questions are presented in a multiple choice format and are designedfor one best answer.The candidate is cautioned to read each question carefully. Many times, a CRISC exam question will require the candidateto choose the appropriate answer that is  MOST  likely or  BEST.  Other times, a candidate may be asked to choose a practiceor procedure that would be performed  FIRST  related to the other choices.  In every case, the candidate is required to readthe question carefully, eliminate known wrong choices and then make the best choice possible. Knowing that these types of questions are asked and how to study to answer them will go a long way toward answering them correctly.Each CRISC question has a stem (question) and four choices (answers). The candidate is asked to choose the best answerfrom the choices. The stem may be in the form of a question or an incomplete statement. In some instances, a scenario ordescription problem may also be included. These questions normally include a description of a situation and require thecandidate to answer two or more questions based on the information provided.Note: ISACA reyiew manuals are living documents. As technology advances; ISACA manuels will be updated toretJect such advances. Further updates or corrections to this document before the date of the exam may be viewed at wWw.isaca.orglstudyaidupdate;s. Any suggestions to enhance the materials covered herein, or reference materials, should be submitted online at www.isaca.orglstudyaidsevaluation. x  CRISC Review Questions, Answers   &  Explanations   Manual 2015  ISACA. All Rights  Reserved.
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks