vases ‘ppv3.sgizmo.comireportaviewi?key=41 136-870347-10549907ec6a341403.. &surveygizmo ie rere Summary Report - Dec 8, 2011 Suney: CRISC Practice Quiz Fall 2011 What is the most significant risk for the online retailer? so cern PC1DSS non-complance 33.3% —| Denia of service 44.4% 1. What is the most significant risk for the online retailer? Value Count Percent % Statistics Criminal internet hacker 3 16.7% Total Responses 18 Denial of service 8 44.4% PCI DSS non-compliance 6 33.3% Poor change management 1 5.6% _appv3.sg\zmo.comireportsvew!2key=41136-970347 10S480b7oc6a341403. asarent ‘appv 3.sgizmo.comireportaviewi?key=41 136-870347-10549807ec6a341403.. Preventive controls are most appropriate where Event frequency is high 11.1% en ogre pet ms 22 lec control ate unavailable 16.7% Impact high 80.0% 2. Preventive controls are most appropriate where Value Count Percent% Statistics Event frequency is high 2 111% — TotalResponses 18 Impact is high 9 50% Timely detect controls are unavailable 3 16.7% Event frequency is low but impact very large 4 222% Who is most directly responsible to balance IT-related KRland IT KPI? (Chet Executve Offeor 5.0% i erin 8 Chet Risk oFtcer 5.9% —| Business process owners 84.7% 3. Who is most directly responsible to balance IT-related KRI and IT KPI? _appv’.sg\zmo.comireportsvew!2key=41136-970347 10S480b7oc6al41403. 205arent ‘appv3.sgizmo.comlreportaview'?key=41 136-870347-10549907ec6a341403.. Value Count Percent% _ Statistics Chief Executive Officer 1 5.9% TotalResponses 17 Business process owners 1 647% Chief Risk Officer 1 5.9% Chief Information Officer 4 235% Which of the following is the best indicator of operational risk? Staff turnover 11.8% abe aca np Sat a 228% Nunber of securty nctonts 17.0% Percentage of unscheduled dow ntine 47.1% 4. Which of the following is the best indicator of operational risk? Value Count Percent% Statistics Staff turnover 2 11.8% TotalResponses 17 Percentage of unscheduled downtime 8 471% Number of security incidents 3 17.6% Number of escalated help desk trouble tickets" 4 235% _appv3.s9izmo.comireportsvew!2key=41136-970347 10S480b7oc6al41403. anarent ‘ppv3.sgizmo.comireportaviewi?key=41 136-870347-10549907ec6a341403.. Strategic risk is best mitigated by ‘Business management raining 47.1% ‘Standardizod processes 52.3% ——| 5, Strategic risk is best mitigated by Value Count Percent % Statistics Business management training 8 471% Total Responses 17 Standardized processes 9 52.9% Which of the following risk scenarios is least appropriate for an enterprise Tr-related risk register? Earthquake 125% \ Natural disaster 6.3% Project delvery 58.39% ‘Service provider performance (34 Paty) 25.0% —~ 6. Which of the following risk scenarios is least appropriate for an enterprise IT- related risk register? Value Count Percent % Statistics _appv’.sg\zmo.comireportsvew!2key=41136-970347 10S480b7oc6al41403. 4nsarent appv3.sgizmo.comreportview/?key=41136-970347-105499b7ec6941403.. Project delivery Service provider performance (3rd Party) Natural disaster 9 4 1 2 56.3% Total Responses 16 25% 6.3% 12.5% Which of the following typically attempts to share risk?. User agreements (internal End user license agreements (customerll. Consent agreements VV. Diffie-Hellman Earthquake 100 15 50 26 18.8% = | Tonly only 43.8% LI Tend I Lu 7. Which of the following typically attempts to share risk? |. User agreements (internal) Il. End user license agreements (customer) Ill. Consent agreements IV. Diffie-Hellman Value Count Percent % Statistics lonly 2 12.5% Total Responses 16 only 3 18.8% land I 7 43.8% Mv 4 25% _appv2.sgizmo.comireportsvew!2key=41136-970347 10S480b7oc6a341403. 515arent appv3.sgizmo.comreportview/?key=41136-970347-105499b7ec6341403.. The statement that "Industry surveys report losses of corporate laptops exceeding 10% per annum” does not effectively communicate risk because? ‘Does not account fr Esorpise plan lo migra to sat phones 5.8% 1 Falls to account for Entrprise controls 28.4% —_ Boos nol calculate the irpact of alstlaolop 64.73 8, The statement that "Industry surveys report losses of corporate laptops exceeding 10% per annum" does not effectively communicate risk because? Value Count Percent % Statistics Does not calculate the impact of a lost laptop "1 64.7% Total Responses 17 Fails to account for Enterprise controls 5 29.4% Does not account for Enterprise plan to migrate to smart phones 1 59% What is the most cost effective mitigation strategy? Mninize exposureto commen risk factors 11.8% eset on it ak — Inplomant provent controls fr high prot ise {ficient detect controle and incident response 29.4% \ _appv3.sgizmo.comireportsvew!2key=41136-970347 10S480b7oc6a341403. ensaes appr sp2zme.comreporsvew!*ey=41136-970347105499675a4140.. 9, What is the most cost effective mitigation strategy? Value Count Percent% Statistics, Minimize exposure to common risk factors, 2 118% — TolalResponses 17 Implement prevent controls for high priority risks 6 35.3% Efficient detect controls and incident response 5 29.4% ‘Accept low priority risk 4 235% Which of the following controls is most important to monitor? Password qualiy 11.8% Fem ne ‘Change approval 64.7% 10. Which of the following controls is most important to monitor? Value Count Percent% Statistics, Password quality 2 11.8% TotalResponses 17 Change approval 1 647% Firewall 4 235% URL Variable: cre Count Response 1 af303a311a0778889b%bbr3d0da00861 URL Variable: id _appv’.sgizmo.comireporisvew!2key=41136-970347 10S480b7oc6a341403. m8.arent appv3.sgizmo.comreportview/?key=41136-970347-105499b7ec6341403.. Count _Kesponse 4 744326 ‘What is the most significant risk for the online retailer? pesctegenesrns PCIDSS non-complance 33.3% ——| Denia of service 4.0% 1. What is the most significant risk for the online retailer? Value Count Percent% Statistics, Criminal interet hacker 3 16.7% TotalResponses 18 Denial of service 8 44.4% PCI DSS non-compliance 6 33.3% Poor change management 1 5.6% _appv3.sgizmo.comireportsvew/2key=41136-970347 10S480b7oc6a341403. ans28 ‘ppv9sgizmo.comreportsvew'?key=41196-870347-10549907e060341403.. Preventive controls are most appropriate where vent frequency is high 11.1% ret raquney 8 ow but essay rn 222% ‘Trnely dotect conto are unavailable 16.7% ——~ Impacts high 50.0% 2. Preventive controls are most appropriate where Value Count Percent% Statistics Event frequency is high 2 11.1% —TotalResponses 18 Impact is high 8 50% Timely detect controls are unavailable 3 16.7% Event frequency is low but impact very large 4 222% Who is most directly responsible to balance IT-related KRland IT KPI? Chet Executive Offeer 5.9% (hiot nformation Officer 23.5% hiet Risk Officer 5.9% —| Business process ow ners 64.7% 3. Who is most directly responsible to balance IT-related KRI and IT KPI? _appv3.sg\zmo.comireportsvew 2key=41136-970347 10S480b7oc6a341403. onsarent ‘ppv3.sgizmo.comireportaviewi?key=4t 136-870347-10549907ec6a341403.. Chief Executive Officer 1 5.9% TotalResponses 17 Business process owners 1 647% Chief Risk Officer 1 5.9% Chief Information Officer 4 23.5% Which of the following is the best indicator of operational risk? Staff tumover 11.8% Aare ape Yo tea Z3.5%4 Nunber of securty ncconts 17.6% Percentage of unscheduled dow atime 47.1% 4, Which of the following is the best ator of operational risk? Value Count Percent % Statistics Staff tumover 2 11.8% Total Responses 17 Percentage of unscheduled downtime 8 47.1% Number of security incidents 3 17.6% Number of escalated help desk ‘trouble tickets" 4 235% _appv2.sgizmo.comireportsvew/2key=41136-970347 10S480b7oc6a341403. sosarent ‘ppv 3.sgizmo.comireportaview/?key=41 136-870347-10549907ec6a341403.. Strategic risk is best mitigated by | Business managorrent raining 47.1% Standardized processes 52.8% ——| 5. Strategic risk is best mitigated by Value Count Percent% Statistics Business management training 8 47.1% —— ‘TotalResponses 17 Standardized processes 9 529% Which of the following risk scenarios is least appropriate for an enterprise IT-related risk register? Eartnquake 125% \ Natural dsaster 6.3% Project detvery 56.3% Service provider performance (2rd Party) 26.0% 6. Which of the following risk scenarios is least appropriate for an enterprise IT- related risk register? Value Count Percent % Statistics _appv3.sgizmo.comireportsview!2key=41136-970347 10S480b7oc6a341403. atsarent appv3.sgizmo.comreportview/?key=41136-970347-105499b7ec6341403.. rropet aeivery y 90.0% Lows Repulse 19 Service provider performance (3rd Party) 4 25% Natural disaster 1 6.3% Earthquake 2 12.5% Which of the following typically attempts to share risk?l, User agreements {internai)l End user license agreements (customer)ll. Consent agreements V. Diffie-Hellman 109 5 50 43.8% 25% 2 18.8% = | ° only only Mand LN 7. Which of the following typically attempts to share risk? |. User agreements (internal) II. End user license agreements (customer) Ill. Consent agreements IV. Diffie-Hellman Value Count Percent % Statistics Lonly 2 125% TolalResponses 16 llonly 3 18.8% land I 7 43.8% Wakv 4 25% _appv2.sgizmo.comireportsvew/2key=41136-970347 10S480b7oc6a341403. rans28 ‘pv3.sizmo.comreportsvew'?key=41136-870347-105498b7ec60341408.. The statement that "Industry surveys report losses of corporate laptops exceeding 10% per annum" does not effectively communicate risk because? ‘Does not account for Enterprise plan to migrate to srt phones 6.8% Fas to account for Enterprise convals 28.4% —_ ~ Does not calculate the impacto alost laptop 64.79 8, The statement that "Industry surveys report losses of corporate laptops exceeding 10% per annum" does not effectively communicate risk because? Value Count Percent % Statistics Does not calculate the impact of a lost laptop "1 64.7% Total Responses 17 Fails to account for Enterprise controls 5 29.4% Does not account for Enterprise plan to migrate to smart phones 1 5.9% What is the most cost effective mitigation strategy? Mininize exposure te commen risk factors 11.8% eso ree rae Sg /— tnplemsnt prevent controls for high pro rise Efficient detect controls and inesent response 29.4% js 8 What te tha manct anet affnathin mitination etrata nt? _appv’.sg\zmo.comireportsvew!2key=41136-870347 10S480b7oc6a41403. 1315arent ‘appv3.sgizmo.comireportaviewi?key=4' 136-870347-10549907ec6a341403.. 3%. What is ule MUSt Gust enecuve Mmiugauen suaeyy © Value Count Percent% Statistics Minimize exposure to common risk factors, 2 11.8% — ‘TotalResponses 17 Implement prevent controls for high priority risks 6 353% Efficient detect controls and incident response 5 29.4% Accept low priority risk 4 23.5% Which of the following controls is most important to monitor? Password qualiy 11.8% Pewee. ‘Change approval 64.7% 10. Which of the following controls is most important to monitor? Value Count Percent% Statistics Password quality 2 11.8% | TotalResponses 17 Change approval 11 647% Firewall 4 235% 11. Your email address? Count Response Breakey@zoho.com ageyer@tunitas.com broseyma@fhlboin.com debski@msn.com dey.debanjan@gmail.com flookyteeco2005@gmail.com hussam 7@vahaa com _appv2.sg\zmo.comiteportsview/2key=41136-970347-10S480b7oc6al41403. sansarent appv3.sgizmo.comreportview/?key=41136-970347-105499b7ec6341403.. hzeitoun@rhe jo kkultgen@hotmail.com msmith@msmith.ca nigelking73@gmail.com.au paul_grojean@comcast.net ravishankar.di@gmail.com rohitsdeshmukh@gmail.com satwal06@gmail.com tyukseliyor@innova.com.tr URL Variable: cre Count Response 1 af303a31 14e778889b"bbf3d0da00861 URL Variable: id Count Response 1 744326 _appv3.sgizmo.comireportsvew!2key=41136-970347 10S480b7oc6a341403. 45145