CRISC 무료 덤프문제 온라인 액세스

Which of the following should a risk practitioner do NEXT after learning that Internet of Things (loT) devices installed in the production environment lack appropriate security controls for sensitive data?

• A.Recommend device management controls
• B.Assess the threat and associated impact.
• C.Enable role-based access control.
• D.Evaluate risk appetite and tolerance levels

Which of the following is a responsibility of the second line in the three lines model?

• A.Implementing corrective actions to address deficiencies
• B.Alerting operational management to emerging issues
• C.Performing duties independently to provide assurance
• D.Owning risk scenarios and bearing the consequences of loss

Who is PRIMARILY accountable for identifying risk on a daily basis and ensuring adherence to the organization ' s policies?

• A.Third line of defense
• B.Line of defense subject matter experts
• C.Second line of defense
• D.First line of defense

Which of the following is the GREATEST concern when an organization uses a managed security service provider as a firewall administrator?

• A.Exposure of log data
• B.Lack of agreed-upon standards
• C.Increased number of firewall rules
• D.Lack of governance

Which of the following is MOST important to sustainable development of secure IT services?

• A.Secure coding practices
• B.Security architecture principles
• C.\Well-documented business cases
• D.Security training for systems development staff