CRISC IT Risk Identification • Complete Question Bank
Complete CRISC IT Risk Identification question bank — all 0 questions with answers and detailed explanations.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Establish and maintain a risk management framework
Identify and analyze IT risks
Select and implement risk mitigation controls
Continuously monitor and report risk status
Drag a concept onto its matching description — or click a concept then click the description.
Firewall blocking unauthorized traffic
Intrusion detection system alerts
Backup restoration after data loss
Security warning banners
Drag a concept onto its matching description — or click a concept then click the description.
Information security management system
Cybersecurity risk management framework
Payment card data security
Healthcare data privacy and security
Refer to the exhibit. Exhibit: ``` # show security policies policy from zone: untrust to zone: trust rule 1: source-address any, destination-address 10.0.1.0/24, application ssh, deny rule 2: source-address any, destination-address 10.0.1.5, application http, permit rule 3: source-address 192.168.2.0/24, destination-address 10.0.1.10, application mysql, permit counter: 1245 hits ```
Refer to the exhibit.
Exhibit:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::corporate-data/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::corporate-data/*",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/external-auditor"
}
}
]
}
```Refer to the exhibit. Exhibit: ``` [2025-03-15 14:23:11] ERROR: Deadlock detected in database 'HR_DB'. Transaction (ID 4567) was chosen as the victim. Rollback initiated. Query: UPDATE employees SET salary = ? WHERE dept_id = ?; ```
Vulnerability Scan Report: Vulnerability: CVE-2023-1234 (Critical) - Remote code execution in Apache Struts 2 Affected Hosts: 10.1.1.10, 10.1.1.20, 10.1.1.30 Port: 8080 Impact: CVSS 9.8 Patch available: Yes
{
"PolicyName": "S3-Bucket-Policy",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::confidential-data/*"
}
]
}Firewall Rule Configuration: Rule 10: Allow TCP 3389 from 192.168.1.0/24 to 10.0.0.5
Firewall log: 2025-03-15 14:23:45 src=10.0.1.100 dst=192.168.2.50 port=3389 action=deny
{
"Policy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
}Error log: Error: SQL syntax error near ' OR 1=1 --
Refer to the exhibit. === Firewall Log Entry === Time: 2023-08-15 14:32:17 Source IP: 192.168.1.100 Destination IP: 10.0.0.50 Port: 445 (SMB) Action: ALLOW Rule: INTERNAL_ACCESS === End of Entry ===
Refer to the exhibit.
=== AWS IAM Policy (JSON) ===
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::company-data/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
}
]
}
=== End of Policy ===Refer to the exhibit. === IDS Alert === Timestamp: 2024-01-10 09:45:22 Signature ID: 2100498 Signature Name: ET POLICY Suspicious Inbound to MSSQL Port Source IP: 203.0.113.5 Destination IP: 192.168.10.50 Destination Port: 1433 Protocol: TCP Alert Severity: High === End of Alert ===
Refer to the exhibit. Exhibit (Firewall Log): ``` 2024-02-10 08:23:45 DENY TCP 10.0.1.15 3389 203.0.113.50 443 2024-02-10 08:23:46 DENY TCP 10.0.1.15 3389 203.0.113.50 443 2024-02-10 08:23:47 DENY TCP 10.0.1.15 3389 203.0.113.50 443 2024-02-10 08:23:48 ALLOW TCP 10.0.1.10 443 198.51.100.20 3389 ```
Refer to the exhibit.
{
"PolicyName": "S3BucketAccessPolicy",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::critical-data/*"
}
]
}