CRISC Risk and Control Monitoring and Reporting • Complete Question Bank
Complete CRISC Risk and Control Monitoring and Reporting question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` SIEM Alert: High Severity Rule: Multiple Failed Logins Threshold: 10 failures in 5 minutes Triggered at: 2024-03-15 14:23:45 Source IP: 192.168.1.100 Target: DC01 Event Count: 15 failures in 4 minutes ```
Refer to the exhibit. ``` Control Test Result: Access Control Review Control ID: AC-01 Test Date: 2024-03-20 Expected Result: No unauthorized access attempts Actual Result: 3 unauthorized access attempts detected Status: Failed Remediation: Implement additional logging ```
Refer to the exhibit. ``` Risk Monitoring Dashboard KRI: Percentage of systems with critical patches not applied Threshold: <5% Current value: 8% Trend: Increasing Status: Red ```
Refer to the exhibit. Control Self-Assessment (CSA) Results for Access Management: - User access recertification completed within 90 days: 92% (target: 95%) - Terminated employee accounts disabled within 24 hours: 98% (target: 99%) - Privileged access reviews completed quarterly: 100% (target: 100%) - Segregation of duties conflicts resolved within 30 days: 85% (target: 90%)
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Uses numerical values like ALE and SLE
Uses ordinal scales like high/medium/low
Combines numeric values with qualitative scales
Evaluates risks based on hypothetical events
Drag a concept onto its matching description — or click a concept then click the description.
Data is accessible only to authorized parties
Data is accurate and complete
Data is accessible when needed
Actions can be traced to individuals
Refer to the exhibit. ``` GRC System Log - Risk Score Update Timestamp: 2024-09-15 14:30:22 Update type: Batch Risk ID: R-1042 Previous inherent risk score: 12 (High) Current inherent risk score: 9 (Medium) Control effectiveness status: Not updated Risk owner: JSmith Comment: Change due to mitigation project completion. ```
Refer to the exhibit. ``` Syslog Alert from Monitoring Tool Sep 15 10:23:45 server01 monitor[1234]: WARNING: ControlID C-0451 - Transaction Approval Limit exceeded. Threshold: 50000 USD Actual: 52300 USD User: user_id=jsmith, department=Finance Approver: not assigned Timestamp: 2024-09-15 10:23:45 ```
Refer to the exhibit.
```
JSON Policy - Control Monitoring Configuration
{
"controlId": "C-102",
"monitoringType": "automated",
"frequency": "daily",
"dataSource": "transaction_log",
"threshold": 1000,
"alertRecipients": ["riskteam@company.com"],
"escalationLevels": [
{"level": 1, "condition": "breach_duration > 1 hour", "action": "email"},
{"level": 2, "condition": "breach_duration > 4 hours", "action": "sms"}
],
"lastTested": "2024-08-15",
"owner": "Risk Owner"
}
```Refer to the exhibit.
{
"policies": [
{"sid": "AllowRead", "effect": "Allow", "principal": "*", "action": ["s3:GetObject"], "resource": "arn:aws:s3:::critical-data/*", "condition": {"IpAddress": {"aws:SourceIp": "10.0.0.0/8"}}},
{"sid": "DenyAll", "effect": "Deny", "principal": "*", "action": ["s3:*"], "resource": "arn:aws:s3:::critical-data/*"}
]
}Refer to the exhibit. CLI output from SIEM: Event Time: 2024-03-15 08:23:45 UTC Source IP: 203.0.113.5 User: svc-backup Action: Failed login (password) Target: db-admin@company.com Count: 15 (last 5 minutes) Event Time: 2024-03-15 08:24:12 UTC Source IP: 203.0.113.5 User: svc-backup Action: Successful login (password) Target: db-admin@company.com
Refer to the exhibit. Error Log (excerpt): [2024-03-20 14:32:10] ERROR: ORA-01017: invalid username/password; logon denied At: JDBC Thin Client connection from 192.168.1.100 [2024-03-20 14:32:15] ERROR: ORA-01017: invalid username/password; logon denied At: JDBC Thin Client connection from 192.168.1.100 [2024-03-20 14:32:20] ERROR: ORA-01017: invalid username/password; logon denied At: JDBC Thin Client connection from 192.168.1.100 [2024-03-20 14:32:25] ERROR: ORA-01017: invalid username/password; logon denied At: JDBC Thin Client connection from 192.168.1.100 [2024-03-20 14:32:30] INFO: User 'app_user' authenticated successfully from 192.168.1.100
KRI: Unauthorized Access Attempts Threshold: 10 per day (Green), 10-20 (Amber), >20 (Red) Current Week Data: Mon:5, Tue:8, Wed:12, Thu:15, Fri:9
ALERT: SQL Injection Attempt detected from IP 10.0.0.5 to server DB01 at 14:23:45 Action: Blocked by WAF. Alert escalated to SOC. SOC analyst reviewed and determined false positive. Alert closed.
{
"PolicyName": "S3BucketAccessMonitor",
"Rules": [
{
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::critical-data/*",
"Condition": {"IpAddress": {"aws:SourceIp": "10.0.0.0/8"}}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::critical-data/*",
"Condition": {"IpAddress": {"aws:SourceIp": "10.0.0.0/8"}}
}
]
}{
"controlTest": {
"controlId": "AC-01",
"testId": "T12345",
"testDate": "2023-06-15",
"testResult": "pass",
"notes": "Sample of 30 logins; all authenticated via MFA."
}
}[Critical] 2023-07-10 08:15:00 - Intrusion Prevention System Alert: Source IP: 10.0.1.15 (Internal) Destination: external malicious IP Rule: Outbound Malware Traffic Action: Blocked Control: Outbound Web Filtering (OWF) Prior alerts: 3 in past hour Threshold: 5 alerts within 1 hour triggers investigation
control_monitoring_config: control_id: CR-02 monitoring_type: automated kpi: "Percentage of transactions reviewed" target: 90% (should be 95% per policy) current: 94.5% trend: stable
Refer to the exhibit. --- Vulnerability Scan Report Excerpt Target: 192.168.1.100 Vulnerability: CVE-2023-XXXX Severity: Critical Status: Open (first detected: 2024-01-15) Last scan: 2024-04-10 Patches available: Yes Risk accepted: Yes (by system owner on 2024-02-01) ---
Refer to the exhibit.
---
Data Loss Prevention Policy (JSON snippet)
{
"policyName": "PCI-DSS Policy",
"rules": [
{
"ruleId": 1,
"condition": "data.type == 'credit_card' && data.destination == 'external_email'",
"action": "block",
"alert": true
},
{
"ruleId": 2,
"condition": "data.type == 'credit_card' && data.size > 1000",
"action": "block",
"alert": true
}
],
"monitoring": {
"alertDestination": "security_team@company.com",
"logRetentionDays": 90
}
}
---Refer to the exhibit. --- Syslog Message: Mar 15 09:45:23 auth-server sshd[1234]: Failed password for admin from 10.0.0.5 port 22 ssh2 Mar 15 09:46:10 auth-server sshd[1234]: Failed password for admin from 10.0.0.5 port 22 ssh2 Mar 15 09:46:55 auth-server sshd[1234]: Failed password for admin from 10.0.0.5 port 22 ssh2 ---
Feb 15 09:23:45 fw01 %ASA-4-722041: Tunnel negotiation failed to/from IP 203.0.113.5 to 198.51.100.20 due to authentication failure. Feb 15 09:24:12 fw01 %ASA-4-722041: Tunnel negotiation failed to/from IP 203.0.113.5 to 198.51.100.20 due to authentication failure. Feb 15 09:24:50 fw01 %ASA-4-722041: Tunnel negotiation failed to/from IP 203.0.113.5 to 198.51.100.20 due to authentication failure.
{
"AccessControlPolicy": {
"Version": "1.0",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": "arn:aws:s3:::critical-data/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::critical-data/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
}2024-03-01 10:15:23 ERROR [SIEM] Correlation rule 'Brute_Force_SSH' triggered 1500 times in the last hour. Source IPs: 10.0.0.34, 10.0.0.56, 10.0.0.78. Investigation reveals these are internal monitoring servers.
2025-03-15 14:23:45 ERROR [compliance.monitor] Control ID: CTRL-042 status: FAILURE. Expected: PASS. Action: Manual review required. 2025-03-15 14:25:10 INFO [compliance.monitor] Control ID: CTRL-042 status: PASS. Action: None. 2025-03-15 14:30:00 WARN [risk.engine] KRI: KR-007 value: 78.5 (Threshold: 50-75). Alert level: HIGH.
Risk Control Matrix (RCM) Extract - Control Test Results Date: 2024-11-20 Process: Order-to-Cash Test ID: OTC-001 Control Description: Segregation of duties between order entry and credit approval. Test Result: FAIL Finding: User ID 'jdoe' performed both order entry and credit approval on transaction ID 78965. Test ID: OTC-002 Control Description: Automatic validation of credit limit within ERP. Test Result: PASS Test ID: OTC-003 Control Description: Monthly reconciliation of accounts receivable. Test Result: NOT TESTED