Isaca Updated CRISC Exam Questions and Answers by husna

Zero-day malware is malware that exploits unknown and unprotected vulnerabilities. This novel malware is difficult to detect and defend against, making zero-day attacks a significant threat to enterprise cybersecurity1. The best way to detect zero-day malware on an end user’s workstation is to use file integrity monitoring, which is a technique that monitors and alerts on changes to files and directories that may indicate a malware infection or compromise2. By using fileintegrity monitoring, the end user can detect zero-day malware that may alter or damage the files or directories on their workstation, and take appropriate actions to remove or isolate the malware. File integrity monitoring can also help to prevent the spread of zero-day malware to other systems or networks, and to restore the integrity and availability of the affected files or directories. Antivirus program, database activity monitoring, and firewall log monitoring are not the best ways to detect zero-day malware on an end user’s workstation, as they are not as effective or reliable as file integrity monitoring. Antivirus program is a software that scans and removes known malware from a system or network3. Antivirus program can help to protect the end user’s workstation from common or known malware, but it may not be able to detect zero-day malware that does not have a signature or a pattern that matches the antivirus program’s database. Database activity monitoring is a technique that monitors and audits the activities and transactions on a database, such as queries, updates, or deletions4. Database activity monitoring can help to protect the end user’s database from unauthorized or malicious access or modification, but it may not be able to detect zero-day malware that does not target or affect the database. Firewall log monitoring is a technique that monitors and analyzes the logs generated by a firewall, which is a device or software that filters and controls the incoming and outgoing network traffic based on predefined rules. Firewall log monitoring can help to protect the enduser’s workstation from external or internal network attacks, but it may not be able to detect zero-day malwarethat bypasses or evades the firewall rules or that originates from the workstation itself. References = 1: What is Zero Day Malware? - Check Point Software2: File Integrity Monitoring - an overview | ScienceDirect Topics3: Antivirus Software - an overview | ScienceDirect Topics4: Database Activity Monitoring - an overview | ScienceDirect Topics : [Firewall Log Analysis - an overview | ScienceDirect Topics] : [Risk and Information Systems Control Study Manual, Chapter 5: Information Systems Control Design and Implementation, Section 5.1: Control Design, pp. 233-235.] : [Risk and Information Systems Control Study Manual, Chapter 5: Information Systems Control Design and Implementation, Section 5.2: Control Implementation, pp. 243-245.] : [Risk and Information Systems Control Study Manual, Chapter 5: Information Systems Control Design and Implementation, Section 5.3: Control Monitoring and Maintenance, pp. 251-253.] : [Zero-day attack detection: a systematic literature review | Artificial Intelligence Review] : [Zero-day Attacks Detection and Prevention Methods | Apriorit] 

A risk map is the best method to ensure that the risk is measurable against the organization’s risk appetite, as it is a graphical tool that displays the level and priority of risks based on their likelihood and impact, as well as other factors such as velocity, persistence, and urgency. A risk map can help to compare and communicate the risk levels across different business units, processes, and projects, and to align them with the organization’s risk appetite and tolerance. A risk map can also help to identify the gaps and overlaps in risk management, and to support the decision making and resource allocation for risk response. A cause-and-effect diagram is a tool that helps to identify and analyze the root causes and consequences of a risk or a problem, but it does not measure the risk against the organization’s risk appetite. A maturity model is a tool that helps to assess and improve the capability and performance of a process or a function, but it does not measure the risk against the organization’s risk appetite. A technology strategy plan is a document that outlines the vision, goals, and objectives of the organization’s use of information and technology, but it does not measure the risk against the organization’s risk appetite. References = Risk and Information Systems Control Study Manual, Chapter 3: IT Risk Assessment, page 97.

The level of risk in the IT risk profile is the aggregate measure of the likelihood and impact of IT-related risks that may affect the enterprise’s objectives and operations.

The risk appetite is the amount and type of risk that the enterprise is willing to accept in pursuit of its goals. It is usually expressed as a range or a threshold, and it is aligned with the enterprise’s strategy and culture.

If the level of risk in the IT risk profile has decreased and is now below management’s risk appetite, it means that the enterprise has more capacity and opportunity to take on additional risks that may offer higher rewards or benefits.

The best recommendation in this situation is to optimize the control environment, which is the set of policies, procedures, standards, and practices that provide the foundation for managing IT risks and controls. Optimizing the control environment means enhancing the efficiency and effectiveness of the controls, reducing the costs and complexity of compliance, and aligning the controls with the enterprise’s objectives and values.

Optimizing the control environment can help the enterprise to achieve the optimal balance between risk and return, and to leverage its risk management capabilities to create and protect value.

The other options are not the best recommendations, because they do not address the opportunity to improve the enterprise’s performance and resilience.

Realigning risk appetite to the current risk level may result in missing out on potential gains or advantages that could be obtained by taking more risks within the acceptable range.

Decreasing the number of related risk scenarios may reduce the scope and depth of risk analysis and reporting, and impair the enterprise’s ability to identify and respond to emerging or changing risks.

Reducing the risk management budget may compromise the quality and reliability of the risk management process and activities, and weaken the enterprise’s risk culture and governance. References =

ISACA, CRISC Review Manual, 7th Edition, 2022, pp. 29-30, 34-35, 38-39, 44-45

ISACA, CRISC Review Questions, Answers & Explanations Database, 2022, QID 145