CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 20)

Page 19 of 451
PDF with 1871 Questions

Which of the following risks refer to probability that an actual return on an investment will be lower than the investor's expectations?

  1. Integrity risk
  2. Project ownership risk
  3. Relevance risk
  4. Expense risk

Answer(s): D

Explanation:

Probability that an actual return on an investment will be lower than the investor's expectations is termed as investment risk or expense risk. All investments have some level of risk associated with it due to the unpredictability of the market's direction. This includes consideration of the overall IT investment portfolio.

Incorrect Answers:
A: The risk that data cannot be relied on because they are unauthorized, incomplete or inaccurate is termed as integrity risks.

B: The risk of IT projects failing to meet objectives due to lack of accountability and commitment is referring to as project risk ownership.

C: The risk associated with not receiving the right information to the right people (or process or systems) at the right time to allow the right action to be taken is termed as relevance risk.



What are the PRIMARY requirements for developing risk scenarios? Each correct answer represents a part of the solution. Choose two.

  1. Potential threats and vulnerabilities that could lead to loss events
  2. Determination of the value of an asset at risk
  3. Determination of actors that has potential to generate risk
  4. Determination of threat type

Answer(s): A,B

Explanation:

Creating a scenario requires determination of the value of an asset or a business process at risk and the potential threats and vulnerabilities that could cause loss. The risk scenario should be assessed for relevance and realism, and then entered into the risk register if found to be relevant.

In practice following steps are involved in risk scenario development: First determine manageable set of scenarios, which include:
Frequently occurring scenarios in the industry or product area.
Scenarios representing threat sources that are increasing in count or severity level. Scenarios involving legal and regulatory requirements applicable to the business.
After determining manageable risk scenarios, perform a validation against the business objectives of the entity.
Based on this validation, refine the selected scenarios and then detail them to a level in line with the criticality of the entity.
Lower down the number of scenarios to a manageable set. Manageable does not signify a fixed number, but should be in line with the overall importance and criticality of the unit.
Risk factors kept in a register so that they can be reevaluated in the next iteration and included for detailed analysis if they have become relevant at that time.
Risk factors kept in a register so that they can be reevaluated in the next iteration and included for detailed analysis if they have become relevant at that time.
Include an unspecified event in the scenarios, that is, address an incident not covered by other scenarios.

Incorrect Answers:
C, D: Determination of actors and threat type are not the primary requirements for developing risk scenarios, but are the components that are determined during risk scenario development.



What are the responsibilities of the CRO?
Each correct answer represents a complete solution. Choose three.

  1. Managing the risk assessment process
  2. Implement corrective actions
  3. Advising Board of Directors
  4. Managing the supporting risk management function

Answer(s): A,C,D



You are working with a vendor on your project. A stakeholder has requested a change for the project, which will add value to the project deliverables. The vendor that you're working with on the project will be affected by the change. What system can help you introduce and execute the stakeholder change request with the vendor?

  1. Contract change control system
  2. Scope change control system
  3. Cost change control system
  4. Schedule change control system

Answer(s): A

Explanation:

The contract change control system is part of the project's change control system. It addresses changes with the vendor that may affect the project contract. Change control system, a part of the configuration management system, is a collection of formal documented procedures that define how project deliverables and documentation will be controlled, changed, and approved.

Incorrect Answers:
B: The scope may change because of the stakeholder change request. Vendor’s relationship to the project, hence this choice is not the best answer.

C: The cost change control system manages changes to costs in the project. D: There is no indication that the change could affect the project schedule.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts