CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 22)

Page 22 of 451
PDF with 1871 Questions

Which of the following is the MOST effective method for indicating that the risk level is approaching a high or unacceptable level of risk?

  1. Risk register
  2. Cause and effect diagram
  3. Risk indicator
  4. Return on investment

Answer(s): C

Explanation:

Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks.

Incorrect Answers:
A: A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains:
A description of the risk
The impact should this event actually occur The probability of its occurrence
Risk Score (the multiplication of Probability and Impact)
A summary of the planned response should the event occur
A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.

D: Return On Investment (ROI) is a performance measure used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments. To calculate ROI, the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio.

The return on investment formula:
ROI= (Gain from investment - Cost of investment) / Cost of investment

In the above formula "gains from investment", refers to the proceeds obtained from selling the investment of interest.



You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

  1. Risk Management Plan
  2. Stakeholder management strategy
  3. Communications Management Plan
  4. Resource Management Plan

Answer(s): C

Explanation:

The Communications Management Plan defines, in regard to risk management, who will be available to share information on risks and responses throughout the project.

The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. The Communications Management Plan sets the communication structure for the project. This structure provides guidance for communication throughout the project's life and is updated as communication needs change. The Communication Managements Plan identifies and defines the roles of persons concerned with the project. It includes a matrix known as the communication matrix to map the communication requirements of the project.

Incorrect Answers:
A: The Risk Management Plan defines risk identification, analysis, response, and monitoring. B: The stakeholder management strategy does not address risk communications.
D: The Resource Management Plan does not define risk communications.



Your project spans the entire organization. You would like to assess the risk of your project but worried about that some of the managers involved in the project could affect the outcome of any risk identification meeting. Your consideration is based on the fact that some employees would not want to publicly identify risk events that could declare their supervision as poor. You would like a method that would allow participants to anonymously identify risk events. What risk identification method could you use?

  1. Delphi technique
  2. Root cause analysis
  3. Isolated pilot groups
  4. SWOT analysis

Answer(s): A

Explanation:

The Delphi technique uses rounds of anonymous surveys to build consensus on project risks. Delphi is a technique to identify potential risk. In this technique, the responses are gathered via a QUESTION: and their inputs are organized according to their contents. The collected responses are sent back to these experts for further input, addition, and comments. The final list of risks in the project is prepared after that. The participants in this technique are anonymous and therefore it helps prevent a person from unduly influencing the others in the group. The Delphi technique helps in reaching the consensus quickly.

Incorrect Answers:
B: Root cause analysis is not an anonymous approach to risk identification. C: Isolated pilot groups is not a valid risk identification activity.
D: SWOT analysis evaluates the strengths, weaknesses, opportunities, and threats of the project.



Which of the following represents lack of adequate controls?

  1. Vulnerability
  2. Threat
  3. Asset
  4. Impact

Answer(s): A

Explanation:

Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware, operating systems, firmware, applications, and configuration files. Hence lack of adequate controls represents vulnerability and would ultimately cause threat to the enterprise.

Incorrect Answers:
B: Threat is the potential cause of unwanted incident.

C: Assets are economic resources that are tangible or intangible, and is capable of being owned or controlled to produce value.

D: Impact is the measure of the financial loss that the threat event may have.



Page 22 of 451



Post your Comments and Discuss ISACA CRISC exam with other Community members:

Fei commented on November 26, 2024
Very good resources
UNITED STATES
upvote

Yingying Li commented on December 02, 2023
Very useful practice tests.
Anonymous
upvote

Stephen commented on August 27, 2023
Can you please share CIMAPRA19-FO2-1 Exam dumps please
Anonymous
upvote

Parsad commented on June 04, 2023
Thank you for the buy 1 get 1 free discount. This helped me a lot. I donot have a lot of money.
INDIA
upvote

Petros commented on May 01, 2023
I could not have passed my certification test without the help of this study guide - highly recommend it!
PORTUGAL
upvote

Bobby commented on January 18, 2022
Passed easily.
UNITED STATES
upvote

Santosh commented on January 29, 2020
Passed my exam today with a score of 798. This is good material.
INDIA
upvote

Arron commented on January 26, 2020
This saved me so much time. The questions and answers are adequate and close to real exam. I like the PDF and its format. Just put it on my iPad and studied while traveling to work. This was my first time using this site and I am pretty happy about their service and price.
GERMANY
upvote

Suresh commented on April 17, 2019
This download is a waste of time . I downloaded the windows app and installed and it is asking to load the test. No documentation provided on how to use the desk top tool. Unable to install on my MAC not Iphone compatible. RE- Admin: Suresh, our website clearly says that the Test Engine software is for Windows only. We have not advertised anywhere in our website saying the Test Engine Software is for MAC as well.
UNITED STATES
upvote