CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 27)

Page 27 of 451
PDF with 1871 Questions

FISMA requires federal agencies to protect IT systems and data. How often should compliance be audited by an external organization?

  1. Annually
  2. Quarterly
  3. Every three years
  4. Never

Answer(s): A

Explanation:

Inspection of FISMA is required to be done annually. Each year, agencies must have an independent evaluation of their program. The objective is to determine the effectiveness of the program. These evaluations include:
Testing for effectiveness: Policies, procedures, and practices are to be tested. This evaluation does not test every policy, procedure, and practice. Instead, a representative sample is tested.
An assessment or report: This report identifies the agency's compliance as well as lists compliance with FISMA. It also lists compliance with other standards and guidelines.

Incorrect Answers:
B, C, D: Auditing of compliance by external organization is done annually, not quarterly or every three years.



Which of the following is the FOREMOST root cause of project risk? Each correct answer represents a complete solution. Choose two.

  1. New system is not meeting the user business needs
  2. Delay in arrival of resources
  3. Lack of discipline in managing the software development process
  4. Selection of unsuitable project methodology

Answer(s): C,D

Explanation:

The foremost root cause of project risk is:
A lack of discipline in managing the software development process
Selection of a project methodology that is unsuitable to the system being developed

Incorrect Answers:
A: The risk associated with new system is not meeting the user business needs is business risks, not project risk.
B: This is not direct reason of project risk.



You are the project manager of a SGT project. You have been actively communicating and working with the project stakeholders. One of the outputs of the "manage stakeholder expectations" process can actually create new risk events for your project. Which output of the manage stakeholder expectations process can create risks?

  1. Project management plan updates
  2. An organizational process asset updates
  3. Change requests
  4. Project document updates

Answer(s): C

Explanation:

The manage stakeholder expectations process can create change requests for the project, which can cause new risk events to enter into the project.

Change requests are requests to expand or reduce the project scope, modify policies, processes, plans, or procedures, modify costs or budgets or revise schedules. These requests for a change can be direct or indirect, externally or internally initiated, and legally or contractually imposed or optional. A Project Manager needs to ensure that only formally documented requested changes are processed and only approved change requests are implemented.

Incorrect Answers:
A: The project management plan updates do not create new risks.

B: The organizational process assets updates do not create new risks. D: The project document updates do not create new risks.



Which of the following characteristics of risk controls can be defined as under?

"The separation of controls in the production environment rather than the separation in the design and implementation of the risk"

  1. Trusted source
  2. Secure
  3. Distinct
  4. Independent

Answer(s): C

Explanation:

A control or countermeasure which does not overlap in its performance with another control or countermeasure is considered as distinct. Hence the separation of controls in the production environment rather than the separation in the design and implementation of the risk refers to distinct.

Incorrect Answers:
A: Trusted source refers to the commitment of the people designing, implementing, and maintenance of the control towards the security policy.

B: Secure controls refers to the activities ability to protect from exploitation or attack.

D: The separation in design, implementation, and maintenance of controls or countermeasures are refer to as independent. Hence this answer is not valid.



Page 27 of 451



Post your Comments and Discuss ISACA CRISC exam with other Community members:

Fei commented on November 26, 2024
Very good resources
UNITED STATES
upvote

Yingying Li commented on December 02, 2023
Very useful practice tests.
Anonymous
upvote

Stephen commented on August 27, 2023
Can you please share CIMAPRA19-FO2-1 Exam dumps please
Anonymous
upvote

Parsad commented on June 04, 2023
Thank you for the buy 1 get 1 free discount. This helped me a lot. I donot have a lot of money.
INDIA
upvote

Petros commented on May 01, 2023
I could not have passed my certification test without the help of this study guide - highly recommend it!
PORTUGAL
upvote

Bobby commented on January 18, 2022
Passed easily.
UNITED STATES
upvote

Santosh commented on January 29, 2020
Passed my exam today with a score of 798. This is good material.
INDIA
upvote

Arron commented on January 26, 2020
This saved me so much time. The questions and answers are adequate and close to real exam. I like the PDF and its format. Just put it on my iPad and studied while traveling to work. This was my first time using this site and I am pretty happy about their service and price.
GERMANY
upvote

Suresh commented on April 17, 2019
This download is a waste of time . I downloaded the windows app and installed and it is asking to load the test. No documentation provided on how to use the desk top tool. Unable to install on my MAC not Iphone compatible. RE- Admin: Suresh, our website clearly says that the Test Engine software is for Windows only. We have not advertised anywhere in our website saying the Test Engine Software is for MAC as well.
UNITED STATES
upvote