CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 74)

Page 73 of 451
PDF with 1871 Questions

You are the project manager of GHT project. You have analyzed the risk and applied appropriate controls. In turn, you got residual risk as a result of this. Residual risk can be used to determine which of the following?

  1. Status of enterprise's risk
  2. Appropriate controls to be applied next
  3. The area that requires more control
  4. Whether the benefits of such controls outweigh the costs

Answer(s): C,D

Explanation:

Residual risk can be used by management to determine:
Which areas require more control Whether the benefits of such controls outweigh the costs
As residual risk is the output that comes after applying appropriate controls, so it can also estimate the area which need more sophisticated control. If the cost of control is large that its benefits then no control is applied, hence residual risk can determine benefits of these controls over cost.

Incorrect Answers:
A: Status of enterprise's risk can be determined only after risk monitoring.
B: Appropriate control can only be determined as the result of risk assessment, not through residual risk.



When it appears that a project risk is going to happen, what is this term called?

  1. Issue
  2. Contingency response
  3. Trigger
  4. Threshold

Answer(s): C

Explanation:

A trigger is a warning sign or a condition that a risk event is likely to occur within the project.

Incorrect Answers:
A: Issues are events that come about as a result of risk events. Risks become issues only after they have actually occurred.

B: A contingency response is a pre-planned response for a risk event, such as a rollback plan. D: A threshold is a limit that the risk passes to actually become an issue in the project.



You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. Which of the following inputs will be needed for the qualitative risk analysis process in your project?
Each correct answer represents a complete solution. (Choose three.)

  1. Project scope statement
  2. Cost management plan
  3. Risk register
  4. Organizational process assets

Answer(s): A,C,D

Explanation:

The primary goal of qualitative risk analysis is to determine proportion of effect and theoretical response. The inputs to the Qualitative Risk Analysis process are:
Organizational process assets Project Scope Statement
Risk Management Plan Risk Register

Incorrect Answers:
B: The cost management plan is the input to the perform quantitative risk analysis process.



Which of the following will significantly affect the standard information security governance model?

  1. Currency with changing legislative requirements
  2. Number of employees
  3. Complexity of the organizational structure
  4. Cultural differences between physical locations

Answer(s): C

Explanation:

Complexity of the organizational structure will have the most significant impact on the Information security governance model. Some of the elements that impact organizational structure are multiple business units and functions across the organization.

Incorrect Answers:
A: Currency with changing legislative requirements should not have major impact once good governance models are placed, hence, governance will help in effective management of the organization's ongoing compliance.

B, D: The numbers of employees and the distance between physical locations have less impact on Information security models as well-defined process, technology and people components together provide the proper governance.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts