CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps

Ben works as a project manager for the MJH Project. In this project, Ben is preparing to identify stakeholders so he can communicate project requirements, status, and risks. Ben has elected to use a salience model as part of his stakeholder identification process. Which of the following activities best describes a salience model?

  1. Describing classes of stakeholders based on their power (ability to impose their will), urgency (need for immediate attention), and legitimacy (their involvement is appropriate).
  2. Grouping the stakeholders based on their level of authority ("power") and their level or concern ("interest") regarding the project outcomes.
  3. Influence/impact grid, grouping the stakeholders based on their active involvement ("influence") in the project and their ability to affect changes to the project's planning or execution ("impact").
  4. Grouping the stakeholders based on their level of authority ("power") and their active involvement ("influence") in the project.

Answer(s): A

Explanation:

A salience model defines and charts stakeholders' power, urgency, and legitimacy in the project.

The salience model is a technique for categorizing stakeholders according to their importance. The various difficulties faced by the project managers are as follows:
How to choose the right stakeholders?

How to prioritize competing claims of the stakeholders communication needs?

Stakeholder salience is determined by the evaluation of their power, legitimacy and urgency in the organization.
Power is defined as the ability of the stakeholder to impose their will. Urgency is the need for immediate action.
Legitimacy shows the stakeholders participation is appropriate or not.
The model allows the project manager to decide the relative salience of a particular stakeholder. Incorrect Answers:
B: This defines the power/interest grid. C: This defines an influence/impact grid. D: This defines a power/influence grid.



Which of the following is the first MOST step in the risk assessment process?

  1. Identification of assets
  2. Identification of threats
  3. Identification of threat sources
  4. Identification of vulnerabilities

Answer(s): A

Explanation:

Asset identification is the most crucial and first step in the risk assessment process. Risk identification, assessment and evaluation (analysis) should always be clearly aligned to assets. Assets can be people, processes, infrastructure, information or applications.



Which of the following matrices is used to specify risk thresholds?

  1. Risk indicator matrix
  2. Impact matrix
  3. Risk scenario matrix
  4. Probability matrix

Answer(s): A

Explanation:

Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks.

Incorrect Answers:
B, D: Estimation of risk's consequence and priority for awareness is conducted by using probability and impact matrix. These matrices specify the mixture of probability and impact that directs to rating the risks as low, moderate, or high priority.

C: A risk scenario is a description of an event that can lay an impact on business, when and if it would occur.

Some examples of risk scenario are of: Having a major hardware failure
Failed disaster recovery planning (DRP) Major software failure



What are the two MAJOR factors to be considered while deciding risk appetite level? Each correct answer represents a part of the solution. Choose two.

  1. The amount of loss the enterprise wants to accept
  2. Alignment with risk-culture
  3. Risk-aware decisions
  4. The capacity of the enterprise's objective to absorb loss.

Answer(s): A,D

Explanation:

Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit of its mission. This is the responsibility of the board to decide risk appetite of an enterprise. When considering the risk appetite levels for the enterprise, the following two major factors should be taken into account:

The enterprise's objective capacity to absorb loss, e.g., financial loss, reputation damage, etc.
The culture towards risk taking-cautious or aggressive. In other words, the amount of loss the enterprise wants to accept in pursue of its objective fulfillment.

Incorrect Answers:
B: Alignment with risk-culture is also one of the factors but is not as important as these two.

C: Risk aware decision is not the factor, but is the result which uses risk appetite information as its input.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts