CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 22)

Page 21 of 451
PDF with 1871 Questions

What are the requirements of monitoring risk?
Each correct answer represents a part of the solution. Choose three.

  1. Information of various stakeholders
  2. Preparation of detailed monitoring plan
  3. Identifying the risk to be monitored
  4. Defining the project's scope

Answer(s): B,C,D

Explanation:

It is important to first understand the risk to be monitored, prepare a detailed plan and define the project's scope for monitoring risk. In the case of a monitoring project, this step should involve process owners, data owners, system custodians and other process stakeholders.

Incorrect Answers:
A: Data regarding stakeholders of the project is not required in any phase of risk monitoring.



Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

  1. Risk transfer
  2. Risk acceptance
  3. Risk avoidance
  4. Risk mitigation

Answer(s): A

Explanation:

Risk transfer is the practice of passing risk from one entity to another entity. In other words, if a company is covered under a liability insurance policy providing various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc., it means it has transferred its security risks to the insurance company.

Incorrect Answers:
B: Risk acceptance is the practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way.

C: Risk avoidance is the practice of not performing an activity that could carry risk. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed.

D: Risk mitigation is the practice of reducing the severity of the loss or the likelihood of the loss from occurring.



You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve this goal of improving the project's performance through risk analysis with your project stakeholders?

  1. Involve subject matter experts in the risk analysis activities
  2. Involve the stakeholders for risk identification only in the phases where the project directly affects them
  3. Use qualitative risk analysis to quickly assess the probability and impact of risk events
  4. Focus on the high-priority risks through qualitative risk analysis

Answer(s): D

Explanation:

By focusing on the high-priority of risk events through qualitative risk analysis you can improve the project's performance.

Qualitative analysis is the definition of risk factors in terms of high/medium/low or a numeric scale (1 to 10). Hence it determines the nature of risk on a relative scale.

Some of the qualitative methods of risk analysis are:
Scenario analysis- This is a forward-looking process that can reflect risk for a given point in time.
Risk Control Self -assessment (RCSA) - RCSA is used by enterprises (like banks) for the identification and evaluation of operational risk exposure. It is a logical first step and assumes that business owners and managers are closest to the issues and have the most expertise as to the source of the risk. RCSA is a constructive process in compelling business owners to contemplate, and then explain, the issues at hand with the added benefit of increasing their accountability.

Incorrect Answers:
A: Subject matter experts can help the qualitative risk assessment, but by focusing on high-priority risks the project's performance can improve by addressing these risk events.

B: Stakeholders should be involved throughout the project as situations within the project demand their input to risk identification and analysis.

C: Qualitative analysis does use a fast approach of analyzing project risks, but it's not the best answer for this



You are a project manager for your organization and you're working with four of your key stakeholders. One of the stakeholders is confused as to why you're not discussing the current problem in the project during the risk identification meeting. Which one of the following statements best addresses when a project risk actually happens?

  1. Project risks are uncertain as to when they will happen.
  2. Risks can happen at any time in the project.
  3. Project risks are always in the future.
  4. Risk triggers are warning signs of when the risks will happen.

Answer(s): C

Explanation:

According to the PMBOK, a project risk is always in the future. If the risk event has already happened, then it is an issue, not a risk.

Incorrect Answers:
A: You can identify risks before they occur and not after their occurrence. B: Risks can only happen in the future.

D: Triggers are warning signs and conditions of risk events, but this answer isn't the best choice for this question.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts