CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 23)

Page 22 of 451
PDF with 1871 Questions

Which of the following is the MOST effective method for indicating that the risk level is approaching a high or unacceptable level of risk?

  1. Risk register
  2. Cause and effect diagram
  3. Risk indicator
  4. Return on investment

Answer(s): C

Explanation:

Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks.

Incorrect Answers:
A: A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains:
A description of the risk
The impact should this event actually occur The probability of its occurrence
Risk Score (the multiplication of Probability and Impact)
A summary of the planned response should the event occur
A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.

D: Return On Investment (ROI) is a performance measure used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments. To calculate ROI, the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio.

The return on investment formula:
ROI= (Gain from investment - Cost of investment) / Cost of investment

In the above formula "gains from investment", refers to the proceeds obtained from selling the investment of interest.



You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

  1. Risk Management Plan
  2. Stakeholder management strategy
  3. Communications Management Plan
  4. Resource Management Plan

Answer(s): C

Explanation:

The Communications Management Plan defines, in regard to risk management, who will be available to share information on risks and responses throughout the project.

The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. The Communications Management Plan sets the communication structure for the project. This structure provides guidance for communication throughout the project's life and is updated as communication needs change. The Communication Managements Plan identifies and defines the roles of persons concerned with the project. It includes a matrix known as the communication matrix to map the communication requirements of the project.

Incorrect Answers:
A: The Risk Management Plan defines risk identification, analysis, response, and monitoring. B: The stakeholder management strategy does not address risk communications.
D: The Resource Management Plan does not define risk communications.



Your project spans the entire organization. You would like to assess the risk of your project but worried about that some of the managers involved in the project could affect the outcome of any risk identification meeting. Your consideration is based on the fact that some employees would not want to publicly identify risk events that could declare their supervision as poor. You would like a method that would allow participants to anonymously identify risk events. What risk identification method could you use?

  1. Delphi technique
  2. Root cause analysis
  3. Isolated pilot groups
  4. SWOT analysis

Answer(s): A

Explanation:

The Delphi technique uses rounds of anonymous surveys to build consensus on project risks. Delphi is a technique to identify potential risk. In this technique, the responses are gathered via a QUESTION: and their inputs are organized according to their contents. The collected responses are sent back to these experts for further input, addition, and comments. The final list of risks in the project is prepared after that. The participants in this technique are anonymous and therefore it helps prevent a person from unduly influencing the others in the group. The Delphi technique helps in reaching the consensus quickly.

Incorrect Answers:
B: Root cause analysis is not an anonymous approach to risk identification. C: Isolated pilot groups is not a valid risk identification activity.
D: SWOT analysis evaluates the strengths, weaknesses, opportunities, and threats of the project.



Which of the following represents lack of adequate controls?

  1. Vulnerability
  2. Threat
  3. Asset
  4. Impact

Answer(s): A

Explanation:

Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware, operating systems, firmware, applications, and configuration files. Hence lack of adequate controls represents vulnerability and would ultimately cause threat to the enterprise.

Incorrect Answers:
B: Threat is the potential cause of unwanted incident.

C: Assets are economic resources that are tangible or intangible, and is capable of being owned or controlled to produce value.

D: Impact is the measure of the financial loss that the threat event may have.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts