CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 28)

Page 27 of 451
PDF with 1871 Questions

FISMA requires federal agencies to protect IT systems and data. How often should compliance be audited by an external organization?

  1. Annually
  2. Quarterly
  3. Every three years
  4. Never

Answer(s): A

Explanation:

Inspection of FISMA is required to be done annually. Each year, agencies must have an independent evaluation of their program. The objective is to determine the effectiveness of the program. These evaluations include:
Testing for effectiveness: Policies, procedures, and practices are to be tested. This evaluation does not test every policy, procedure, and practice. Instead, a representative sample is tested.
An assessment or report: This report identifies the agency's compliance as well as lists compliance with FISMA. It also lists compliance with other standards and guidelines.

Incorrect Answers:
B, C, D: Auditing of compliance by external organization is done annually, not quarterly or every three years.



Which of the following is the FOREMOST root cause of project risk? Each correct answer represents a complete solution. Choose two.

  1. New system is not meeting the user business needs
  2. Delay in arrival of resources
  3. Lack of discipline in managing the software development process
  4. Selection of unsuitable project methodology

Answer(s): C,D

Explanation:

The foremost root cause of project risk is:
A lack of discipline in managing the software development process
Selection of a project methodology that is unsuitable to the system being developed

Incorrect Answers:
A: The risk associated with new system is not meeting the user business needs is business risks, not project risk.
B: This is not direct reason of project risk.



You are the project manager of a SGT project. You have been actively communicating and working with the project stakeholders. One of the outputs of the "manage stakeholder expectations" process can actually create new risk events for your project. Which output of the manage stakeholder expectations process can create risks?

  1. Project management plan updates
  2. An organizational process asset updates
  3. Change requests
  4. Project document updates

Answer(s): C

Explanation:

The manage stakeholder expectations process can create change requests for the project, which can cause new risk events to enter into the project.

Change requests are requests to expand or reduce the project scope, modify policies, processes, plans, or procedures, modify costs or budgets or revise schedules. These requests for a change can be direct or indirect, externally or internally initiated, and legally or contractually imposed or optional. A Project Manager needs to ensure that only formally documented requested changes are processed and only approved change requests are implemented.

Incorrect Answers:
A: The project management plan updates do not create new risks.

B: The organizational process assets updates do not create new risks. D: The project document updates do not create new risks.



Which of the following characteristics of risk controls can be defined as under?

"The separation of controls in the production environment rather than the separation in the design and implementation of the risk"

  1. Trusted source
  2. Secure
  3. Distinct
  4. Independent

Answer(s): C

Explanation:

A control or countermeasure which does not overlap in its performance with another control or countermeasure is considered as distinct. Hence the separation of controls in the production environment rather than the separation in the design and implementation of the risk refers to distinct.

Incorrect Answers:
A: Trusted source refers to the commitment of the people designing, implementing, and maintenance of the control towards the security policy.

B: Secure controls refers to the activities ability to protect from exploitation or attack.

D: The separation in design, implementation, and maintenance of controls or countermeasures are refer to as independent. Hence this answer is not valid.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts