CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 79)

Page 78 of 451
PDF with 1871 Questions

You are working in an enterprise. Assuming that your enterprise periodically compares finished goods inventory levels to the perpetual inventories in its ERP system. What kind of information is being provided by the lack of any significant differences between perpetual levels and actual levels?

  1. Direct information
  2. Indirect information
  3. Risk management plan
  4. Risk audit information

Answer(s): B

Explanation:

The lack of any significant differences between perpetual levels and actual levels provides indirect information that its billing controls are operating. It does not provide any direct information.

Incorrect Answers:
A: It does not provide direct information as there is no information about the propriety of cutoff. C, D: These are not the types of information.



In which of the following risk management capability maturity levels does the enterprise takes major business decisions considering the probability of loss and the probability of reward? Each correct answer represents a complete solution. Choose two.

  1. Level 0
  2. Level 2
  3. Level 5
  4. Level 4

Answer(s): C,D

Explanation:

Enterprise having risk management capability maturity level 4 and 5 takes business decisions considering the probability of loss and the probability of reward, i.e., considering all the aspects of risk.

Incorrect Answers:
A: Enterprise having risk management capability maturity level 0 takes business decisions without considering risk credential information.

B: At this low level of risk management capability the enterprise takes decisions considering specific risk issues within functional and business silos (e.g., security, business continuity, operations).



Henry is the project sponsor of the JQ Project and Nancy is the project manager. Henry has asked Nancy to start the risk identification process for the project, but Nancy insists that the project team be involved in the process. Why should the project team be involved in the risk identification?

  1. So that the project team can develop a sense of ownership for the risks and associated risk responsibilities.
  2. So that the project manager can identify the risk owners for the risks within the project and the needed risk responses.
  3. So that the project manager isn't the only person identifying the risk events within the project.
  4. So that the project team and the project manager can work together to assign risk ownership.

Answer(s): A

Explanation:

The best answer to include the project team members is that they'll need to develop a sense of ownership for the risks and associated risk responsibilities.

Incorrect Answers:
B: The reason to include the project team is that the project team needs to develop a sense of ownership for the risks and associated risk responsibilities, not to assign risk ownership and risk responses at this point.

C: While the project manager shouldn't be the only person to identify the risk events, this isn't the best answer.

D: The reason to include the project team is that the project team needs to develop a sense of ownership for the risks and associated risk responsibilities, not to assign risk ownership.



Which of the following establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc.?

  1. Framework
  2. Legal requirements
  3. Standard
  4. Practices

Answer(s): C

Explanation:

Standard establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc. Standards are usually intended for compliance purposes and to provide assurance to others who interact with a process or outputs of a process.

Incorrect Answers:
A: Frameworks are generally accepted, business-process-oriented structures that establish a common language and enable repeatable business processes.

B: These are legal rules underneath which project has to be.

D: Practices are frequent or usual actions performed as an application of knowledge. A leading practice would be defined as an action that optimally applies knowledge in a particular area. They are issued by a "recognized authority" that is appropriate to the subject matter. issuing bodies may include professional associations and academic institutions or commercial entities such as software vendors. They are generally based on a combination of research, expert insight and peer review.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts