CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 8)

Page 7 of 451
PDF with 1871 Questions

What is the PRIMARY need for effectively assessing controls?

  1. Control's alignment with operating environment
  2. Control's design effectiveness
  3. Control's objective achievement
  4. Control's operating effectiveness

Answer(s): C

Explanation:

Controls can be effectively assessed only by determining how accurately the control objective is achieved within the environment in which they are operating. No conclusion can be reached as to the strength of the control until the control has been adequately tested.

Incorrect Answers:
A: Alignment of control with the operating environment is essential but after the control's accuracy in achieving objective. In other words, achieving objective is the top most priority in assessing controls.

B: Control's design effectiveness is also considered but is latter considered after achieving objectives. D: Control's operating effectiveness is considered but after its accuracy in objective achievement.



You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?

  1. Human resource needs
  2. Quality control concerns
  3. Costs
  4. Risks

Answer(s): D

Explanation:

Fast tracking allows entire phases of the project to overlap and generally increases risks within the project.

Fast tracking is a technique for compressing project schedule. In fast tracking, phases are overlapped that would normally be done in sequence. It is shortening the project schedule without reducing the project scope.

Incorrect Answers:
A: Human resources are not affected by fast tracking in most scenarios.

B: Quality control concerns usually are not affected by fast tracking decisions. C: Costs do not generally increase based on fast tracking decisions.



David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?

  1. Avoidance
  2. Mitigation
  3. Acceptance
  4. Transfer

Answer(s): B

Explanation:

As David is taking some operational controls to reduce the likelihood and impact of the risk, hence he is adopting risk mitigation. Risk mitigation means that actions are taken to reduce the likelihood and/or impact of risk.

Incorrect Answers:
A: Risk avoidance means that activities or conditions that give rise to risk are discontinued. But here, no such actions are taken, therefore risk in not avoided.

C: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted in case it occurs. As David has taken some actions in case to defend, therefore he is not accepting risk.

D: David has not hired a vendor to manage the risk for his project; therefore he is not transferring the risk.



Which of the following is the MOST important objective of the information system control?

  1. Business objectives are achieved and undesired risk events are detected and corrected
  2. Ensuring effective and efficient operations
  3. Developing business continuity and disaster recovery plans
  4. Safeguarding assets

Answer(s): A

Explanation:

The basic purpose of Information System control in an organization is to ensure that the business objectives are achieved and undesired risk events are detected and corrected. Some of the IS control objectives are given below:
Safeguarding assets
Assuring integrity of sensitive and critical application system environments Assuring integrity of general operating system
Ensuring effective and efficient operations
Fulfilling user requirements, organizational policies and procedures, and applicable laws and regulations Changing management
Developing business continuity and disaster recovery plans Developing incident response and handling plans

Hence the most important objective is to ensure that business objectives are achieved and undesired risk events are detected and corrected.

Incorrect Answers:
B, C, D: These are also the objectives of the information system control but are not the best answer.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts