CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 80)

Page 79 of 451
PDF with 1871 Questions

You are the project manager of your enterprise. While performing risk management, you are given a task to identify where your enterprise stands in certain practice and also to suggest the priorities for improvements. Which of the following models would you use to accomplish this task?

  1. Capability maturity model
  2. Decision tree model
  3. Fishbone model
  4. Simulation tree model

Answer(s): A

Explanation:

Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level (having nonexistent or unstructured processes) to the most mature (having adopted and optimized the use of good practices).

The levels within a capability maturity model are designed to allow an enterprise to identify descriptions of its current and possible future states. In general, the purpose is to:
Identify, where enterprises are in relation to certain activities or practices. Suggest how to set priorities for improvements

Incorrect Answers:
D: There is no such model exists in risk management process.

B: Decision tree analysis is a risk analysis tool that can help the project manager in determining the best risk response. The tool can be used to measure probability, impact, and risk exposure and how the selected risk response can affect the probability and/or impact of the selected risk event. It helps to form a balanced image of the risks and opportunities connected with each possible course of action. This makes them mostly useful for choosing between different strategies, projects, or investment opportunities particularly when the resources are limited. A decision tree is a decision support tool that uses a tree-like graph or model of decisions and their possible consequences, including chance event outcomes, resource costs, and utility.

C: Fishbone diagrams or Ishikawa diagrams shows the relationships between the causes and effects of problems.



You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a server. For this assessment you need to calculate monetary value of the server. On which of the following bases do you calculate monetary value?

  1. Cost to obtain replacement
  2. Original cost to acquire
  3. Annual loss expectancy
  4. Cost of software stored

Answer(s): A

Explanation:

The monetary value of the server should be based on the cost of its replacement. However, the financial impact to the enterprise may be much broader, based on the function that the server performs for the business and the value it brings to the enterprise.

Incorrect Answers:
B, C, D: Cost of software is not been counted because it can be restored from the back-up media. On the other hand' Ale for all risk related to the server does not represent the server's value. Lastly, the original cost may be significantly different from the current cost and, therefore, not relevant to this.



Which of the following is the BEST way of managing risk inherent to wireless network?

  1. Enabling auditing on every host that connects to a wireless network
  2. Require private, key-based encryption to connect to the wireless network
  3. Require that every host that connect to this network have a well-tested recovery plan
  4. Enable auditing on every connection to the wireless network

Answer(s): B

Explanation:

As preventive control and prevention is preferred over detection and recovery, therefore, private and key-based encryption should be adopted for managing risks.

Incorrect Answers:
A, C, D: As explained in above section preventive control and prevention is preferred over detection and recovery, hence these are less preferred way.



You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project?

  1. Conduct a feasibility study
  2. Acquire software
  3. Define requirements of project
  4. Plan project management

Answer(s): A

Explanation:

Conducting a feasibility study begins once initial approval has been given to move forward with a project. It includes an analysis to clearly define the need and to identify alternatives for addressing the need.

Incorrect Answers:
B: Acquiring software involves building new or modifying existing hardware or software after final approval by the stakeholder, which is not a phase in the standard SDLC process. If a decision was reached to acquire rather than develop software, this task should occur after feasibility study and defining requirements.

C: Requirements of the project is being defined after conducting feasibility study.

D: This is latter phase in project development process.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts