CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 98)

Page 97 of 451
PDF with 1871 Questions

You are the project manager of the NHQ project in Bluewell Inc. The project has an asset valued at $200,000 and is subjected to an exposure factor of 45 percent. If the annual rate of occurrence of loss in this project is once a month, then what will be the Annual Loss Expectancy (ALE) of the project?

  1. $ 2,160,000
  2. $ 95,000
  3. $ 108,000
  4. $ 90,000

Answer(s): C

Explanation:

The ALE of this project will be $ 108,000.
Single Loss Expectancy is a term related to Quantitative Risk Assessment. It can be defined as the monetary value expected from the occurrence of a risk on an asset. It is mathematically expressed as follows:
SLE = Asset value * Exposure factor

Therefore,
SLE = 200,000 * 0.45
= $ 90,000

As the loss is occurring once every month, therefore ARO is 12. Now ALE can be calculated as follows: ALE = SLE * ARO
= 90,000 * 12
= $ 108,000



Which of the following is a performance measure that is used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments?

  1. Return On Security Investment
  2. Total Cost of Ownership
  3. Return On Investment
  4. Redundant Array of Inexpensive Disks

Answer(s): C

Explanation:

Return On Investment (ROI) is a performance measure used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments. To calculate ROI, the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio.

The return on investment formula:
ROI = (Gain from investment - Cost of investment) / Cost of investment

In the above formula "gains from investment", refers to the proceeds obtained from selling the investment of interest.

Incorrect Answers:
A, B: These options are not related to the measurement of efficiency of an investment.

D: RAID is described as a redundant array of inexpensive disks. It is a technology that allows computer users to achieve high levels of storage reliability from low-cost and less reliable PC-class disk-drive components, via the technique of arranging the devices into arrays for redundancy.



You are the program manager for your organization and you are working with Alice, a project manager in her program. Alice calls you and insists you to add a change to program scope. You agree for that the change. What must Alice do to move forward with her change request?

  1. Add the change to the program scope herself, as she is a project manager
  2. Create a change request charter justifying the change request
  3. Document the change request in a change request form.
  4. Add the change request to the scope and complete integrated change control

Answer(s): C

Explanation:

Change requests must be documented to be considered. Alice should create a change request form and follow the procedures of the change control system.



Which of the following business requirements MOST relates to the need for resilient business and information systems processes?

  1. Confidentiality
  2. Effectiveness
  3. Integrity
  4. Availability

Answer(s): D

Explanation:

Availability relates to information being available when required by the business process in present as well as in future. Resilience is the ability to provide and maintain an acceptable level of service during disasters or when facing operational challenges. Hence they are most closely related.

Incorrect Answers:
A: Integrity relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations. While the lack of system resilience can in some cases affect data integrity, resilience is more closely linked to the business information requirement of availability.

B: Confidentiality deals with the protection of sensitive information from unauthorized disclosure. While the lack of system resilience can in some cases affect data confidentiality, resilience is more closely linked to the business information requirement
of availability.

C: Effectiveness deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner. While the lack of system resilience can in some cases affect effectiveness, resilience is more closely linked to the business information requirement of availability.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts