CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CRISC

Free CRISC Exam Braindumps (page: 99)

Page 98 of 451
PDF with 1871 Questions

Which of the following serve as the authorization for a project to begin?

  1. Approval of project management plan
  2. Approval of a risk response document
  3. Approval of risk management document
  4. Approval of a project request document

Answer(s): D

Explanation:

Approval of a project initiation document (PID) or a project request document (PRD) is the authorization for a project to begin.

Incorrect Answers:
A: Project management plan is being made after the project is being authorized.

B: Risk response document comes under risk management process, hence the latter phase in project development process.

C: Risk management document is being prepared later after the project initiation, during the risk management plan. It has no scope during project initialization.



In which of the following conditions business units tend to point the finger at IT when projects are not delivered on time?

  1. Threat identification in project
  2. System failure
  3. Misalignment between real risk appetite and translation into policies
  4. Existence of a blame culture

Answer(s): D

Explanation:

In a blame culture, business units tend to point the finger at IT when projects are not delivered on time or do not meet expectations. In doing so, they fail to realize how the business unit's involvement up front affects project success. In extreme cases, the business unit may assign blame for a failure to meet the expectations that the unit never clearly communicated.

Incorrect Answers:
A, B, C: These are not relevant to the pointing of finger at IT when projects are not delivered on time.



Which of the following methods involves the use of predictive or diagnostic analytical tool for exposing risk factors?

  1. Scenario analysis
  2. Sensitivity analysis
  3. Fault tree analysis
  4. Cause and effect analysis

Answer(s): C



Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

  1. Sammy is correct, because she is the project manager.
  2. Sammy is correct, because organizations can create risk scores for each objective of the project.
  3. Harry is correct, the risk probability and impact matrix is the only approach to risk assessment.
  4. Harry is correct, because the risk probability and impact considers all objectives of the project.

Answer(s): B

Explanation:

Sammy She certainly can create an assessment for a risk event for time cost, and scope. It is probable that a risk event may have an effect on just one or more objectives so an assessment of the objective is acceptable.

Incorrect Answers:
A: Just because Sammy is the project manager, it is not necessary that she is right. C: Harry is incorrect as there are multiple approaches to risk assessment for a project
D: Harry's reasoning is flawed as each objective can be reviewed for the risk's impact rather than the total project.






Post your Comments and Discuss ISACA CRISC exam with other Community members:

CRISC Discussions & Posts