View All CRISC Actual Exam Questions, Answers and Explanations for Free [Q606-Q622]

Share

View All CRISC Actual Exam Questions, Answers and Explanations for Free

CRISC Exam Free Practice Test with100% Accurate Answers

NEW QUESTION # 606
A risk practitioner has collaborated with subject matter experts from the IT department to develop a large list of potential key risk indicators (KRIs) for all IT operations within the organization Of the following, who should review the completed list and select the appropriate KRIs for implementation?

  • A. IT control owners
  • B. IT auditors
  • C. IT risk owners
  • D. IT security managers

Answer: C


NEW QUESTION # 607
The compensating control that MOST effectively addresses the risk associated with piggybacking into a restricted area without a dead-man door is:

  • A. using biometric door locks
  • B. security awareness training
  • C. using two-factor authentication
  • D. requiring employees to wear ID badges

Answer: D

Explanation:
Section: Volume D


NEW QUESTION # 608
David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000.
What type of risk response has David adopted?

  • A. Transfer
  • B. Avoidance
  • C. Mitigation
  • D. Acceptance

Answer: C

Explanation:
Explanation/Reference:
Explanation:
As David is taking some operational controls to reduce the likelihood and impact of the risk, hence he is adopting risk mitigation. Risk mitigation means that actions are taken to reduce the likelihood and/or impact of risk.
Incorrect Answers:
A: Risk avoidance means that activities or conditions that give rise to risk are discontinued. But here, no such actions are taken, therefore risk in not avoided.
C: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted in case it occurs. As David has taken some actions in case to defend, therefore he is not accepting risk.
D: David has not hired a vendor to manage the risk for his project; therefore he is not transferring the risk.


NEW QUESTION # 609
When it appears that a project risk is going to happen, what is this term called?

  • A. Trigger
  • B. Threshold
  • C. is incorrect. Issues are events that come about as a result of risk events. Risks become
    issues only after they have actually occurred.
  • D. Contingency response
  • E. Explanation:
    A trigger is a warning sign or a condition that a risk event is likely to occur within the project.
  • F. is incorrect. A contingency response is a pre-planned response for a risk event, such as
    a rollback plan.
  • G. Issue

Answer: A

Explanation:
is incorrect. A threshold is a limit that the risk passes to actually become an issue in the
project.


NEW QUESTION # 610
John works as a project manager for BlueWell Inc. He is determining which risks can affect the project. Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?

  • A. Schedule management plan
  • B. Activity cost estimates
  • C. Risk management plan
  • D. Activity duration estimates

Answer: D

Explanation:
Section: Volume C
Explanation:
The activity duration estimates review is valuable in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk.
Incorrect Answers:
B: The activity cost estimates review is valuable in identifying risks as it provides a quantitative assessment of the expected cost to complete scheduled activities and is expressed as a range, with a width of the range indicating the degrees of risk.
C: A Risk management plan is a document arranged by a project manager to estimate the effectiveness, predict risks, and build response plans to mitigate them. It also consists of the risk assessment matrix.
D: It describes how the schedule contingencies will be reported and assessed.


NEW QUESTION # 611
To mitigate the risk of using a spreadsheet to analyze financial data, IT has engaged a third-party vendor to deploy a standard application to automate the process. Which of the following parties should own the risk associated with calculation errors?

  • A. Third-party provider
  • B. IT department
  • C. business owner
  • D. Risk manager

Answer: A


NEW QUESTION # 612
A maturity model is MOST useful to an organization when it:

  • A. provides a reference for progress
  • B. benchmarks against other organizations
  • C. provides risk metrics.
  • D. defines a qualitative measure of risk

Answer: A


NEW QUESTION # 613
Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?

  • A. Vendor selection process
  • B. Stakeholder identification
  • C. Quality baseline
  • D. Process improvement plan

Answer: C

Explanation:
Section: Volume B
Explanation:
When changes enter the project scope, the quality baseline is also updated. The quality baseline records the quality objectives of the project and is based on the project requirements.
Incorrect Answers:
A: The stakeholder identification process will not change because of scope additions. The number of stakeholders may change but how they are identified will not be affected by the scope addition.
B: The vendor selection process likely will not change because of added scope changes. The vendors in the project may, but the selection process will not.
D: The process improvement plan aims to improve the project's processes regardless of scope changes.


NEW QUESTION # 614
Which of the following BEST indicates that an organization has implemented IT performance requirements?

  • A. Accountability matrix
  • B. Vendor references
  • C. Service level agreements (SLA)
  • D. Benchmarking data

Answer: C


NEW QUESTION # 615
The annualized loss expectancy (ALE) method of risk analysis:

  • A. can be used to determine the indirect business impact.
  • B. helps in calculating the expected cost of controls
  • C. can be used m a cost-benefit analysts
  • D. uses qualitative risk rankings such as low. medium and high.

Answer: A


NEW QUESTION # 616
You work as a Project Manager for Company Inc. You are incorporating a risk response owner to take the job for each agreed-to and funded risk response. On which of the following processes are you working?

  • A. Qualitative Risk Analysis
  • B. Quantitative Risk Analysis
  • C. Plan risk response
  • D. Identify Risks

Answer: C

Explanation:
Section: Volume D
Explanation:
The plan risk response project management process aims to reduce the threats to the project objectives and to increase opportunities. It follows the perform qualitative risk analysis process and perform quantitative risk analysis process. Plan risk response process includes the risk response owner to take the job for each agreed- to and funded risk response. This process addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget. The inputs to the plan risk response process are as follows:
* Risk register
* Risk management plan
Incorrect Answers:
A: Quantitative analysis is the use of numerical and statistical techniques rather than the analysis of verbal material for analyzing risks. Some of the quantitative methods of risk analysis are:
* Internal loss method
* External data analysis
* Business process modeling (BPM) and simulation
* Statistical process control (SPC)
B: Identify Risks is the process of determining which risks may affect the project. It also documents risks' characteristics. The Identify Risks process is part of the Project Risk Management knowledge area. As new risks may evolve or become known as the project progresses through its life cycle, Identify Risks is an iterative process. The process should involve the project team so that they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Risk Register is the only output of this process.
D: Qualitative analysis is the definition of risk factors in terms of high/medium/low or a numeric scale (1 to 10).
Hence it determines the nature of risk on a relative scale.
Some of the qualitative methods of risk analysis are:
* Scenario analysis- This is a forward-looking process that can reflect risk for a given point in time.
* Risk Control Self -assessment (RCSA) - RCSA is used by enterprises (like banks) for the identification and evaluation of operational risk exposure. It is a logical first step and assumes that business owners and managers are closest to the issues and have the most expertise as to the source of the risk. RCSA is a constructive process in compelling business owners to contemplate, and then explain, the issues at hand with the added benefit of increasing their accountability.


NEW QUESTION # 617
Which of the following BEST measures the operational effectiveness of risk management capabilities?

  • A. Key performance indicators (KPIs)
  • B. Key risk indicators (KRIs)
  • C. Explanation:
    Key performance indicators (KPIs) provide insights into the operational effectiveness of the concept or capability that they monitor. Key Performance Indicators is a set of measures that a company or industry uses to measure and/or compare performance in terms of meeting their strategic and operational goals. KPIs vary with company to company, depending on their priorities or performance criteria. A company must establish its strategic and operational goals and then choose their KPIs which can best reflect those goals. For example, if a software company's goal is to have the fastest growth in its industry, its main performance indicator may be the measure of its annualrevenue growth.
  • D. Capability maturity models (CMMs)
  • E. Metric thresholds

Answer: A,C

Explanation:
is incorrect. Key risk indicators (KRIs) only provide insights into potential risks that may exist or be realized within a concept or capability that they monitor. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have. Answer: A is incorrect. Capability maturity models (CMMs) assess the maturity of a concept or capability and do not provide insights into operational effectiveness. Answer: B is incorrect. Metric thresholds are decision or action points that are enacted when a KPI or KRI reports a specific value or set of values. It odes not provide any insights into operational effectiveness.


NEW QUESTION # 618
Which of the following provides the BEST evidence of the effectiveness of an organization's account provisioning process?

  • A. Entitlement reviews
  • B. User provisioning
  • C. Security log monitoring
  • D. Role-based access controls

Answer: B

Explanation:
Section: Volume D


NEW QUESTION # 619
An organization striving to be on the leading edge in regard to risk monitoring would MOST likely implement:

  • A. procedures to monitor the operation of controls.
  • B. a tool for monitoring critical activities and controls.
  • C. monitoring activities for all critical assets.
  • D. real-time monitoring of risk events and control exceptions,

Answer: A


NEW QUESTION # 620
Which of the following is MOST useful when communicating risk to management?

  • A. Maturity model
  • B. Risk policy
  • C. Risk map
  • D. Audit report

Answer: C


NEW QUESTION # 621
Which of the following are the principles of access controls?
Each correct answer represents a complete solution. Choose three.

  • A. Confidentiality
  • B. Availability
  • C. Integrity
  • D. Reliability

Answer: A,B,C

Explanation:
The principles of access controls focus on availability, integrity, and confidentiality, as loss or
danger is directly related to these three:
Loss of confidentiality- Someone sees a password or a company's secret formula, this is referred
to as loss of confidentiality.
Loss of integrity- An e-mail message is modified in transit, a virus infects a file, or someone makes
unauthorized changes to a Web site is referred to as loss of integrity.
Loss of availability- An e-mail server is down and no one has e-mail access, or a file server is
down so data files aren't available comes under loss of availability.


NEW QUESTION # 622
......

CRISC dumps Free Test Engine Verified By It Certified Experts: https://www.verifieddumps.com/CRISC-valid-exam-braindumps.html

Realistic CRISC Accurate & Verified Answers As Experienced in the Actual Test!: https://drive.google.com/open?id=1U9ihggIFCGJ9xqFbrqRtsS66Blr10cuW