Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA Certified in Risk and Information Systems Control CRISC Exam Questions in PDF

Free ISACA CRISC Dumps Questions (page: 12)

CRISC PDF — 1895 Questions

Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response?

  1. Enhancing
  2. Positive
  3. Opportunistic
  4. Exploiting

Answer(s): D

Explanation:

This is an example of exploiting a positive risk - a by-product of a project is an excellent example of exploiting a risk. Exploit response is one of the strategies to negate risks or threats that appear in a project. This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. Exploiting a risk event provides opportunities for positive impact on a project. Assigning more talented resources to the project to reduce the time to completion is an example of exploit response.

Incorrect Answers:
A: Enhancing is a positive risk response that describes actions taken to increase the odds of a risk event to happen.

B: This is an example of a positive risk, but positive is not a risk response. C: Opportunistic is not a valid risk response.



Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?

  1. ALE= ARO/SLE
  2. ARO= SLE/ALE
  3. ARO= ALE*SLE
  4. ALE= ARO*SLE

Answer(s): D

Explanation:

A quantitative risk assessment quantifies risk in terms of numbers such as dollar values. This involves gathering data and then entering it into standard formulas. The results can help in identifying the priority of risks. These results are also used to determine the effectiveness of controls. Some of the terms associated with quantitative risk assessments are:
Single loss expectancy (SLE)-It refers to the total loss expected from a single incident. This incident can occur when vulnerability is being exploited by threat. The loss is expressed as a dollar value such as
$1,000. It includes the value of data, software, and hardware. SLE = Asset value * Exposure factor
Annual rate of occurrence (ARO)-It refers to the number of times expected for an incident to occur in a year. If an incident occurred twice a month in the past year, the ARO is 24. Assuming nothing changes, it is likely that it will occur 24 times next year. Annual loss expectancy (ALE)-It is the expected loss for a year. ALE is calculated by multiplying SLE with ARO. Because SLE is a given in a dollar value, ALE is also given in a dollar value. For example, if the SLE is $1,000 and the ARO is 24, the ALE is $24,000.
ALE = SLE * ARO Safeguard value-This is the cost of a control. Controls are used to mitigate risk. For example, antivirus software of an average cost of $50 for each computer. If there are 50 computers, the safeguard value is $2,500. A, B, C: These are wrong formulas and are not used in quantitative risk assessment.



Which of the following statements are true for enterprise's risk management capability maturity level 3?

  1. Workflow tools are used to accelerate risk issues and track decisions
  2. The business knows how IT fits in the enterprise risk universe and the risk portfolio view
  3. The enterprise formally requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals
  4. Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized

Answer(s): A,B,D

Explanation:

An enterprise's risk management capability maturity level is 3 when:
Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized.
There is a selected leader for risk management, engaged with the enterprise risk committee, across the enterprise.
The business knows how IT fits in the enterprise risk universe and the risk portfolio view. Local tolerances drive the enterprise risk tolerance.
Risk management activities are being aligned across the enterprise.

Formal risk categories are identified and described in clear terms.
Situations and scenarios are included in risk awareness training beyond specific policy and structures and promote a common language for communicating risk.
Defined requirements exist for a centralized inventory of risk issues. Workflow tools are used to accelerate risk issues and track decisions.

Incorrect Answers:
C: Enterprise having risk management capability maturity level 5 requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals.



Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

  1. Business management
  2. Business process owner
  3. Chief information officer (CIO)
  4. Chief risk officer (CRO)

Answer(s): A



You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission refers to?

  1. Probabilities
  2. Threats
  3. Vulnerabilities
  4. Impacts

Answer(s): C

Explanation:

Vulnerabilities represent characteristics of information resources that may be exploited by a threat. The given scenario describes such a situation, hence it is a vulnerability.

Incorrect Answers:
A: Probabilities represent the likelihood of the occurrence of a threat, and this scenario does not describe a probability.

B: Threats are circumstances or events with the potential to cause harm to information resources. This scenario does not describe a threat.

D: Impacts represent the outcome or result of a threat exploiting a vulnerability. The stem does not describe an impact.



Viewing page 12 of 361

Share your comments for ISACA CRISC exam with other users:

D
DiligentSam
9/30/2023 10:26:00 AM

need it thx

Anonymous
V
Vani
8/10/2023 8:11:00 PM

good questions

NEW ZEALAND
F
Fares
9/11/2023 5:00:00 AM

good one nice revision

Anonymous
L
Lingaraj
10/26/2023 1:27:00 AM

i love this thank you i need

Anonymous
M
Muhammad Rawish Siddiqui
12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.

SAUDI ARABIA
A
al
6/7/2023 10:25:00 AM

most answers not correct here

Anonymous
B
Bano
1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?

UNITED STATES
O
Oliviajames
10/25/2023 5:31:00 AM

i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!

UNITED STATES
D
Divya
8/27/2023 12:31:00 PM

all the best

UNITED STATES
K
KY
1/1/2024 11:01:00 PM

very usefull document

Anonymous
A
Arun
9/20/2023 4:52:00 PM

nice and helpful questions

INDIA
J
Joseph J
7/11/2023 2:53:00 PM

i found the questions helpful

UNITED STATES
M
Meg
10/12/2023 8:02:00 AM

q 105 . ans is d

INDIA
N
Navaneeth S
7/14/2023 7:57:00 AM

i have interest to get a sybase iq dba certification

UNITED STATES
A
Aish
10/11/2023 5:27:00 AM

want to pass exm.

INDIA
A
Anonymous
6/12/2023 7:23:00 AM

are the answers correct?

INDIA
K
Kris
7/7/2023 9:43:00 AM

good morning, could you please upload this exam again, i need it to test my knowledge in sd-wan with version 7.0.

Anonymous
M
Meghraj mali
10/7/2023 1:47:00 PM

very nice question

CANADA
N
Noel
11/1/2022 9:14:00 PM

i have learning disability and this exam dumps allowed me to focus on the actual questions and not worry about notes and the those other study materials.

SOUTH AFRICA
J
Jas
10/25/2023 6:01:00 PM

165 should be apt

UNITED STATES
N
Neetu
6/22/2023 8:41:00 AM

please upload the dumps, real need of them

Anonymous
M
Mark
10/24/2023 1:34:00 AM

any recent feeedback?

UNITED STATES
G
Gopinadh
8/9/2023 4:05:00 AM

question number 2 is indicating you are giving proper questions. observe and change properly.

Anonymous
S
Santhi
1/1/2024 8:23:00 AM

passed today.40% questions were new.litwere case study,lots of new questions on afd,ratelimit,tm,lb,app gatway.got 2 set series of questions which are not present here.questions on azure cyclecloud, no.of vnet/vms required for implimentation,blueprints assignment/management group etc

INDIA
R
Raviraj Magadum
1/12/2024 11:39:00 AM

practice test

INDIA
S
sivaramakrishnan
7/27/2023 8:12:00 AM

want the dumps for emc content management server programming(cmsp)

Anonymous
A
Aderonke
10/23/2023 1:52:00 PM

brilliant and helpful

UNITED KINGDOM
A
Az
9/16/2023 2:43:00 PM

q75. azure files is pass

SWITZERLAND
K
ketty
11/9/2023 8:10:00 AM

very helpful

Anonymous
S
Sonail
5/2/2022 1:36:00 PM

thank you for these questions. it helped a lot.

UNITED STATES
S
Shariq
7/28/2023 8:00:00 AM

how do i get the h12-724 dumps

Anonymous
A
adi
10/30/2023 11:51:00 PM

nice data dumps

Anonymous
E
EDITH NCUBE
7/25/2023 7:28:00 AM

answers are correct

SOUTH AFRICA
R
Raja
6/20/2023 4:38:00 AM

good explanation

UNITED STATES
AI Tutor 👋 I’m here to help!