Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?
Answer(s): B
The plan risk response project management process aims to reduce the threats to the project objectives and to increase opportunities. It follows the perform qualitative risk analysis process and perform quantitative risk analysis process. Plan risk response process includes the risk response owner to take the job for each agreed- to and funded risk response. This process addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget. The inputs to the plan risk response process are as follows:Risk registerRisk management planIncorrect Answers:A: Monitor and Control Risk is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project. It can involve choosing alternative strategies, executing a contingency or fallback plan, taking corrective action, and modifying the project management plan.C: Identify Risks is the process of determining which risks may affect the project. It also documents risks' characteristics. The Identify Risks process is part of the Project Risk Management knowledge area. As new risks may evolve or become known as the project progresses through its life cycle, Identify Risks is an iterative process. The process should involve the project team so that they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Risk Register is the only output of this process.D: Qualitative analysis is the definition of risk factors in terms of high/medium/low or a numeric scale (1 to 10). Hence it determines the nature of risk on a relative scale.Some of the qualitative methods of risk analysis are:Scenario analysis- This is a forward-looking process that can reflect risk for a given point in time.Risk Control Self -assessment (RCSA) - RCSA is used by enterprises (like banks) for the identification and evaluation of operational risk exposure. It is a logical first step and assumes that business owners and managers are closest to the issues and have the most expertise as to the source of the risk. RCSA is a constructive process in compelling business owners to contemplate, and then explain, the issues at hand with the added benefit of increasing their accountability.
Out of several risk responses, which of the following risk responses is used for negative risk events?
Answer(s): D
Among the given choices only Acceptance response is used for negative risk events. Risk acceptance means that no action is taken relative to a particular risk; loss is accepted if it occurs. If an enterprise adopts a risk acceptance, it should carefully consider who can accept the risk. Risk should be accepted only by senior management in relationship with senior management and the board. There are two alternatives to the acceptance strategy, passive and active.Passive acceptance means that enterprise has made no plan to avoid or mitigate the risk but willing to accept the consequences of the risk.Active acceptance is the second strategy and might include developing contingency plans and reserves to deal with risks.Incorrect Answers:A, B, C: These all are used to deal with opportunities or positive risks, and not with negative risks.
Which of the following risks refer to probability that an actual return on an investment will be lower than the investor's expectations?
Probability that an actual return on an investment will be lower than the investor's expectations is termed as investment risk or expense risk. All investments have some level of risk associated with it due to the unpredictability of the market's direction. This includes consideration of the overall IT investment portfolio.Incorrect Answers:A: The risk that data cannot be relied on because they are unauthorized, incomplete or inaccurate is termed as integrity risks.B: The risk of IT projects failing to meet objectives due to lack of accountability and commitment is referring to as project risk ownership.C: The risk associated with not receiving the right information to the right people (or process or systems) at the right time to allow the right action to be taken is termed as relevance risk.
What are the PRIMARY requirements for developing risk scenarios? Each correct answer represents a part of the solution. Choose two.
Answer(s): A,B
Creating a scenario requires determination of the value of an asset or a business process at risk and the potential threats and vulnerabilities that could cause loss. The risk scenario should be assessed for relevance and realism, and then entered into the risk register if found to be relevant.In practice following steps are involved in risk scenario development: First determine manageable set of scenarios, which include:Frequently occurring scenarios in the industry or product area.Scenarios representing threat sources that are increasing in count or severity level. Scenarios involving legal and regulatory requirements applicable to the business.After determining manageable risk scenarios, perform a validation against the business objectives of the entity.Based on this validation, refine the selected scenarios and then detail them to a level in line with the criticality of the entity.Lower down the number of scenarios to a manageable set. Manageable does not signify a fixed number, but should be in line with the overall importance and criticality of the unit.Risk factors kept in a register so that they can be reevaluated in the next iteration and included for detailed analysis if they have become relevant at that time.Risk factors kept in a register so that they can be reevaluated in the next iteration and included for detailed analysis if they have become relevant at that time.Include an unspecified event in the scenarios, that is, address an incident not covered by other scenarios.Incorrect Answers:C, D: Determination of actors and threat type are not the primary requirements for developing risk scenarios, but are the components that are determined during risk scenario development.
What are the responsibilities of the CRO?Each correct answer represents a complete solution. Choose three.
Answer(s): A,C,D
Share your comments for ISACA CRISC exam with other users:
please help us with 1z0-1107-2 dumps
please upload the practice questions
need this dumps
preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.
new to this site but i feel it is good
the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
good questions
Delayed the exam until December 29th.
A and D are True
good one with explanation
This is one of the most useful study guides I have ever used.