ISACA Certified in Risk and Information Systems Control CRISC Dumps in PDF

Free ISACA CRISC Real Questions (page: 172)

Which of the following risk responses include feedback and guidance from well-qualified risk officials and those internal to the project?

  1. Contingent response strategy
  2. Risk Acceptance
  3. Expert judgment
  4. Risk transfer

Answer(s): C

Explanation:

Expert judgment is utilized in developing risk responses, including feedback and guidance from risk management experts and those internal to the project qualified to provide assistance in this process. Expert judgment is a technique based on a set of criteria that has been acquired in a specific knowledge area or product area. It is obtained when the project manager or project team requires specialized knowledge that they do not possess. Expert judgment involves people most familiar with the work of creating estimates. Preferably, the project team member who will be doing the task should complete the estimates. Expert judgment is applied when performing administrative closure activities, and experts should ensure the project or phase closure is performed to the appropriate standards.

Incorrect Answers:
A: Contingent response strategy, also known as contingency planning, involves adopting alternatives to deal with the risks in case of their occurrence. Unlike the mitigation planning in which mitigation looks to reduce the probability of the risk and its impact, contingency planning doesn't necessarily attempt to reduce the probability of a risk event or its impacts. Contingency comes into action when the risk event actually occurs.

B: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted if it occurs. If an enterprise adopts a risk acceptance, it should carefully consider who can accept the risk. Risk should be accepted only by senior management in relationship with senior management and the board. There are two alternatives to the acceptance strategy, passive and active.
Passive acceptance means that enterprise has made no plan to avoid or mitigate the risk but willing to accept the consequences of the risk.
Active acceptance is the second strategy and might include developing contingency plans and reserves to deal with risks.

D: Risk transfer means that impact of risk is reduced by transferring or otherwise sharing a portion of the risk with an external organization or another internal entity. Transfer of risk can occur in many forms but is most effective when dealing with financial risks. Insurance is one form of risk transfer.



You are the risk professional of your enterprise. Your enterprise has introduced new systems in many departments. The business requirements that were to be addressed by the new system are still unfulfilled, and the process has been a waste of resources. Even if the system is implemented, it will most likely be underutilized and not maintained making it obsolete in a short period of time. What kind of risk is it?

  1. Inherent risk
  2. Business risk
  3. Project risk
  4. Residual risk

Answer(s): B

Explanation:

Business risk relates to the likelihood that the new system may not meet the user business needs, requirements and expectations. Here in this stem it is said that the business requirements that were to be addressed by the new system are still unfulfilled, therefore it is a business risk.

Incorrect Answers:
A: This is one of the components of risk. Inherent risk is the risk level or exposure without applying controls or other management actions into account. But here in this stem no description of control is given, hence it cannot be concluded whether it is an inherent risk or not.

C: Project risk are related to the delay in project deliverables. The project activities to design and develop the system exceed the limits of the financial resources set aside for the project. As a result, the project completion will be delayed. They are not related to fulfillment of business requirements.

D: This is one of the components of risk. Residual risk is the risk that remains after applying controls.
But here in this stem no description of control is given, hence it cannot be concluded whether it is a residual risk or not.



Qualitative risk assessment uses which of the following terms for evaluating risk level?
Each correct answer represents a part of the solution. Choose two.

  1. Impact
  2. Annual rate of occurrence
  3. Probability
  4. Single loss expectancy

Answer(s): A,C

Explanation:

Unlike the quantitative risk assessment, qualitative risk assessment does not assign dollar values. Rather, it determines risk's level based on the probability and impact of a risk. These values are determined by gathering the opinions of experts.
Probability- establishing the likelihood of occurrence and reoccurrence of specific risks, independently, and combined. The risk occurs when a threat exploits vulnerability. Scaling is done to define the probability that a risk will occur. The scale can be based on word values such as Low, Medium, or High. Percentage can also be assigned to these words, like 10% to low and 90% to high.
Impact- Impact is used to identify the magnitude of identified risks. The risk leads to some type of loss. However, instead of quantifying the loss as a dollar value, an impact assessment could use words such as Low, Medium, or High. Impact is expressed as a relative value. For example, low could be 10, medium could be 50, and high could be 100.
Risk level = Probability * Impact Incorrect Answers:
B, D: These are used for calculating Annual loss expectancy (ALE) in quantitative risk assessment. Formula is given as follows:
ALE= SLE * ARO



You are working in an enterprise. Your enterprise is willing to accept a certain amount of risk. What is this risk called?

  1. Hedging
  2. Aversion
  3. Appetite
  4. Tolerance

Answer(s): C

Explanation:

Risk appetite considers the qualitative and quantitative aspects of accepting risks in an organization. The term refers to the type of risks the organization is willing to pursue, as well as amount of risk and the level of risk.

Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit of its mission. This is the responsibility of the board to decide risk appetite of an enterprise. When considering the risk appetite levels for the enterprise, the following two major factors should be taken into account:
The enterprise's objective capacity to absorb loss, e.g., financial loss, reputation damage, etc.
The culture towards risk taking-cautious or aggressive. In other words, the amount of loss the enterprise wants to accept in pursue of its objective fulfillment.

Incorrect Answers:
A, B: Aversion and hedging are related to each other and represents the avoidance of risk within the organization.

D: The acceptable variation relative to the achievement of an objective is termed as risk tolerance. In other words, risk tolerance is the acceptable deviation from the level set by the risk appetite and business objectives.

Risk tolerance is defined at the enterprise level by the board and clearly communicated to all stakeholders. A process should be in place to review and approve any exceptions to such standards.



You are the project manager of the NNN Project. Stakeholders in the two-year project have requested to send status reports to them via. email every week. You have agreed and send reports every Thursday. After six months of the project, the stakeholders are pleased with the project progress and they would like you to reduce the status reports to every two weeks. What process will examine the change to this project process and implement it in the project?

  1. Configuration management
  2. Communications management
  3. Perform integrated change control process
  4. Project change control process

Answer(s): C

Explanation:

Although this appears to be a simple change the project manager must still follow the rules of the project's change control system.

Integrated change control is a way to manage the changes incurred during a project. It is a method that manages reviewing the suggestions for changes and utilizing the tools and techniques to evaluate whether the change should be approved or rejected. Integrated change control is a primary component of the project's change control system that examines the affect of a proposed change on the entire project.

Incorrect Answers:
A: Configuration management is the documentation and control of the product's features and functions. B: Communications management is the execution of the communications management plan.
D: The project change control process not valid as it's the parent of the integrated change control process, which is more accurate for this question.



Share your comments for ISACA CRISC exam with other users:

J
Jason
9/30/2023 1:07:00 PM

question 81 should be c.

T
TestPD1
8/10/2023 12:22:00 PM

question 18 : response isnt a ?

A
ally
8/19/2023 5:31:00 PM

plaese add questions

D
DIA
10/7/2023 5:59:00 AM

is dumps still valid ?

A
Annie
7/7/2023 8:33:00 AM

thanks for this

A
arnie
9/17/2023 6:38:00 AM

please upload questions

T
Tanuj Rana
7/22/2023 2:33:00 AM

please upload the question dump for professional machinelearning

F
Future practitioner
8/10/2023 1:26:00 PM

question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!

A
Ace
8/3/2023 10:37:00 AM

number 52 answer is d

N
Nathan
12/17/2023 12:04:00 PM

just started preparing for my exam , and this site is so much help

C
Corey
12/29/2023 5:06:00 PM

question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.

R
Rajender
10/18/2023 3:54:00 AM

i would like to take psm1 exam.

B
Blessious Phiri
8/14/2023 9:53:00 AM

cbd and pdb are key to the database

A
Alkaed
10/19/2022 10:41:00 AM

the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.

D
Dave Gregen
9/4/2023 3:17:00 PM

please upload p_sapea_2023

S
Sarah
6/13/2023 1:42:00 PM

anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried

S
Shuv
10/3/2023 8:19:00 AM

good questions

R
Reb974
8/5/2023 1:44:00 AM

hello are these questions valid for ms-102

M
Mchal
7/20/2023 3:38:00 AM

some questions are wrongly answered but its good nonetheless

S
Sonbir
8/8/2023 1:04:00 PM

how to get system serial number using intune

M
Manju
10/19/2023 1:19:00 PM

is it really helpful to pass the exam

L
LeAnne Hair
8/24/2023 12:47:00 PM

#229 in incorrect - all the customers require an annual review

A
Abdul SK
9/28/2023 11:42:00 PM

kindy upload

A
Aderonke
10/23/2023 12:53:00 PM

fantastic assessment on psm 1

S
SAJI
7/20/2023 2:51:00 AM

56 question correct answer a,b

R
Raj Kumar
10/23/2023 8:52:00 PM

thank you for providing the q bank

P
piyush keshari
7/7/2023 9:46:00 PM

true quesstions

B
B.A.J
11/6/2023 7:01:00 AM

i can´t believe ms asks things like this, seems to be only marketing material.

G
Guss
5/23/2023 12:28:00 PM

hi, could you please add the last update of ns0-527

R
Rond65
8/22/2023 4:39:00 PM

question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).

C
Cheers
12/13/2023 9:55:00 AM

sometimes it may be good some times it may be

S
Sumita Bose
7/21/2023 1:01:00 AM

qs 4 answer seems wrong- please check

A
Amit
9/7/2023 12:53:00 AM

very detailed explanation !

F
FisherGirl
5/16/2022 10:36:00 PM

the interactive nature of the test engine application makes the preparation process less boring.

AI Tutor 👋 I’m here to help!