Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA CRISC Exam (page: 20)
ISACA Certified in Risk and Information Systems Control
Updated on: 16-Feb-2026

Viewing Page 20 of 361
CRISC PDF 1895 Questions

Stephen is the project manager of the GBB project. He has worked with two subject matter experts and his project team to complete the risk assessment technique. There are approximately 47 risks that have a low probability and a low impact on the project. Which of the following answers best describes what Stephen should do with these risk events?

  1. Because they are low probability and low impact, Stephen should accept the risks.
  2. The low probability and low impact risks should be added to a watchlist for future monitoring.
  3. Because they are low probability and low impact, the risks can be dismissed.
  4. The low probability and low impact risks should be added to the risk register.

Answer(s): B

Explanation:

The low probability and low impact risks should be added to a watchlist for future monitoring. Incorrect Answers:
A: The risk response for these events may be to accept them, but the best answer is to first add them to a watchlist.

C: Risks are not dismissed; they are at least added to a watchlist for monitoring.

D: While the risks may eventually be added to the register, the best answer is to first add them to the watchlist for monitoring.



Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events?

  1. The events should be entered into qualitative risk analysis.
  2. The events should be determined if they need to be accepted or responded to.
  3. The events should be entered into the risk register.
  4. The events should continue on with quantitative risk analysis.

Answer(s): C

Explanation:

All identified risk events should be entered into the risk register.

A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains:
A description of the risk
The impact should this event actually occur The probability of its occurrence
Risk Score (the multiplication of Probability and Impact)
A summary of the planned response should the event occur
A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.

Incorrect Answers:
A: Before the risk events are analyzed they should be documented in the risk register. B: The risks should first be documented and analyzed.
D: These risks should first be identified, documented, passed through qualitative risk analysis and then it should be determined if they should pass through the quantitative risk analysis process.



You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?

  1. risk avoidance
  2. risk treatment
  3. risk acceptance
  4. risk transfer

Answer(s): A

Explanation:

Each business process involves inherent risk. Not engaging in any activity avoids the inherent risk associated with the activity. Hence this demonstrates risk avoidance.

Incorrect Answers:
B: Risk treatment means that action is taken to reduce the frequency and impact of a risk.

C: Acceptance means that no action is taken relative to a particular risk, and loss is accepted when/if it occurs. This is different from being ignorant of risk; accepting risk assumes that the risk is known, i.e., an informed decision has been made by management to accept it as such.

D: Risk transfer/sharing means reducing either risk frequency or impact by transferring or otherwise sharing a portion of the risk. Common techniques include insurance and outsourcing. These techniques do not relieve an enterprise of a risk, but can involve the skills of another party in managing the risk and reducing the financial consequence if an adverse event occurs.



Which of the following are risk components of the COSO ERM framework? Each correct answer represents a complete solution. Choose three.

  1. Risk response
  2. Internal environment
  3. Business continuity
  4. Control activities

Answer(s): A,B,D

Explanation:

The risk components defined by the COSO ERM are internal environment, objective settings, event identification, risk assessment, risk response, control objectives, information and communication, and monitoring.

Incorrect Answers:
C: Business continuity is not considered as risk component within the ERM framework.



Your project team has completed the quantitative risk analysis for your project work. Based on their findings, they need to update the risk register with several pieces of information. Which one of the following components is likely to be updated in the risk register based on their analysis?

  1. Listing of risk responses
  2. Risk ranking matrix
  3. Listing of prioritized risks
  4. Qualitative analysis outcomes

Answer(s): C

Explanation:

The outcome of quantitative analysis can create a listing of prioritized risks that should be updated in the risk register. The project team will create and update the risk register with four key components:
probabilistic analysis of the project
probability of achieving time and cost objectives list of quantified risks
trends in quantitative risk analysis

Incorrect Answers:
A, B, D: These subjects are not updated in the risk register as a result of quantitative risk analysis.



Viewing Page 20 of 361



Share your comments for ISACA CRISC exam with other users:

Alex 11/7/2023 11:02:00 AM

in 72 the answer must be [sys_user_has_role] table.
Anonymous


Finn 5/4/2023 10:21:00 PM

i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
IRLAND


AJ 7/13/2023 8:33:00 AM

great to find this website, thanks
UNITED ARAB EMIRATES


Curtis Nakawaki 6/29/2023 9:11:00 PM

examination questions seem to be relevant.
UNITED STATES


Umashankar Sharma 10/22/2023 9:39:00 AM

planning to take psm test
Anonymous


ED SHAW 7/31/2023 10:34:00 AM

please allow to download
UNITED STATES


AD 7/22/2023 11:29:00 AM

please provide dumps
UNITED STATES


Ayyjayy 11/6/2023 7:29:00 AM

is the answer to question 15 correct ? i feel like the answer should be b
BAHRAIN


Blessious Phiri 8/12/2023 11:56:00 AM

its getting more technical
Anonymous


Jeanine J 7/11/2023 3:04:00 PM

i think these questions are what i need.
UNITED STATES


Aderonke 10/23/2023 2:13:00 PM

helpful assessment
UNITED KINGDOM


Tom 1/5/2024 2:32:00 AM

i am confused about the answers to the questions. do you know if the answers are correct?
KOREA REPUBLIC OF


Vinit N. 8/28/2023 2:33:00 AM

hi, please make the dumps available for my upcoming examination.
UNITED STATES


Sanyog Deshpande 9/14/2023 7:05:00 AM

good practice
UNITED STATES


Tyron 9/8/2023 12:12:00 AM

so far it is really informative
Anonymous


beast 7/30/2023 2:22:00 PM

hi i want it please please upload it
Anonymous


Mirex 5/26/2023 3:45:00 AM

am preparing for exam ,just nice questions
Anonymous


exampei 8/7/2023 8:05:00 AM

please upload c_tadm_23 exam
TURKEY


Anonymous 9/12/2023 12:50:00 PM

can we get tdvan4 vantage data engineering pdf?
UNITED STATES


Aish 10/11/2023 5:51:00 AM

want to clear the exam.
INDIA


Smaranika 6/22/2023 8:42:00 AM

could you please upload the dumps of sap c_sac_2302
INDIA


Blessious Phiri 8/15/2023 1:56:00 PM

asm management configuration is about storage
Anonymous


Lewis 7/6/2023 8:49:00 PM

kool thumb up
UNITED STATES


Moreece 5/15/2023 8:44:00 AM

just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.
Anonymous


Terry 5/24/2023 4:41:00 PM

i can practice for exam
Anonymous


Emerys 7/29/2023 6:55:00 AM

please i need this exam.
Anonymous


Goni Mala 9/2/2023 12:27:00 PM

i need the dump
Anonymous


Lenny 9/29/2023 11:30:00 AM

i want it bad, even if cs6 maybe retired, i want to learn cs6
HONG KONG


MilfSlayer 12/28/2023 8:32:00 PM

i hate comptia with all my heart with their "choose the best" answer format as an argument could be made on every question. they say "the "comptia way", lmao no this right here boys is the comptia way 100%. take it from someone whos failed this exam twice but can configure an entire complex network that these are the questions that are on the test 100% no questions asked. the pbqs are dead on! nice work
Anonymous


Swati Raj 11/14/2023 6:28:00 AM

very good materials
UNITED STATES


Ko Htet 10/17/2023 1:28:00 AM

thanks for your support.
Anonymous


Philippe 1/22/2023 10:24:00 AM

iam impressed with the quality of these dumps. they questions and answers were easy to understand and the xengine app was very helpful to use.
CANADA


Sam 8/31/2023 10:32:00 AM

not bad but you question database from isaca
MALAYSIA


Brijesh kr 6/29/2023 4:07:00 AM

awesome contents
INDIA