Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA CRISC Exam (page: 25)
ISACA Certified in Risk and Information Systems Control
Updated on: 25-Dec-2025

Viewing Page 25 of 361
CRISC PDF 1895 Questions

Which of the following type of risk could result in bankruptcy?

  1. Marginal
  2. Negligible
  3. Critical
  4. Catastrophic

Answer(s): D

Explanation:

Catastrophic risk causes critical financial losses that have the possibility of bankruptcy. Incorrect Answers:
A: Marginal risk causes financial loss in a single line of business and a reduced return on IT investment.

B: It causes minimal impact on a single line of business affecting their ability to deliver services or products. C: Critical risk causes serious financial losses in more than one line of business with a loss in productivity.



Risks with low ratings of probability and impact are included for future monitoring in which of the following?

  1. Risk alarm
  2. Observation list
  3. Watch-list
  4. Risk register

Answer(s): C

Explanation:

Watch-list contains risks with low rating of probability and impact. This list is useful for future monitoring of low risk factors.

Incorrect Answers:
A, B: No such documents as risk alarm and observation list is prepared during risk identification process.

D: Risk register is a document that contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. Description, category, cause, probability of occurring, impact on objectives, proposed responses, owner, and the current status of all identified risks are put in the risk register.



You are the project manager of your project. You have to analyze various project risks. You have opted for quantitative analysis instead of qualitative risk analysis. What is the MOST significant drawback of using quantitative analysis over qualitative risk analysis?

  1. lower objectivity
  2. higher cost
  3. higher reliance on skilled personnel
  4. lower management buy-in

Answer(s): B

Explanation:

Quantitative risk analysis is generally more complex and thus is costlier than qualitative risk analysis. Incorrect Answers:
A: Neither of the two risk analysis methods is fully objective. Qualitative method subjectively assigns high, medium and low frequency and impact categories to a specific risk, whereas quantitative method subjectivity expressed in mathematical "weights".

C: To be effective, both processes require personnel who have a good understanding of the business. So there is equal requirement of skilled personnel in both.

D: Quantitative analysis generally has a better buy-in than qualitative analysis to the point where it can cause over-reliance on the results. Hence this option is not correct.



You are working as the project manager of the ABS project. The project is for establishing a computer network in a school premises. During the project execution, the school management asks to make the campus Wi-Fi enabled. You know that this may impact the project adversely. You have discussed the change request with other stakeholders. What will be your NEXT step?

  1. Update project management plan.
  2. Issue a change request.
  3. Analyze the impact.
  4. Update risk management plan.

Answer(s): C

Explanation:

The first step after receiving any change request in a project must be first analyzed for its impact. Changes may be requested by any stakeholder involved with the project. Although, they may be initiated verbally, they should always be recorded in written form and entered into the change management and/or configuration management.

Incorrect Answers:
A, B, D: All these are the required steps depending on the change request. Any change request must be followed by the impact analysis of the change.



Which of the following role carriers are responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk-aware business decisions, and setting the enterprise's risk culture?
Each correct answer represents a complete solution. Choose two.

  1. Senior management
  2. Chief financial officer (CFO)
  3. Human resources (HR)
  4. Board of directors

Answer(s): A,D

Explanation:

The board of directors and senior management has the responsibility to set up the risk governance process, establish and maintain a common risk view, make risk-aware business decisions, and set the enterprise's risk culture.

Incorrect Answers:
B: CFO is the most senior official 0f the enterprise who is accountable for financial planning, record keeping, investor relations and financial risks. CFO is not responsible for responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk-aware business decisions, and setting the enterprise's risk culture.

C: Human resource is the most senior official of an enterprise who is accountable for planning and policies with respect to all human resources in that enterprise. HR is not responsible for risk related activities.



Viewing Page 25 of 361



Share your comments for ISACA CRISC exam with other users:

Lue 3/30/2023 11:43:00 PM

highly recommend just passed my exam.
CANADA


DC 1/7/2024 10:17:00 AM

great practice! thanks
UNITED STATES


Anonymus 11/9/2023 5:41:00 AM

anyone who wrote this exam recently?
SOUTH AFRICA


Khalid Javid 11/17/2023 3:46:00 PM

kindly share the dump
Anonymous


Na 8/9/2023 8:39:00 AM

could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.
Anonymous


shime 10/23/2023 10:03:00 AM

this is really very very helpful for mcd level 1
ETHIOPIA


Vnu 6/3/2023 2:39:00 AM

very helpful!
Anonymous


Steve 8/17/2023 2:19:00 PM

question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod
CANADA


RITEISH 12/24/2023 4:33:00 AM

thanks for the exact solution
Anonymous


SB 10/15/2023 7:58:00 AM

need to refer the questions and have to give the exam
INDIA


Mike Derfalem 7/16/2023 7:59:00 PM

i need it right now if it was possible please
Anonymous


Isak 7/6/2023 3:21:00 AM

i need it very much please share it in the fastest time.
Anonymous


Maria 6/23/2023 11:40:00 AM

correct answer is d for student.java program
IRELAND


Nagendra Pedipina 7/12/2023 9:10:00 AM

q:37 c is correct
INDIA


John 9/16/2023 9:37:00 PM

q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???
GERMANY


SAM 12/4/2023 12:56:00 AM

explained answers
INDIA


Andy 12/26/2023 9:35:00 PM

plan to take theaws certified developer - associate dva-c02 in the next few weeks
SINGAPORE


siva 5/17/2023 12:32:00 AM

very helpfull
Anonymous


mouna 9/27/2023 8:53:00 AM

good questions
Anonymous


Bhavya 9/12/2023 7:18:00 AM

help to practice csa exam
Anonymous


Malik 9/28/2023 1:09:00 PM

nice tip and well documented
Anonymous


rodrigo 6/22/2023 7:55:00 AM

i need the exam
Anonymous


Dan 6/29/2023 1:53:00 PM

please upload
Anonymous


Ale M 11/22/2023 6:38:00 PM

prepping for fsc exam
AUSTRALIA


ahmad hassan 9/6/2023 3:26:00 AM

pd1 with great experience
Anonymous


Žarko 9/5/2023 3:35:00 AM

@t it seems like azure service bus message quesues could be the best solution
UNITED KINGDOM


Shiji 10/15/2023 1:08:00 PM

helpful to check your understanding.
INDIA


Da Costa 8/27/2023 11:43:00 AM

question 128 the answer should be static not auto
Anonymous


bot 7/26/2023 6:45:00 PM

more comments here
UNITED STATES


Kaleemullah 12/31/2023 1:35:00 AM

great support to appear for exams
Anonymous


Bsmaind 8/20/2023 9:26:00 AM

useful dumps
Anonymous


Blessious Phiri 8/13/2023 8:37:00 AM

making progress
Anonymous


Nabla 9/17/2023 10:20:00 AM

q31 answer should be d i think
FRANCE


vladputin 7/20/2023 5:00:00 AM

is this real?
UNITED STATES