Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA CRISC Exam (page: 28)
ISACA Certified in Risk and Information Systems Control
Updated on: 25-Dec-2025

Viewing Page 28 of 361
CRISC PDF 1895 Questions

You are the project manager of GFT project. Your project involves the use of electrical motor. It was stated in its specification that if its temperature would increase to 500 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. If the machine overheats even once it will delay the project's arrival date. So to prevent this you have decided while creating response that if the temperature of the machine reach 450, the machine will be paused for at least an hour so as to normalize its temperature. This temperature of 450 degrees is referred to as?

  1. Risk identification
  2. Risk trigger
  3. Risk event
  4. Risk response

Answer(s): B

Explanation:

A risk trigger is a warning sign or condition that a risk event is about to happen. Here the warning temperature is 450 degrees Fahrenheit, therefore it is referred as risk trigger.

Incorrect Answers:
A: Risk identification is the process of the identifying the risks. This process identifies the risk events that could affect the project adversely or would act as opportunity.

C: Here risk event is 500-degree temperature, as when machine reaches this temperature it should have to be shut-down for 48 hours, which in turn will laid a great impact on the working of project.

D: Risk response here is shutting off of machine when its temperature reaches 450 degree Fahrenheit, so as to prevent the occurring of risk event.



Which of the following decision tree nodes have probability attached to their branches?

  1. Root node
  2. Event node
  3. End node
  4. Decision node

Answer(s): B

Explanation:

Event nodes represents the possible uncertain outcomes of a risky decision, with at least two nodes to illustrate the positive and negative range of events. Probabilities are always attached to the branches of event nodes.

Incorrect Answers:
A: Root node is the starting node in the decision tree, and it has no branches.

C: End node represents the outcomes of risk and decisions and probability is not attached to it.

D: It represents the choice available to the decision maker, usually between a risky choice and its non-risky counterpart. As it represents only the choices available to the decision makers, hence probability is not attached to it.



Which of the following IS processes provide indirect information? Each correct answer represents a complete solution. Choose three.

  1. Post-implementation reviews of program changes
  2. Security log monitoring
  3. Problem management
  4. Recovery testing

Answer(s): A,B,C

Explanation:

Security log monitoring, Post-implementation reviews of program changes, and Problem management provide indirect information. Security log monitoring provide indirect information about certain controls in the security environment, particularly when used to analyze the source of failed access attempts.

Post-implementation reviews of program changes provide indirect information about the effectiveness of internal controls over the development process.

Problem management provide indirect information about the effectiveness of several different IS processes that may ultimately be determined to be the source of incidents.

Incorrect Answers:
D: Recovery testing is the direct evidence that the redundancy or backup controls work effectively. It doesn't provide any indirect information.



You are the risk professional of your enterprise. You need to calculate potential revenue loss if a certain risks occurs. Your enterprise has an electronic (e-commerce) web site that is producing US $1 million of revenue each day, then if a denial of service (DoS) attack occurs that lasts half a day creates how much loss?

  1. US $250,000 loss
  2. US $500,000 loss
  3. US $1 million loss
  4. US $100,000 loss

Answer(s): B

Explanation:

Denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name-servers. The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management. As the total revenue of the website for the day is $1 million, and due to denial of service attack it is unavailable for half day.

Therefore,
Revenue loss = $1,000,000/2
= $500,000

Incorrect Answers:
A, C, D: These are wrong answers.



Which of the following process ensures that extracted data are ready for analysis?

  1. Data analysis
  2. Data validation
  3. Data gathering
  4. Data access

Answer(s): B

Explanation:

Data validation ensures that extracted data are ready for analysis. One objective is to perform data quality tests to ensure data are valid complete and free of errors. This may also involve making data from different sources suitable for comparative analysis.

Incorrect Answers:
A: Analysis of data involves simple set of steps or complex combination of commands and other functionality. Data analysis is designed in such a way to achieve the stated objectives from the project plan. Although this may be applicable to any monitoring activity, it would be beneficial to consider transferability and scalability.
This may include robust documentation, use of software development standards and naming conventions.

C: Data gathering is the process of collecting data on risk to be monitored, prepare a detailed plan and define the project's scope. In the case of a monitoring project, this step should involve process owners, data owners, system custodians and other process stakeholders.

D: In the data access process, management identifies which data are available and how they can be acquired in a format that can be used for analysis. There are two options for data extraction:
Extracting data directly from the source systems after system owner approval Receiving data extracts from the system custodian (IT) after system owner approval



Viewing Page 28 of 361



Share your comments for ISACA CRISC exam with other users:

CW 7/6/2023 7:37:00 PM

good questions. thanks.
Anonymous


Farooqi 11/21/2023 1:37:00 AM

good for practice.
INDIA


Isaac 10/28/2023 2:30:00 PM

great case study
UNITED STATES


Malviya 2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
INDIA


rsmyth 5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
IRELAND


Keny 6/23/2023 9:00:00 PM

thanks, very relevant
PERU


Muhammad Rawish Siddiqui 11/29/2023 12:14:00 PM

wrong answer. it is true not false.
SAUDI ARABIA


Josh 7/10/2023 1:54:00 PM

please i need the mo-100 questions
Anonymous


VINNY 6/2/2023 11:59:00 AM

very good use full
Anonymous


Andy 12/6/2023 5:56:00 AM

very valid questions
Anonymous


Mamo 8/12/2023 7:46:00 AM

will these question help me to clear pl-300 exam?
UNITED STATES


Marial Manyang 7/26/2023 10:13:00 AM

please provide me with these dumps questions. thanks
Anonymous


Amel Mhamdi 12/16/2022 10:10:00 AM

in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
FRANCE


Angel 8/30/2023 10:58:00 PM

i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable
UNITED STATES


SH 5/16/2023 1:43:00 PM

these questions are not valid , they dont come for the exam now
UNITED STATES


sudhagar 9/6/2023 3:02:00 PM

question looks valid
UNITED STATES


Van 11/24/2023 4:02:00 AM

good for practice
Anonymous


Divya 8/2/2023 6:54:00 AM

need more q&a to go ahead
Anonymous


Rakesh 10/6/2023 3:06:00 AM

question 59 - a newly-created role is not assigned to any user, nor granted to any other role. answer is b https://docs.snowflake.com/en/user-guide/security-access-control-overview
Anonymous


Nik 11/10/2023 4:57:00 AM

just passed my exam today. i saw all of these questions in my text today. so i can confirm this is a valid dump.
HONG KONG


Deep 6/12/2023 7:22:00 AM

needed dumps
INDIA


tumz 1/16/2024 10:30:00 AM

very helpful
UNITED STATES


NRI 8/27/2023 10:05:00 AM

will post once the exam is finished
UNITED STATES


kent 11/3/2023 10:45:00 AM

relevant questions
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


Cath 10/10/2023 10:09:00 AM

q.112 - correct answer is c - the event registry is a module that provides event definitions. answer a - not correct as it is the definition of event log
VIET NAM


Shiji 10/15/2023 1:31:00 PM

good and useful.
INDIA


Ade 6/25/2023 1:14:00 PM

good questions
Anonymous


Praveen P 11/8/2023 5:18:00 AM

good content
UNITED STATES


Anastasiia 12/28/2023 9:06:00 AM

totally not correct answers. 21. you have one gcp account running in your default region and zone and another account running in a non-default region and zone. you want to start a new compute engine instance in these two google cloud platform accounts using the command line interface. what should you do? correct: create two configurations using gcloud config configurations create [name]. run gcloud config configurations activate [name] to switch between accounts when running the commands to start the compute engine instances.
Anonymous


Priyanka 7/24/2023 2:26:00 AM

kindly upload the dumps
Anonymous


Nabeel 7/25/2023 4:11:00 PM

still learning
Anonymous


gure 7/26/2023 5:10:00 PM

excellent way to learn
UNITED STATES


ciken 8/24/2023 2:55:00 PM

help so much
Anonymous