Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA CRISC Exam (page: 35)
ISACA Certified in Risk and Information Systems Control
Updated on: 16-Feb-2026

Viewing Page 35 of 361
CRISC PDF 1895 Questions

You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks:
-Communicating risk analysis results
-Reporting risk management activities and the state of compliance Interpreting independent risk assessment findings
-Identifying business opportunities

Which of the following process are you performing?

  1. Articulating risk
  2. Mitigating risk
  3. Tracking risk
  4. Reporting risk

Answer(s): A

Explanation:

Articulating risk is the first phase in the risk response process to ensure that information on the true state of exposures and opportunities are made available in a timely manner and to the right people for appropriate response. Following are the tasks that are involved in articulating risk:
Communicate risk analysis results.
Report risk management activities and the state of compliance. Interpret independent risk assessment findings.
Identify business opportunities.

Incorrect Answers:
B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together. This comes under risk response process and is latter stage after articulating risk.

C: Tracking risk is the process of tracking the ongoing status of risk mitigation processes. This tracking ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule.

D: This is not related to risk response process. It is a type of risk. Reporting risks are the risks that are caused due to wrong reporting which leads to bad decision.



Which of the following BEST measures the operational effectiveness of risk management capabilities?

  1. Capability maturity models (CMMs)
  2. Metric thresholds
  3. Key risk indicators (KRIs)
  4. Key performance indicators (KPIs)

Answer(s): D

Explanation:

Key performance indicators (KPIs) provide insights into the operational effectiveness of the concept or capability that they monitor. Key Performance Indicators is a set of measures that a company or industry uses to measure and/or compare performance in terms of meeting their strategic and operational goals. KPIs vary with company to company, depending on their priorities or performance criteria.

A company must establish its strategic and operational goals and then choose their KPIs which can best reflect those goals. For example, if a software company's goal is to have the fastest growth in its industry, its main performance indicator may be the measure of its annual revenue growth.

Incorrect Answers:
A: Capability maturity models (CMMs) assess the maturity of a concept or capability and do not provide insights into operational effectiveness.

B: Metric thresholds are decision or action points that are enacted when a KPI or KRI reports a specific value or set of values. It does not provide any insights into operational effectiveness.

C: Key risk indicators (KRIs) only provide insights into potential risks that may exist or be realized within a concept or capability that they monitor. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.



You are the project manager of GHT project. You have initiated the project and conducted the feasibility study. What result would you get after conducting feasibility study?
Each correct answer represents a complete solution. (Choose two.)

  1. Recommend alternatives and course of action
  2. Risk response plan
  3. Project management plan
  4. Results of criteria analyzed, like costs, benefits, risk, resources required and organizational impact

Answer(s): A,D

Explanation:

The completed feasibility study results should include a cost/benefit analysis report that:
Provides the results of criteria analyzed (e.g., costs, benefits, risk, resources required and organizational impact)

Recommends one of the alternatives and a course of action

Incorrect Answers:
B, C: Project management plan and risk response plan are the results of plan project management and plan risk response, respectively. They are not the result of feasibility study.



Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?

  1. Stakeholder identification
  2. Vendor selection process
  3. Quality baseline
  4. Process improvement plan

Answer(s): C

Explanation:

When changes enter the project scope, the quality baseline is also updated. The quality baseline records the quality objectives of the project and is based on the project requirements.

Incorrect Answers:
A: The stakeholder identification process will not change because of scope additions. The number of stakeholders may change but how they are identified will not be affected by the scope addition.

B: The vendor selection process likely will not change because of added scope changes. The vendors in the project may, but the selection process will not.

D: The process improvement plan aims to improve the project's processes regardless of scope changes.



You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?

  1. Transaction data
  2. Process integrity
  3. Configuration settings
  4. System changes

Answer(s): A

Explanation:

Monitoring tools that focuses on transaction data generally correlate information from one system to another, such as employee data from the human resources (HR) system with spending information from the expense system or the payroll system.

Incorrect Answers:
B: Process integrity is confirmed within the system, it does not need monitoring.

C: Configuration settings are generally compared against predefined values and not based on the correlation between multiple sources.

D: System changes are compared from a previous state to the current state, it does not correlate information from multiple sources.



Viewing Page 35 of 361



Share your comments for ISACA CRISC exam with other users:

Elton Riva 12/12/2023 8:20:00 PM

i have to take the aws certified developer - associate dva-c02 in the next few weeks and i wanted to know if the questions on your website are the same as the official exam.
Anonymous


Berihun Desalegn Wonde 7/13/2023 11:00:00 AM

all questions are more important
Anonymous


gr 7/2/2023 7:03:00 AM

ques 4 answer should be c ie automatically recover from failure
Anonymous


RS 7/27/2023 7:17:00 AM

very very useful page
INDIA


Blessious Phiri 8/12/2023 11:47:00 AM

the exams are giving me an eye opener
Anonymous


AD 10/22/2023 9:08:00 AM

3rd so far, need to cover more
Anonymous


Matt 11/18/2023 2:32:00 AM

aligns with the pecd notes
Anonymous


Sri 10/15/2023 4:38:00 PM

question 4: b securityadmin is the correct answer. https://docs.snowflake.com/en/user-guide/security-access-control-overview#access-control-framework
GERMANY


H.T.M. D 6/25/2023 2:55:00 PM

kindly please share dumps
Anonymous


Satish 11/6/2023 4:27:00 AM

it is very useful, thank you
Anonymous


Chinna 7/30/2023 8:37:00 AM

need safe rte dumps
FRANCE


1234 6/30/2023 3:40:00 AM

can you upload the cis - cpg dumps
Anonymous


Did 1/12/2024 3:01:00 AM

q6 = 1. download odt application 2. create a configuration file (xml) 3. setup.exe /download to download the installation files 4. setup.exe /configure to deploy the application
FRANCE


John 10/12/2023 12:30:00 PM

great material
Anonymous


Dinesh 8/1/2023 2:26:00 PM

could you please upload sap c_arsor_2302 questions? it will be very much helpful.
Anonymous


LBert 6/19/2023 10:23:00 AM

vraag 20c: rsa veilig voor symmtrische cryptografie? antwoord c is toch fout. rsa is voor asymmetrische cryptogafie??
NETHERLANDS


g 12/22/2023 1:51:00 PM

so far good
UNITED STATES


Milos 8/4/2023 9:33:00 AM

question 31 has obviously wrong answers. tls and ssl are used to encrypt data at transit, not at rest.
Serbia And Montenegro


Diksha 9/25/2023 2:32:00 AM

pls provide dump for 1z0-1080-23 planning exams
Anonymous


H 7/17/2023 4:28:00 AM

could you please upload the exam?
Anonymous


Anonymous 9/14/2023 4:47:00 AM

please upload this
UNITED STATES


Naveena 1/13/2024 9:55:00 AM

good material
Anonymous


WildWilly 1/19/2024 10:43:00 AM

lets see if this is good stuff...
Anonymous


Lavanya 11/2/2023 1:53:00 AM

useful information
UNITED STATES


Moussa 12/12/2023 5:52:00 AM

intéressant
BURKINA FASO


Madan 6/22/2023 9:22:00 AM

thank you for making the interactive questions
Anonymous


Vavz 11/2/2023 6:51:00 AM

questions are accurate
Anonymous


Su 11/23/2023 4:34:00 AM

i need questions/dumps for this exam.
Anonymous


LuvSN 7/16/2023 11:19:00 AM

i need this exam, when will it be uploaded
ROMANIA


Mihai 7/19/2023 12:03:00 PM

i need the dumps !
Anonymous


Wafa 11/13/2023 3:06:00 AM

very helpful
Anonymous


Alokit 7/3/2023 2:13:00 PM

good source
Anonymous


Show-Stopper 7/27/2022 11:19:00 PM

my 3rd test and passed on first try. hats off to this brain dumps site.
UNITED STATES


Michelle 6/23/2023 4:06:00 AM

please upload it
Anonymous