ISACA Certified in Risk and Information Systems Control CRISC Dumps in PDF

Free ISACA CRISC Real Questions (page: 35)

You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks:
-Communicating risk analysis results
-Reporting risk management activities and the state of compliance Interpreting independent risk assessment findings
-Identifying business opportunities

Which of the following process are you performing?

  1. Articulating risk
  2. Mitigating risk
  3. Tracking risk
  4. Reporting risk

Answer(s): A

Explanation:

Articulating risk is the first phase in the risk response process to ensure that information on the true state of exposures and opportunities are made available in a timely manner and to the right people for appropriate response. Following are the tasks that are involved in articulating risk:
Communicate risk analysis results.
Report risk management activities and the state of compliance. Interpret independent risk assessment findings.
Identify business opportunities.

Incorrect Answers:
B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together. This comes under risk response process and is latter stage after articulating risk.

C: Tracking risk is the process of tracking the ongoing status of risk mitigation processes. This tracking ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule.

D: This is not related to risk response process. It is a type of risk. Reporting risks are the risks that are caused due to wrong reporting which leads to bad decision.



Which of the following BEST measures the operational effectiveness of risk management capabilities?

  1. Capability maturity models (CMMs)
  2. Metric thresholds
  3. Key risk indicators (KRIs)
  4. Key performance indicators (KPIs)

Answer(s): D

Explanation:

Key performance indicators (KPIs) provide insights into the operational effectiveness of the concept or capability that they monitor. Key Performance Indicators is a set of measures that a company or industry uses to measure and/or compare performance in terms of meeting their strategic and operational goals. KPIs vary with company to company, depending on their priorities or performance criteria.

A company must establish its strategic and operational goals and then choose their KPIs which can best reflect those goals. For example, if a software company's goal is to have the fastest growth in its industry, its main performance indicator may be the measure of its annual revenue growth.

Incorrect Answers:
A: Capability maturity models (CMMs) assess the maturity of a concept or capability and do not provide insights into operational effectiveness.

B: Metric thresholds are decision or action points that are enacted when a KPI or KRI reports a specific value or set of values. It does not provide any insights into operational effectiveness.

C: Key risk indicators (KRIs) only provide insights into potential risks that may exist or be realized within a concept or capability that they monitor. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.



You are the project manager of GHT project. You have initiated the project and conducted the feasibility study. What result would you get after conducting feasibility study?
Each correct answer represents a complete solution. (Choose two.)

  1. Recommend alternatives and course of action
  2. Risk response plan
  3. Project management plan
  4. Results of criteria analyzed, like costs, benefits, risk, resources required and organizational impact

Answer(s): A,D

Explanation:

The completed feasibility study results should include a cost/benefit analysis report that:
Provides the results of criteria analyzed (e.g., costs, benefits, risk, resources required and organizational impact)

Recommends one of the alternatives and a course of action

Incorrect Answers:
B, C: Project management plan and risk response plan are the results of plan project management and plan risk response, respectively. They are not the result of feasibility study.



Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?

  1. Stakeholder identification
  2. Vendor selection process
  3. Quality baseline
  4. Process improvement plan

Answer(s): C

Explanation:

When changes enter the project scope, the quality baseline is also updated. The quality baseline records the quality objectives of the project and is based on the project requirements.

Incorrect Answers:
A: The stakeholder identification process will not change because of scope additions. The number of stakeholders may change but how they are identified will not be affected by the scope addition.

B: The vendor selection process likely will not change because of added scope changes. The vendors in the project may, but the selection process will not.

D: The process improvement plan aims to improve the project's processes regardless of scope changes.



You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?

  1. Transaction data
  2. Process integrity
  3. Configuration settings
  4. System changes

Answer(s): A

Explanation:

Monitoring tools that focuses on transaction data generally correlate information from one system to another, such as employee data from the human resources (HR) system with spending information from the expense system or the payroll system.

Incorrect Answers:
B: Process integrity is confirmed within the system, it does not need monitoring.

C: Configuration settings are generally compared against predefined values and not based on the correlation between multiple sources.

D: System changes are compared from a previous state to the current state, it does not correlate information from multiple sources.



Share your comments for ISACA CRISC exam with other users:

S
sachin
12/27/2023 2:45:00 PM

question 232 answer should be perimeter not netowrk layer. wrong answer selected

T
tomAws
7/18/2023 5:05:00 AM

nice questions

R
Rahul
6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?

T
TeamOraTech
12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.

C
Curtis
7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.

S
sam
7/17/2023 6:22:00 PM

cannot evaluate yet

N
nutz
7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid

R
rajesh soni
1/17/2024 6:53:00 AM

good examplae to learn basic

T
Tanya
10/25/2023 7:07:00 AM

this is useful information

N
Nasir Mahmood
12/11/2023 7:32:00 AM

looks usefull

J
Jason
9/30/2023 1:07:00 PM

question 81 should be c.

T
TestPD1
8/10/2023 12:22:00 PM

question 18 : response isnt a ?

A
ally
8/19/2023 5:31:00 PM

plaese add questions

D
DIA
10/7/2023 5:59:00 AM

is dumps still valid ?

A
Annie
7/7/2023 8:33:00 AM

thanks for this

A
arnie
9/17/2023 6:38:00 AM

please upload questions

T
Tanuj Rana
7/22/2023 2:33:00 AM

please upload the question dump for professional machinelearning

F
Future practitioner
8/10/2023 1:26:00 PM

question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!

A
Ace
8/3/2023 10:37:00 AM

number 52 answer is d

N
Nathan
12/17/2023 12:04:00 PM

just started preparing for my exam , and this site is so much help

C
Corey
12/29/2023 5:06:00 PM

question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.

R
Rajender
10/18/2023 3:54:00 AM

i would like to take psm1 exam.

B
Blessious Phiri
8/14/2023 9:53:00 AM

cbd and pdb are key to the database

A
Alkaed
10/19/2022 10:41:00 AM

the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.

D
Dave Gregen
9/4/2023 3:17:00 PM

please upload p_sapea_2023

S
Sarah
6/13/2023 1:42:00 PM

anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried

S
Shuv
10/3/2023 8:19:00 AM

good questions

R
Reb974
8/5/2023 1:44:00 AM

hello are these questions valid for ms-102

M
Mchal
7/20/2023 3:38:00 AM

some questions are wrongly answered but its good nonetheless

S
Sonbir
8/8/2023 1:04:00 PM

how to get system serial number using intune

M
Manju
10/19/2023 1:19:00 PM

is it really helpful to pass the exam

L
LeAnne Hair
8/24/2023 12:47:00 PM

#229 in incorrect - all the customers require an annual review

A
Abdul SK
9/28/2023 11:42:00 PM

kindy upload

A
Aderonke
10/23/2023 12:53:00 PM

fantastic assessment on psm 1

AI Tutor 👋 I’m here to help!