Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA CRISC Exam (page: 35)
ISACA Certified in Risk and Information Systems Control
Updated on: 25-Dec-2025

Viewing Page 35 of 361
CRISC PDF 1895 Questions

You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks:
-Communicating risk analysis results
-Reporting risk management activities and the state of compliance Interpreting independent risk assessment findings
-Identifying business opportunities

Which of the following process are you performing?

  1. Articulating risk
  2. Mitigating risk
  3. Tracking risk
  4. Reporting risk

Answer(s): A

Explanation:

Articulating risk is the first phase in the risk response process to ensure that information on the true state of exposures and opportunities are made available in a timely manner and to the right people for appropriate response. Following are the tasks that are involved in articulating risk:
Communicate risk analysis results.
Report risk management activities and the state of compliance. Interpret independent risk assessment findings.
Identify business opportunities.

Incorrect Answers:
B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together. This comes under risk response process and is latter stage after articulating risk.

C: Tracking risk is the process of tracking the ongoing status of risk mitigation processes. This tracking ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule.

D: This is not related to risk response process. It is a type of risk. Reporting risks are the risks that are caused due to wrong reporting which leads to bad decision.



Which of the following BEST measures the operational effectiveness of risk management capabilities?

  1. Capability maturity models (CMMs)
  2. Metric thresholds
  3. Key risk indicators (KRIs)
  4. Key performance indicators (KPIs)

Answer(s): D

Explanation:

Key performance indicators (KPIs) provide insights into the operational effectiveness of the concept or capability that they monitor. Key Performance Indicators is a set of measures that a company or industry uses to measure and/or compare performance in terms of meeting their strategic and operational goals. KPIs vary with company to company, depending on their priorities or performance criteria.

A company must establish its strategic and operational goals and then choose their KPIs which can best reflect those goals. For example, if a software company's goal is to have the fastest growth in its industry, its main performance indicator may be the measure of its annual revenue growth.

Incorrect Answers:
A: Capability maturity models (CMMs) assess the maturity of a concept or capability and do not provide insights into operational effectiveness.

B: Metric thresholds are decision or action points that are enacted when a KPI or KRI reports a specific value or set of values. It does not provide any insights into operational effectiveness.

C: Key risk indicators (KRIs) only provide insights into potential risks that may exist or be realized within a concept or capability that they monitor. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.



You are the project manager of GHT project. You have initiated the project and conducted the feasibility study. What result would you get after conducting feasibility study?
Each correct answer represents a complete solution. (Choose two.)

  1. Recommend alternatives and course of action
  2. Risk response plan
  3. Project management plan
  4. Results of criteria analyzed, like costs, benefits, risk, resources required and organizational impact

Answer(s): A,D

Explanation:

The completed feasibility study results should include a cost/benefit analysis report that:
Provides the results of criteria analyzed (e.g., costs, benefits, risk, resources required and organizational impact)

Recommends one of the alternatives and a course of action

Incorrect Answers:
B, C: Project management plan and risk response plan are the results of plan project management and plan risk response, respectively. They are not the result of feasibility study.



Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?

  1. Stakeholder identification
  2. Vendor selection process
  3. Quality baseline
  4. Process improvement plan

Answer(s): C

Explanation:

When changes enter the project scope, the quality baseline is also updated. The quality baseline records the quality objectives of the project and is based on the project requirements.

Incorrect Answers:
A: The stakeholder identification process will not change because of scope additions. The number of stakeholders may change but how they are identified will not be affected by the scope addition.

B: The vendor selection process likely will not change because of added scope changes. The vendors in the project may, but the selection process will not.

D: The process improvement plan aims to improve the project's processes regardless of scope changes.



You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?

  1. Transaction data
  2. Process integrity
  3. Configuration settings
  4. System changes

Answer(s): A

Explanation:

Monitoring tools that focuses on transaction data generally correlate information from one system to another, such as employee data from the human resources (HR) system with spending information from the expense system or the payroll system.

Incorrect Answers:
B: Process integrity is confirmed within the system, it does not need monitoring.

C: Configuration settings are generally compared against predefined values and not based on the correlation between multiple sources.

D: System changes are compared from a previous state to the current state, it does not correlate information from multiple sources.



Viewing Page 35 of 361



Share your comments for ISACA CRISC exam with other users:

Bsmaind 8/20/2023 9:22:00 AM

hello nice dumps
Anonymous


beau 1/12/2024 4:53:00 PM

good resource for learning
UNITED STATES


Sandeep 12/29/2023 4:07:00 AM

very useful
Anonymous


kevin 9/29/2023 8:04:00 AM

physical tempering techniques
Anonymous


Blessious Phiri 8/15/2023 4:08:00 PM

its giving best technical knowledge
Anonymous


Testbear 6/13/2023 11:15:00 AM

please upload
ITALY


shime 10/24/2023 4:23:00 AM

great question with explanation thanks!!
ETHIOPIA


Thembelani 5/30/2023 2:40:00 AM

does this exam have lab sections?
Anonymous


Shin 9/8/2023 5:31:00 AM

please upload
PHILIPPINES


priti kagwade 7/22/2023 5:17:00 AM

please upload the braindump for .net
UNITED STATES


Robe 9/27/2023 8:15:00 PM

i need this exam 1z0-1107-2. please.
Anonymous


Chiranthaka 9/20/2023 11:22:00 AM

very useful!
Anonymous


Not Miguel 11/26/2023 9:43:00 PM

for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo
Anonymous


Andrus 12/17/2023 12:09:00 PM

q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.
Anonymous


Raj 5/25/2023 8:43:00 AM

nice questions
UNITED STATES


max 12/22/2023 3:45:00 PM

very useful
Anonymous


Muhammad Rawish Siddiqui 12/8/2023 6:12:00 PM

question # 208: failure logs is not an example of operational metadata.
SAUDI ARABIA


Sachin Bedi 1/5/2024 4:47:00 AM

good questions
Anonymous


Kenneth 12/8/2023 7:34:00 AM

thank you for the test materials!
KOREA REPUBLIC OF


Harjinder Singh 8/9/2023 4:16:00 AM

its very helpful
HONG KONG


SD 7/13/2023 12:56:00 AM

good questions
UNITED STATES


kanjoe 7/2/2023 11:40:00 AM

good questons
UNITED STATES


Mahmoud 7/6/2023 4:24:00 AM

i need the dumb of the hcip security v4.0 exam
EGYPT


Wei 8/3/2023 4:18:00 AM

upload the dump please
HONG KONG


Stephen 10/3/2023 6:24:00 PM

yes, iam looking this
AUSTRALIA


Stephen 8/4/2023 9:08:00 PM

please upload cima e2 managing performance dumps
Anonymous


hp 6/16/2023 12:44:00 AM

wonderful questions
Anonymous


Priyo 11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career
INDONESIA


Jude 8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
UNITED STATES


Marc blue 9/15/2023 4:11:00 AM

great job. hope this helps out.
UNITED STATES


Anne 9/13/2023 2:33:00 AM

upload please. many thanks!
Anonymous


pepe el toro 9/12/2023 7:55:00 PM

this is so interesting
Anonymous


Antony 11/28/2023 12:13:00 AM

great material thanks
AUSTRALIA


Thembelani 5/30/2023 2:22:00 AM

anyone who wrote this exam recently
Anonymous