ISACA Certified in Risk and Information Systems Control CRISC Dumps in PDF

Free ISACA CRISC Real Questions (page: 37)

Which of the following individuals is responsible for identifying process requirements, approving process design and managing process performance?

  1. Business process owner
  2. Risk owner
  3. Chief financial officer
  4. Chief information officer

Answer(s): A

Explanation:

Business process owners are the individuals responsible for identifying process requirements, approving process design and managing process performance. In general, a business process owner must be at an appropriately high level in the enterprise and have authority to commit resources to process-specific risk management activities.

Incorrect Answers:
B: Risk owner for each risk should be the person who has the most influence over its outcome. Selecting the risk owner thus usually involves considering the source of risk and identifying the person who is best placed to understand and implement what needs to be done.

C: Chief financial officer is the most senior official of the enterprise who is accountable for financial planning, record keeping, investor relations and financial risks.

D: Chief information officer is the most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources.



Which of the following should be considered to ensure that risk responses that are adopted are cost-effective and are aligned with business objectives?
Each correct answer represents a part of the solution. Choose three.

  1. Identify the risk in business terms
  2. Recognize the business risk appetite
  3. Adopt only pre-defined risk responses of business
  4. Follow an integrated approach in business

Answer(s): A,B,D

Explanation:

Risk responses require a formal approach to issues, opportunities and events to ensure that solutions are cost- effective and are aligned with business objectives. The following should be considered:
While preparing the risk response, identify the risk in business terms like loss of productivity, disclosure of confidential information, lost opportunity costs, etc.
Recognize the business risk appetite. Follow an integrated approach in business.

Risk responses requiring an investment should be supported by a carefully planned business case that justifies the expenditure outlines alternatives and describes the justification for the alternative selected.

Incorrect Answers:
C: There is no such requirement to follow the pre-defined risk responses. If some new risk responses are discovered during the risk management of a particular project, they should be noted down in lesson leaned document so that project manager working on some other project could also utilize them.



Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

  1. Project management plan
  2. Project communications plan
  3. Project contractual relationship with the vendor
  4. Project scope statement

Answer(s): A

Explanation:

When new risks are identified as part of the scope additions, Walter should update the risk register and the project management plan to reflect the responses to the risk event.

Incorrect Answers:
B: The project communications management plan may be updated if there's a communication need but the related to the risk event, not the communication of the risks.

C: The contractual relationship won't change with the vendor as far as project risks are concerned. D: The project scope statement is changed as part of the scope approval that has already happened.



What are the three PRIMARY steps to be taken to initialize the project? Each correct answer represents a complete solution. (Choose three.)

  1. Conduct a feasibility study
  2. Define requirements
  3. Acquire software
  4. Plan risk management

Answer(s): A,B,C

Explanation:

Projects are initiated by sponsors who gather the information required to gain approval for the project to be created. Information often compiled into the terms of a project charter includes the objective of the project, business case and problem statement, stakeholders in the system to be produced, and project manager and sponsor.

Following are the steps to initiate the project:
Conduct a feasibility study: Feasibility study starts once initial approval has been given to move forward with a project, and includes an analysis to clearly define the need and to identify alternatives for addressing the need. A feasibility study involves:
- Analyzing the benefits and solutions for the identified problem area
- Development of a business case that states the strategic benefits of implementing the system either in productivity gains or in future cost avoidance and identifies and quantifies the cost savings of the new system.
- Estimation of a payback schedule for the cost incurred in implementing the system or shows the projected return on investment (ROI)
Define requirements: Requirements include:
- Business requirements containing descriptions of what a system should do
- Functional requirements and use case models describing how users will interact with a system
- Technical requirements and design specifications and coding specifications describing how the system will interact, conditions under which the system will operate and the information criteria the system should meet.
Acquire software: Acquiring software involves building new or modifying existing hardware or software after final approval by the stakeholder, which is not a phase in the standard SDLC process. If a decision was reached to acquire rather than develop software, this task should occur after defining requirements.

Incorrect Answers:
D: Risk management is planned latter in project development process, and not during initialization.



You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a network connectivity for 1 day. Which of the following factors would you include?

  1. Aggregate compensation of all affected business users.
  2. Hourly billing rate charged by the carrier
  3. Value that enterprise get on transferring data over the network
  4. Financial losses incurred by affected business units

Answer(s): D

Explanation:

The impact of network unavailability is the cost it incurs to the enterprise. As the network is unavailable for 1 day, it can be considered as the failure of some business units that rely on this network. Hence financial losses incurred by this affected business unit should be considered.

Incorrect Answers:
A, B, C: These factors in combination contribute to the overall financial impact, i.e., financial losses incurred by affected business units.



Share your comments for ISACA CRISC exam with other users:

T
T
7/28/2023 9:06:00 PM

this question is keep repeat : you are developing a sales application that will contain several azure cloud services and handle different components of a transaction. different cloud services will process customer orders, billing, payment, inventory, and shipping. you need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using xml messages. what should you include in the recommendation?

G
Gurgaon
9/28/2023 4:35:00 AM

great questions

W
wasif
10/11/2023 2:22:00 AM

its realy good

S
Shubhra Rathi
8/26/2023 1:12:00 PM

oracle 1z0-1059-22 dumps

L
Leo
7/29/2023 8:48:00 AM

please share me the pdf..

A
AbedRabbou Alaqabna
12/18/2023 3:10:00 AM

q50: which two functions can be used by an end user when pivoting an interactive report? the correct answer is a, c because we do not have rank in the function pivoting you can check in the apex app

R
Rohan Limaye
12/30/2023 8:52:00 AM

best to practice

A
Aparajeeta
10/13/2023 2:42:00 PM

so far it is good

V
Vgf
7/20/2023 3:59:00 PM

please provide me the dump

D
Deno
10/25/2023 1:14:00 AM

i failed the cisa exam today. but i have found all the questions that were on the exam to be on this site.

C
CiscoStudent
11/15/2023 5:29:00 AM

in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.

P
pankaj
9/28/2023 4:36:00 AM

it was helpful

U
User123
10/8/2023 9:59:00 AM

good question

V
vinay
9/4/2023 10:23:00 AM

really nice

U
Usman
8/28/2023 10:07:00 AM

please i need dumps for isc2 cybersecuity

Q
Q44
7/30/2023 11:50:00 AM

ans is coldline i think

A
Anuj
12/21/2023 1:30:00 PM

very helpful

G
Giri
9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more

A
Aaron
2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.

S
Sarwar
12/21/2023 4:54:00 PM

how i can see exam questions?

C
Chengchaone
9/11/2023 10:22:00 AM

can you please upload please?

M
Mouli
9/2/2023 7:02:00 AM

question 75: option c is correct answer

J
JugHead
9/27/2023 2:40:00 PM

please add this exam

S
sushant
6/28/2023 4:38:00 AM

please upoad

J
John
8/7/2023 12:09:00 AM

has anyone recently attended safe 6.0 certification? is it the samq question from here.

B
Blessious Phiri
8/14/2023 3:49:00 PM

expository experience

C
concerned citizen
12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.

D
deedee
12/23/2023 5:10:00 PM

great help!!!

S
Samir
8/1/2023 3:07:00 PM

very useful tools

S
Saeed
11/7/2023 3:14:00 AM

looks a good platform to prepare az-104

M
Matiullah
6/24/2023 7:37:00 AM

want to pass the exam

S
SN
9/5/2023 2:25:00 PM

good resource

Z
Zoubeyr
9/8/2023 5:56:00 AM

question 11 : d

U
User
8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.

AI Tutor 👋 I’m here to help!