Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA Certified in Risk and Information Systems Control CRISC Exam Questions in PDF

Free ISACA CRISC Dumps Questions (page: 40)

CRISC PDF — 1895 Questions

Which of the following items is considered as an objective of the three dimensional model within the framework described in COSO ERM?

  1. Risk assessment
  2. Financial reporting
  3. Control environment
  4. Monitoring

Answer(s): B

Explanation:

The COSO ERM (Enterprise Risk Management) frame work is a 3-dimensional model. The dimensions and their components include:
Strategic Objectives - includes strategic, operations, reporting, and compliance.
Risk Components - includes Internal Environment, Objectives settings, Event identification, Risk assessment, Risk response, Control activities, Information and communication, and monitoring. Organizational Levels - include subsidiary, business unit, division, and entity-level.

The COSO ERM framework contains eight risk components: Internal Environment
Objective Settings Event Identification Risk Assessment Risk Response Control Activities
Information and Communication Monitoring

Section 404 of the Sarbanes-Oley act specifies a three dimensional model- COSO ERM, comprised of Internal control components, Internal control objectives, and organization entities. All the items listed are components except Financial reporting which is an internal control objective.

Incorrect Answers:
A, C, D: They are the Internal control components, not the Internal control objectives.



NIST SP 800-53 identifies controls in three primary classes. What are they?

  1. Technical, Administrative, and Environmental
  2. Preventative, Detective, and Corrective
  3. Technical, Operational, and Management
  4. Administrative, Technical, and Operational

Answer(s): C

Explanation:

NIST SP 800-53 is used to review security in any organization, that is, in reviewing physical security. The Physical and Environmental Protection family includes 19 different controls. Organizations use these controls for better physical security. These controls are reviewed to determine if they are relevant to a particular organization or not. Many of the controls described include additional references that provide more details on how to implement them. The National Institute of Standards and Technology (NIST) SP 800-53 rev 3 identifies 18 families of controls. It groups these controls into three classes:
Technical Operational Management



While defining the risk management strategies, what are the major parts to be determined first? Each correct answer represents a part of the solution. Choose two.

  1. IT architecture complexity
  2. Organizational objectives
  3. Risk tolerance
  4. Risk assessment criteria

Answer(s): B,C

Explanation:

While defining the risk management strategies, risk professional should first identify and analyze the objectives of the organization and the risk tolerance. Once the objectives of enterprise are known, risk professional can detect the possible risks which can occur in accomplishing those objectives. Analyzing the risk tolerance would help in identifying the priorities of risk which is the latter steps in risk management. Hence these two do the basic framework in risk management.

Incorrect Answers:
A: IT architecture complexity is related to the risk assessment and not the risk management, as it does much help in evaluating each significant risk identified.

D: Risk assessment is one of the various phases that occur while managing risks, which uses quantitative and qualitative approach to evaluate risks. Hence risk assessment criteria is only a part of this framework.



Which of the following are true for quantitative analysis?
Each correct answer represents a complete solution. Choose three.

  1. Determines risk factors in terms of high/medium/low.
  2. Produces statistically reliable results
  3. Allows discovery of which phenomena are likely to be genuine and which are merely chance occurrences
  4. Allows data to be classified and counted

Answer(s): B,C,D

Explanation:

As quantitative analysis is data driven, it: Allows data classification and counting.
Allows statistical models to be constructed, which help in explaining what is being observed. Generalizes findings for a larger population and direct comparisons between two different sets of data or observations.
Produces statistically reliable results.
Allows discovery of phenomena which are likely to be genuine and merely occurs by chance.

Incorrect Answers:
A: Risk factors are expressed in terms of high/medium/low in qualitative analysis, and not in quantitative analysis.



Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?

  1. Bias towards risk in new resources
  2. Risk probability and impact matrixes
  3. Uncertainty in values such as duration of schedule activities
  4. Risk identification

Answer(s): C

Explanation:

Risk probability distributions are likely to be utilized in uncertain values, such as time and cost estimates for a project.

Incorrect Answers:
A: Risk probability distributions do not typically interact with the bias towards risks in new resources. B: Risk probability distributions are not likely to be used with risk probability and impact matrices.
D: Risk probability distributions are not likely the risk identification.



Viewing page 40 of 361

Share your comments for ISACA CRISC exam with other users:

R
Rahul
6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?

INDIA
T
TeamOraTech
12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.

Anonymous
C
Curtis
7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.

UNITED STATES
S
sam
7/17/2023 6:22:00 PM

cannot evaluate yet

Anonymous
N
nutz
7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid

UNITED STATES
R
rajesh soni
1/17/2024 6:53:00 AM

good examplae to learn basic

INDIA
T
Tanya
10/25/2023 7:07:00 AM

this is useful information

Anonymous
N
Nasir Mahmood
12/11/2023 7:32:00 AM

looks usefull

Anonymous
J
Jason
9/30/2023 1:07:00 PM

question 81 should be c.

CANADA
T
TestPD1
8/10/2023 12:22:00 PM

question 18 : response isnt a ?

EUROPEAN UNION
A
ally
8/19/2023 5:31:00 PM

plaese add questions

TURKEY
D
DIA
10/7/2023 5:59:00 AM

is dumps still valid ?

FRANCE
A
Annie
7/7/2023 8:33:00 AM

thanks for this

EUROPEAN UNION
A
arnie
9/17/2023 6:38:00 AM

please upload questions

Anonymous
T
Tanuj Rana
7/22/2023 2:33:00 AM

please upload the question dump for professional machinelearning

Anonymous
F
Future practitioner
8/10/2023 1:26:00 PM

question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!

Anonymous
A
Ace
8/3/2023 10:37:00 AM

number 52 answer is d

UNITED STATES
N
Nathan
12/17/2023 12:04:00 PM

just started preparing for my exam , and this site is so much help

Anonymous
C
Corey
12/29/2023 5:06:00 PM

question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.

Anonymous
R
Rajender
10/18/2023 3:54:00 AM

i would like to take psm1 exam.

Anonymous
B
Blessious Phiri
8/14/2023 9:53:00 AM

cbd and pdb are key to the database

SOUTH AFRICA
A
Alkaed
10/19/2022 10:41:00 AM

the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.

NETHERLANDS
D
Dave Gregen
9/4/2023 3:17:00 PM

please upload p_sapea_2023

SWEDEN
S
Sarah
6/13/2023 1:42:00 PM

anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried

CANADA
S
Shuv
10/3/2023 8:19:00 AM

good questions

UNITED STATES
R
Reb974
8/5/2023 1:44:00 AM

hello are these questions valid for ms-102

CANADA
M
Mchal
7/20/2023 3:38:00 AM

some questions are wrongly answered but its good nonetheless

POLAND
S
Sonbir
8/8/2023 1:04:00 PM

how to get system serial number using intune

Anonymous
M
Manju
10/19/2023 1:19:00 PM

is it really helpful to pass the exam

Anonymous
L
LeAnne Hair
8/24/2023 12:47:00 PM

#229 in incorrect - all the customers require an annual review

UNITED STATES
A
Abdul SK
9/28/2023 11:42:00 PM

kindy upload

Anonymous
A
Aderonke
10/23/2023 12:53:00 PM

fantastic assessment on psm 1

UNITED KINGDOM
S
SAJI
7/20/2023 2:51:00 AM

56 question correct answer a,b

Anonymous
R
Raj Kumar
10/23/2023 8:52:00 PM

thank you for providing the q bank

CANADA
AI Tutor 👋 I’m here to help!