Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA CRISC Exam (page: 46)
ISACA Certified in Risk and Information Systems Control
Updated on: 17-Feb-2026

Viewing Page 46 of 361
CRISC PDF 1895 Questions

Della works as a project manager for Tech Perfect Inc. She is studying the documentation of planning of a project. The documentation states that there are twenty-eight stakeholders with the project. What will be the number of communication channels for the project?

  1. 250
  2. 28
  3. 378
  4. 300

Answer(s): C

Explanation:

According to the twenty- eight stakeholders. Communication channels are paths of communication with stakeholders in a project. The number of communication channels shows the complexity of a project's communication and can be derived through the formula shown below:
Total Number of Communication Channels = n (n-1)/2 where n is the number of stakeholders.

Hence, a project having five stakeholders will have ten communication channels. Putting the value of the number of stakeholders in the formula will provide the number of communication channels. Putting the value of the number of stakeholders in the formula will provide the number of communication channels:
Number of communication channel
= (n (n-1)) / 2
= (28 (28-1)) / 2
= (28 x 27) / 2
= 756 / 2
= 378



Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs
$25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly. What type of risk response had been used by him?

  1. Avoiding
  2. Accepting
  3. Exploiting
  4. Enhancing

Answer(s): C

Explanation:

A risk event is being exploited so as to identify the opportunities for positive impacts. Exploit response is one of the strategies to negate risks or threats that appear in a project. This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. Exploiting a risk event provides opportunities for positive impact on a project. Assigning more talented resources to the project to reduce the time to completion is an example of exploit response.

Incorrect Answers:
A: To avoid a risk means to evade it altogether, eliminate the cause of the risk event, or change the project plan to protect the project objectives from the risk event.

B: Accepting is a risk response that is appropriate for positive or negative risk events. It does not pursue the risk, but documents the event and allows the risk to happen. Often acceptance is used for low probability and low impact risk events.

D: Enhancing is a positive risk response that aims to increase the probability and/or impact of the risk event.



Which among the following is the BEST reason for defining a risk response?

  1. To eliminate risk from the enterprise
  2. To ensure that the residual risk is within the limits of the risk appetite and tolerance
  3. To overview current status of risk
  4. To mitigate risk

Answer(s): B

Explanation:

The purpose of defining a risk response is to ensure that the residual risk is within the limits of the risk appetite and tolerance of the enterprise. Risk response is based on selecting the correct, prioritized response to risk, based on the level of risk, the enterprise's risk tolerance and the cost or benefit of the particular risk response option.

Incorrect Answers:
A: Risk cannot be completely eliminated from the enterprise. C: This is not a valid answer.
D: Mitigation of risk is itself the risk response process, not the reason behind this.



Which of the following is the BEST defense against successful phishing attacks?

  1. Intrusion detection system
  2. Application hardening
  3. End-user awareness
  4. Spam filters

Answer(s): C

Explanation:

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing attacks are a type of to social engineering attack and are best defended by end-user awareness training.

Incorrect Answers:
A: An intrusion detection system does not protect against phishing attacks since phishing attacks usually do not have a particular pattern or unique signature.

B: Application hardening does not protect against phishing attacks since phishing attacks generally use e-mail as the attack vector, with the end-user as the vulnerable point, not the application.

D: Certain highly specialized spam filters can reduce the number of phishing e-mails that reach the inboxes of user, but they are not as effective in addressing phishing attack as end-user awareness.



Which of the following laws applies to organizations handling health care information?

  1. GLBA
  2. HIPAA
  3. SOX
  4. FISMA

Answer(s): B

Explanation:

HIPAA handles health care information of an organization.

The Health Insurance Portability and Accountability Act (HIPAA) were introduced in 1996. It ensures that health information data is protected. Before HIPAA, personal medical information was often available to anyone.
Security to protect the data was lax, and the data was often misused.

If your organization handles health information, HIPAA applies. HIPAA defines health information as any data that is created or received by health care providers, health plans, public health authorities, employers, life insurers, schools or universities, and health care clearinghouses.

HIPAA defines any data that is related to the health of an individual, including past/present/future health, physical/mental health, and past/present/future payments for health care.

Creating a HIPAA compliance plan involves following phases:
Assessment: An assessment helps in identifying whether organization is covered by HIPAA. If it is, then further requirement is to identify what data is needed to protect.
Risk analysis: A risk analysis helps to identify the risks. In this phase, analyzing method of handling data of organization is done.
Plan creation: After identifying the risks, plan is created. This plan includes methods to reduce the risk. Plan implementation: In this plan is being implemented.
Continuous monitoring: Security in depth requires continuous monitoring. Monitor regulations for changes. Monitor risks for changes. Monitor the plan to ensure it is still used.
Assessment: Regular reviews are conducted to ensure that the organization remains in compliance.

Incorrect Answers:
A: GLBA is not used for handling health care information.

C: SOX designed to hold executives and board members personally responsible for financial data. D: FISMA ensures protection of data of federal agencies.



Viewing Page 46 of 361



Share your comments for ISACA CRISC exam with other users:

Stephen 10/3/2023 6:24:00 PM

yes, iam looking this
AUSTRALIA


Stephen 8/4/2023 9:08:00 PM

please upload cima e2 managing performance dumps
Anonymous


hp 6/16/2023 12:44:00 AM

wonderful questions
Anonymous


Priyo 11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career
INDONESIA


Jude 8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
UNITED STATES


Marc blue 9/15/2023 4:11:00 AM

great job. hope this helps out.
UNITED STATES


Anne 9/13/2023 2:33:00 AM

upload please. many thanks!
Anonymous


pepe el toro 9/12/2023 7:55:00 PM

this is so interesting
Anonymous


Antony 11/28/2023 12:13:00 AM

great material thanks
AUSTRALIA


Thembelani 5/30/2023 2:22:00 AM

anyone who wrote this exam recently
Anonymous


P 9/16/2023 1:27:00 AM

ok they re good
Anonymous


Jorn 7/13/2023 5:05:00 AM

relevant questions
UNITED KINGDOM


AM 6/20/2023 7:54:00 PM

please post
UNITED STATES


Nagendra Pedipina 7/13/2023 2:22:00 AM

q:42 there has to be a image in the question to choose what does it mean from the options
INDIA


BrainDumpee 11/18/2023 1:36:00 PM

looking for cphq dumps, where can i find these for free? please and thank you.
UNITED STATES


sheik 10/14/2023 11:37:00 AM

@aarun , thanks for the information. it would be great help if you share your email
Anonymous


Random user 12/11/2023 1:34:00 AM

1z0-1078-23 need this dumps
Anonymous


labuschanka 11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous


Marianne 10/22/2023 11:57:00 PM

i cannot see the button to go to the questions
Anonymous


sushant 6/28/2023 4:52:00 AM

good questions
EUROPEAN UNION


A\MAM 6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
UNITED STATES


unanimous 12/15/2023 6:38:00 AM

very nice very nice
Anonymous


akminocha 9/28/2023 10:36:00 AM

please help us with 1z0-1107-2 dumps
INDIA


Jefi 9/4/2023 8:15:00 AM

please upload the practice questions
Anonymous


Thembelani 5/30/2023 2:45:00 AM

need this dumps
Anonymous


Abduraimov 4/19/2023 12:43:00 AM

preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.
UNITED KINGDOM


Puneeth 10/5/2023 2:06:00 AM

new to this site but i feel it is good
EUROPEAN UNION


Ashok Kumar 1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
Anonymous


Merry 7/30/2023 6:57:00 AM

good questions
Anonymous


VoiceofMidnight 12/17/2023 4:07:00 PM

Delayed the exam until December 29th.
UNITED STATES


Umar Ali 8/29/2023 2:59:00 PM

A and D are True
Anonymous


vel 8/28/2023 9:17:09 AM

good one with explanation
Anonymous


Gurdeep 1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.
CANADA