An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.
Answer(s): D
Business managers are accountable for managing the associated risk and will determine what actions to take based on the information provided by others.Incorrect Answers:A: Information security managers may best understand the technical tactical situation, but business managers are accountable for managing the associated risk and will determine what actions to take based on the information provided by others, which includes collaboration with, and support from, lT security managers.C: The incident response team must ensure open communication to management and stakeholders to ensure that business managers understand the associated risk and are provided enough information to make informed risk-based decisions. They are not responsible for reviewing risk response options.
Which of the following is a technique that provides a systematic description of the combination of unwanted occurrences in a system?
Answer(s): C
Fault tree analysis (FIA) is a technique that provides a systematic description of the combination of possible occurrences in a system, which can result in an undesirable outcome. It combines hardware failures and human failures.Incorrect Answers:A: Sensitivity analysis is the quantitative risk analysis technique that:Assist in determination of risk factors that have the most potential impact Examines the extent to which the uncertainty of each element affects the object under consideration when all other uncertain elements are held at their baseline valuesB: This analysis provides ability to see a range of values across several scenarios to identify risk in specific situation. It provides ability to identify those inputs which will provide the greatest level of uncertainty.D: Cause-and-effect analysis involves the use of predictive or diagnostic analytical tool for exploring the root causes or factors that contribute to positive or negative effects or outcomes. These tools also help in identifying potential risk.
What is the process for selecting and implementing measures to impact risk called?
Answer(s): A
The process for selecting and implementing measures for impacting risk in the environment is called risk treatment.Incorrect Answers:C: The process of analyzing and evaluating risk is called risk assessment.D: Risk management is the coordinated activities for directing and controlling the treatment of risk in the organization.
Which section of the Sarbanes-Oxley Act specifies "Periodic financial reports must be certified by CEO and CFO"?
Section 302 of the Sarbanes-Oxley Act requires corporate responsibility for financial reports to be certified by CEO, CFO, or designated representative.Incorrect Answers:B: Section 404 of the Sarbanes-Oxley Act states that annual assessments of internal controls are the responsibility of management.C: Section 203 of the Sarbanes-Oxley Act requires audit partners and review partners to rotate off an assignment every five years.D: Section 409 of the Sarbanes-Oxley Act states that the financial reports must be distributed quickly and currently.
What is the PRIMARY need for effectively assessing controls?
Controls can be effectively assessed only by determining how accurately the control objective is achieved within the environment in which they are operating. No conclusion can be reached as to the strength of the control until the control has been adequately tested.Incorrect Answers:A: Alignment of control with the operating environment is essential but after the control's accuracy in achieving objective. In other words, achieving objective is the top most priority in assessing controls.B: Control's design effectiveness is also considered but is latter considered after achieving objectives. D: Control's operating effectiveness is considered but after its accuracy in objective achievement.
Share your comments for ISACA CRISC exam with other users:
please i want the questions to pass the exam
i need to pass exam
great, i appreciate it.
please could you upload (isc)2 certified in cybersecurity (cc) exam questions
good questions, wrong answers
im preparing for exams
question no: 42 isnt azure vm an iaas solution? so, shouldnt the answer be "no"?
im study azure
i need this now
i took the aws saa-c03 test and scored 935/1000. it has all the exam dumps and important info.
good questions
well explained
i got the full version and it helped me pass the exam. pdf version is very good.
provide the download link, please
please upload thank.
please can you share 1z0-1055-22 dump pls
i will wait impatiently. thank youu
is it possible to clear the exam if we focus on only these 156 questions instead of 623 questions? kindly help!
really helped with preparation of my scrum exam
very informative and through explanations
prep for exam
thanks for helping us
i prepared for the eccouncil 350-401 exam. i scored 92% on the test.
aba questions to practice
great content
how do i get the remaining questions?
well formatted pdf and the test engine software is free. well worth the money i sept.
looking for 1z0-116
in question 22, shouldnt be in the data (option a) layer?
the questions are incredibly close to real exam. you people are amazing.
q15. answer is b. simple
great practice
thanks to this exam dumps, i felt confident and passed my exam with ease.
need 1z0-1105-22 exam