ISACA Certified in Risk and Information Systems Control CRISC Dumps in PDF

Free ISACA CRISC Real Questions (page: 54)

You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?

  1. Project network diagrams
  2. Cause-and-effect analysis
  3. Decision tree analysis
  4. Delphi Technique

Answer(s): C

Explanation:

Decision tree analysis is a risk analysis tool that can help the project manager in determining the best risk response. The tool can be used to measure probability, impact, and risk exposure and how the selected risk response can affect the probability and/or impact of the selected risk event. It helps to form a balanced image

of the risks and opportunities connected with each possible course of action. This makes them mostly useful for choosing between different strategies, projects, or investment opportunities particularly when the resources are limited. A decision tree is a decision support tool that uses a tree-like graph or model of decisions and their possible consequences, including chance event outcomes, resource costs, and utility.

Incorrect Answers:
A: Project network diagrams help the project manager and stakeholders visualize the flow of the project work, but they are not used as a part of risk response planning.

B: Cause-and-effect analysis is used for exposing risk factors and not an effective one in risk response planning. This analysis involves the use of predictive or diagnostic analytical tool for exploring the root causes or factors that contribute to positive or negative effects or outcomes.

D: Delphi technique is used for risk analysis, i.e., for identifying the most probable risks. Delphi is a group of experts who used to rate independently the business risk of an organization. Each expert analyzes the risk independently and then prioritizes the risk, and the result is combined into a consensus.



What is the MAIN purpose of designing risk management programs?

  1. To reduce the risk to a level that the enterprise is willing to accept
  2. To reduce the risk to the point at which the benefit exceeds the expense
  3. To reduce the risk to a level that is too small to be measurable
  4. To reduce the risk to a rate of return that equals the current cost of capital

Answer(s): A

Explanation:

Risk cannot be removed completely from the enterprise; it can only be reduced to a level that an organization is willing to accept. Risk management programs are hence designed to accomplish the task of reducing risks.

Incorrect Answers:
B: Depending on the risk preference of an enterprise, it may or may not choose to pursue risk mitigation to the point at which benefit equals or exceeds the expense. Hence this is not the primary objective of designing the risk management program.

C: Reducing risk to a level too small to measure is not practical and is often cost-prohibitive.

D: Reducing risks to a specific return ignores the qualitative aspects of the risk which should also be considered.



Which of the following terms is described in the statement below?

"They are the prime monitoring indicators of the enterprise, and are highly relevant and possess a high probability of predicting or indicating important risk."

  1. Key risk indicators
  2. Lag indicators
  3. Lead indicators
  4. Risk indicators

Answer(s): A

Explanation:

Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.

Incorrect Answers:
B: Lag indicators are the risk indicators that is used to indicate risk after events have occurred.

C: Lead indicators are the risk indicators that is used to indicate which capabilities are in place to prevent events from occurring.

D: Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks.



What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?

  1. Anti-harassment policy
  2. Acceptable use policy
  3. Intellectual property policy
  4. Privacy policy

Answer(s): B

Explanation:

An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system that restrict the ways in which the network site or system may be used. Acceptable Use Policies are an integral part of the framework of information security policies.

Incorrect Answers:
A, C: These two policies are not related to Information system security.

D: Privacy policy is a statement or a legal document (privacy law) that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data.



Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just $15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?

  1. Mitigation
  2. Avoidance
  3. Transference
  4. Enhancing

Answer(s): A

Explanation:

Risk mitigation implies a reduction in the probability and/or impact of an adverse risk event to be within acceptable threshold limits. Taking early actions to reduce the probability and/or impact of a risk occurring on the project is often more effective than trying to repair the damage after the risk has occurred.

Incorrect Answers:
B: Avoidance changes the project plan to avoid the risk altogether.

C: Transference requires shifting some or all of the negative impacts of a threat, along with the ownership of the response, to a third party. Transferring the risk simply gives another party the responsibility for its management-it does not eliminate it.

Transferring the liability for a risk is most effective in dealing with financial risk exposure. Risk transference nearly always involves payment of a risk premium to the party taking on the risk.

D: Enhancing is actually a positive risk response. This strategy is used to increase the probability and/or the positive impact of an opportunity. Identifying and maximizing the key drivers of these positive-impact risks may increase the probability of their occurrence.



Share your comments for ISACA CRISC exam with other users:

J
Jimmy Lopez
8/25/2023 10:19:00 AM

please upload oracle cloud infrastructure 2023 foundations associate exam braindumps. thank you.

L
Lily
4/24/2023 10:50:00 PM

questions made studying easy and enjoyable, passed on the first try!

J
John
8/7/2023 12:12:00 AM

has anyone recently attended safe 6.0 exam? did you see any questions from here?

B
Big Dog
6/24/2023 4:47:00 PM

question 13 should be dhcp option 43, right?

B
B.Khan
4/19/2022 9:43:00 PM

the buy 1 get 1 is a great deal. so far i have only gone over exam. it looks promissing. i report back once i write my exam.

G
Ganesh
12/24/2023 11:56:00 PM

is this dump good

A
Albin
10/13/2023 12:37:00 AM

good ................

P
Passed
1/16/2022 9:40:00 AM

passed

H
Harsh
6/12/2023 1:43:00 PM

yes going good

S
Salesforce consultant
1/2/2024 1:32:00 PM

good questions for practice

R
Ridima
9/12/2023 4:18:00 AM

need dump and sap notes for c_s4cpr_2308 - sap certified application associate - sap s/4hana cloud, public edition - sourcing and procurement

T
Tanvi Rajput
10/6/2023 6:50:00 AM

question 11: d i personally feel some answers are wrong.

A
Anil
7/18/2023 9:38:00 AM

nice questions

C
Chris
8/26/2023 1:10:00 AM

looking for c1000-158: ibm cloud technical advocate v4 questions

S
sachin
6/27/2023 1:22:00 PM

can you share the pdf

B
Blessious Phiri
8/13/2023 10:26:00 AM

admin ii is real technical stuff

L
Luis Manuel
7/13/2023 9:30:00 PM

could you post the link

V
vijendra
8/18/2023 7:54:00 AM

hello send me dumps

S
Simeneh
7/9/2023 8:46:00 AM

it is very nice

J
john
11/16/2023 5:13:00 PM

i gave the amazon dva-c02 tests today and passed. very helpful.

T
Tao
11/20/2023 8:53:00 AM

there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.

P
patricks
10/24/2023 6:02:00 AM

passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.

A
Ananya
9/14/2023 5:17:00 AM

i need it, plz make it available

J
JM
12/19/2023 2:41:00 PM

q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.

R
Ronke
8/18/2023 10:39:00 AM

this is simple but tiugh as well

C
CesarPA
7/12/2023 10:36:00 PM

questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !

J
Jeya
9/13/2023 7:50:00 AM

its very useful

T
Tracy
10/24/2023 6:28:00 AM

i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.

J
James
8/17/2023 4:33:00 PM

real questions

A
Aderonke
10/23/2023 1:07:00 PM

very helpful assessments

S
Simmi
8/24/2023 7:25:00 AM

hi there, i would like to get dumps for this exam

J
johnson
10/24/2023 5:47:00 AM

i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.

M
Manas
9/9/2023 1:48:00 AM

please upload 1z0-1072-23 exam dups

S
SB
9/12/2023 5:15:00 AM

i was hoping if you could please share the pdf as i’m currently preparing to give the exam.

AI Tutor 👋 I’m here to help!