ISACA Certified in Risk and Information Systems Control CRISC Dumps in PDF

Free ISACA CRISC Real Questions (page: 6)

You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?

  1. Human resource needs
  2. Quality control concerns
  3. Costs
  4. Risks

Answer(s): D

Explanation:

Fast tracking allows entire phases of the project to overlap and generally increases risks within the project.

Fast tracking is a technique for compressing project schedule. In fast tracking, phases are overlapped that would normally be done in sequence. It is shortening the project schedule without reducing the project scope.

Incorrect Answers:
A: Human resources are not affected by fast tracking in most scenarios.

B: Quality control concerns usually are not affected by fast tracking decisions. C: Costs do not generally increase based on fast tracking decisions.



David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?

  1. Avoidance
  2. Mitigation
  3. Acceptance
  4. Transfer

Answer(s): B

Explanation:

As David is taking some operational controls to reduce the likelihood and impact of the risk, hence he is adopting risk mitigation. Risk mitigation means that actions are taken to reduce the likelihood and/or impact of risk.

Incorrect Answers:
A: Risk avoidance means that activities or conditions that give rise to risk are discontinued. But here, no such actions are taken, therefore risk in not avoided.

C: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted in case it occurs. As David has taken some actions in case to defend, therefore he is not accepting risk.

D: David has not hired a vendor to manage the risk for his project; therefore he is not transferring the risk.



Which of the following is the MOST important objective of the information system control?

  1. Business objectives are achieved and undesired risk events are detected and corrected
  2. Ensuring effective and efficient operations
  3. Developing business continuity and disaster recovery plans
  4. Safeguarding assets

Answer(s): A

Explanation:

The basic purpose of Information System control in an organization is to ensure that the business objectives are achieved and undesired risk events are detected and corrected. Some of the IS control objectives are given below:
Safeguarding assets
Assuring integrity of sensitive and critical application system environments Assuring integrity of general operating system
Ensuring effective and efficient operations
Fulfilling user requirements, organizational policies and procedures, and applicable laws and regulations Changing management
Developing business continuity and disaster recovery plans Developing incident response and handling plans

Hence the most important objective is to ensure that business objectives are achieved and undesired risk events are detected and corrected.

Incorrect Answers:
B, C, D: These are also the objectives of the information system control but are not the best answer.



Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?

  1. Business Continuity Strategy
  2. Index of Disaster-Relevant Information
  3. Disaster Invocation Guideline
  4. Availability/ ITSCM/ Security Testing Schedule

Answer(s): A

Explanation:

The Business Continuity Strategy is an outline of the approach to ensure the continuity of Vital Business Functions in the case of disaster events. The Business Continuity Strategy is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy.

Incorrect Answers:
B: Index of Disaster-Relevant Information is a catalog of all information that is relevant in the event of disasters. This document is maintained and circulated by IT Service Continuity Management to all members of IT staff with responsibilities for fighting disasters.

C: Disaster Invocation Guideline is a document produced by IT Service Continuity Management with detailed instructions on when and how to invoke the procedure for fighting a disaster. Most importantly, the guideline defines the first step to be taken by the Service Desk after learning that a disaster has occurred.

D: Availability/ ITSCM/ Security Testing Schedule is a schedule for the regular testing of all availability, continuity, and security mechanisms jointly maintained by Availability, IT Service Continuity, and IT Security Management.



For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"

  1. Level 3
  2. Level 0
  3. Level 5
  4. Level 2

Answer(s): C

Explanation:

An enterprise's risk management capability maturity level is 5 when real-time monitoring of risk events and control exceptions exists, as does automation of policy management.

Incorrect Answers:
A, D: In these levels real-time monitoring of risk events is not done.

B: In level 0 of risk management capability maturity model, enterprise does not recognize the importance of considering the risk management or the business impact from IT risk.



Share your comments for ISACA CRISC exam with other users:

R
Regor
12/4/2023 2:01:00 PM

is this a valid prince2 practitioner dumps?

A
asl
9/14/2023 3:59:00 PM

all are relatable questions

S
Siyya
1/19/2024 8:30:00 PM

might help me to prepare for the exam

T
Ted
6/21/2023 11:11:00 PM

just paid and downlaod the 2 exams using the 50% sale discount. so far i was able to download the pdf and the test engine. all looks good.

P
Paul K
11/27/2023 2:28:00 AM

i think it should be a,c. option d goes against the principle of building anything custom unless there are no work arounds available

P
ph
6/16/2023 12:41:00 AM

very legible

S
sephs2001
7/31/2023 10:42:00 PM

is this exam accurate or helpful?

A
ash
7/11/2023 3:00:00 AM

please upload dump, i have exam in 2 days

S
Sneha
8/17/2023 6:29:00 PM

this is useful

S
sachin
12/27/2023 2:45:00 PM

question 232 answer should be perimeter not netowrk layer. wrong answer selected

T
tomAws
7/18/2023 5:05:00 AM

nice questions

R
Rahul
6/11/2023 2:07:00 AM

hi team, could you please provide this dump ?

T
TeamOraTech
12/5/2023 9:49:00 AM

very helpful to clear the exam and understand the concept.

C
Curtis
7/12/2023 8:20:00 PM

i think it is great that you are helping people when they need it. thanks.

S
sam
7/17/2023 6:22:00 PM

cannot evaluate yet

N
nutz
7/20/2023 1:54:00 AM

a laptops wireless antenna is most likely located in the bezel of the lid

R
rajesh soni
1/17/2024 6:53:00 AM

good examplae to learn basic

T
Tanya
10/25/2023 7:07:00 AM

this is useful information

N
Nasir Mahmood
12/11/2023 7:32:00 AM

looks usefull

J
Jason
9/30/2023 1:07:00 PM

question 81 should be c.

T
TestPD1
8/10/2023 12:22:00 PM

question 18 : response isnt a ?

A
ally
8/19/2023 5:31:00 PM

plaese add questions

D
DIA
10/7/2023 5:59:00 AM

is dumps still valid ?

A
Annie
7/7/2023 8:33:00 AM

thanks for this

A
arnie
9/17/2023 6:38:00 AM

please upload questions

T
Tanuj Rana
7/22/2023 2:33:00 AM

please upload the question dump for professional machinelearning

F
Future practitioner
8/10/2023 1:26:00 PM

question 4 answer is c. this site shows the correct answer as b. "adopt a consumption model" is clearly a cost optimization design principle. looks like im done using this site to study!!!

A
Ace
8/3/2023 10:37:00 AM

number 52 answer is d

N
Nathan
12/17/2023 12:04:00 PM

just started preparing for my exam , and this site is so much help

C
Corey
12/29/2023 5:06:00 PM

question 35 is incorrect, the correct answer is c, it even states so: explanation: when a vm is infected with ransomware, you should not restore the vm to the infected vm. this is because the ransomware will still be present on the vm, and it will encrypt the files again. you should also not restore the vm to any vm within the companys subscription. this is because the ransomware could spread to other vms in the subscription. the best way to restore a vm that is infected with ransomware is to restore it to a new azure vm. this will ensure that the ransomware is not present on the new vm.

R
Rajender
10/18/2023 3:54:00 AM

i would like to take psm1 exam.

B
Blessious Phiri
8/14/2023 9:53:00 AM

cbd and pdb are key to the database

A
Alkaed
10/19/2022 10:41:00 AM

the purchase and download process is very much streamlined. the xengine application is very nice and user-friendly but there is always room for improvement.

D
Dave Gregen
9/4/2023 3:17:00 PM

please upload p_sapea_2023

AI Tutor 👋 I’m here to help!