Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA CRISC Exam (page: 6)
ISACA Certified in Risk and Information Systems Control
Updated on: 15-Feb-2026

Viewing Page 6 of 361
CRISC PDF 1895 Questions

You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?

  1. Human resource needs
  2. Quality control concerns
  3. Costs
  4. Risks

Answer(s): D

Explanation:

Fast tracking allows entire phases of the project to overlap and generally increases risks within the project.

Fast tracking is a technique for compressing project schedule. In fast tracking, phases are overlapped that would normally be done in sequence. It is shortening the project schedule without reducing the project scope.

Incorrect Answers:
A: Human resources are not affected by fast tracking in most scenarios.

B: Quality control concerns usually are not affected by fast tracking decisions. C: Costs do not generally increase based on fast tracking decisions.



David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?

  1. Avoidance
  2. Mitigation
  3. Acceptance
  4. Transfer

Answer(s): B

Explanation:

As David is taking some operational controls to reduce the likelihood and impact of the risk, hence he is adopting risk mitigation. Risk mitigation means that actions are taken to reduce the likelihood and/or impact of risk.

Incorrect Answers:
A: Risk avoidance means that activities or conditions that give rise to risk are discontinued. But here, no such actions are taken, therefore risk in not avoided.

C: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted in case it occurs. As David has taken some actions in case to defend, therefore he is not accepting risk.

D: David has not hired a vendor to manage the risk for his project; therefore he is not transferring the risk.



Which of the following is the MOST important objective of the information system control?

  1. Business objectives are achieved and undesired risk events are detected and corrected
  2. Ensuring effective and efficient operations
  3. Developing business continuity and disaster recovery plans
  4. Safeguarding assets

Answer(s): A

Explanation:

The basic purpose of Information System control in an organization is to ensure that the business objectives are achieved and undesired risk events are detected and corrected. Some of the IS control objectives are given below:
Safeguarding assets
Assuring integrity of sensitive and critical application system environments Assuring integrity of general operating system
Ensuring effective and efficient operations
Fulfilling user requirements, organizational policies and procedures, and applicable laws and regulations Changing management
Developing business continuity and disaster recovery plans Developing incident response and handling plans

Hence the most important objective is to ensure that business objectives are achieved and undesired risk events are detected and corrected.

Incorrect Answers:
B, C, D: These are also the objectives of the information system control but are not the best answer.



Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?

  1. Business Continuity Strategy
  2. Index of Disaster-Relevant Information
  3. Disaster Invocation Guideline
  4. Availability/ ITSCM/ Security Testing Schedule

Answer(s): A

Explanation:

The Business Continuity Strategy is an outline of the approach to ensure the continuity of Vital Business Functions in the case of disaster events. The Business Continuity Strategy is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy.

Incorrect Answers:
B: Index of Disaster-Relevant Information is a catalog of all information that is relevant in the event of disasters. This document is maintained and circulated by IT Service Continuity Management to all members of IT staff with responsibilities for fighting disasters.

C: Disaster Invocation Guideline is a document produced by IT Service Continuity Management with detailed instructions on when and how to invoke the procedure for fighting a disaster. Most importantly, the guideline defines the first step to be taken by the Service Desk after learning that a disaster has occurred.

D: Availability/ ITSCM/ Security Testing Schedule is a schedule for the regular testing of all availability, continuity, and security mechanisms jointly maintained by Availability, IT Service Continuity, and IT Security Management.



For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"

  1. Level 3
  2. Level 0
  3. Level 5
  4. Level 2

Answer(s): C

Explanation:

An enterprise's risk management capability maturity level is 5 when real-time monitoring of risk events and control exceptions exists, as does automation of policy management.

Incorrect Answers:
A, D: In these levels real-time monitoring of risk events is not done.

B: In level 0 of risk management capability maturity model, enterprise does not recognize the importance of considering the risk management or the business impact from IT risk.



Viewing Page 6 of 361



Share your comments for ISACA CRISC exam with other users:

Sreenivas 10/24/2023 12:59:00 AM

helpful for practice
Anonymous


Liz 9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.
UNITED STATES


Namrata 7/15/2023 2:22:00 AM

helpful questions
Anonymous


lipsa 11/8/2023 12:54:00 PM

thanks for question
Anonymous


Eli 6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.
EUROPEAN UNION


open2exam 10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?
Anonymous


Gerald 9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam
UNITED STATES


ryo 9/10/2023 2:27:00 PM

very helpful
MEXICO


Jamshed 6/20/2023 4:32:00 AM

i need this exam
PAKISTAN


Roberto Capra 6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?
Anonymous


Synt 5/23/2023 9:33:00 PM

need to view
UNITED STATES


Vey 5/27/2023 12:06:00 AM

highly appreciate for your sharing.
CAMBODIA


Tshepang 8/18/2023 4:41:00 AM

kindly share this dump. thank you
Anonymous


Jay 9/26/2023 8:00:00 AM

link plz for download
UNITED STATES


Leo 10/30/2023 1:11:00 PM

data quality oecd
Anonymous


Blessious Phiri 8/13/2023 9:35:00 AM

rman is one good recovery technology
Anonymous


DiligentSam 9/30/2023 10:26:00 AM

need it thx
Anonymous


Vani 8/10/2023 8:11:00 PM

good questions
NEW ZEALAND


Fares 9/11/2023 5:00:00 AM

good one nice revision
Anonymous


Lingaraj 10/26/2023 1:27:00 AM

i love this thank you i need
Anonymous


Muhammad Rawish Siddiqui 12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.
SAUDI ARABIA


al 6/7/2023 10:25:00 AM

most answers not correct here
Anonymous


Bano 1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?
UNITED STATES


Oliviajames 10/25/2023 5:31:00 AM

i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!
UNITED STATES


Divya 8/27/2023 12:31:00 PM

all the best
UNITED STATES


KY 1/1/2024 11:01:00 PM

very usefull document
Anonymous


Arun 9/20/2023 4:52:00 PM

nice and helpful questions
INDIA


Joseph J 7/11/2023 2:53:00 PM

i found the questions helpful
UNITED STATES


Meg 10/12/2023 8:02:00 AM

q 105 . ans is d
INDIA


Navaneeth S 7/14/2023 7:57:00 AM

i have interest to get a sybase iq dba certification
UNITED STATES


Aish 10/11/2023 5:27:00 AM

want to pass exm.
INDIA


Anonymous 6/12/2023 7:23:00 AM

are the answers correct?
INDIA


Kris 7/7/2023 9:43:00 AM

good morning, could you please upload this exam again, i need it to test my knowledge in sd-wan with version 7.0.
Anonymous


Meghraj mali 10/7/2023 1:47:00 PM

very nice question
CANADA