Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISACA
  3. CRISC

ISACA Certified in Risk and Information Systems Control CRISC Exam Questions in PDF

Free ISACA CRISC Dumps Questions (page: 70)

CRISC PDF — 1895 Questions

Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?

  1. Cost change control system
  2. Configuration management system
  3. Scope change control system
  4. Integrated change control

Answer(s): B

Explanation:

The configuration management system ensures that proposed changes to the project's scope are reviewed and evaluated for their affect on the project's product.

Configure management process is important in achieving business objectives. Ensuring the integrity of hardware and software configurations requires the establishment and maintenance of an accurate and complete configuration repository. This process includes collecting initial configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository as needed. Effective configuration management facilitates greater system availability minimizes production issues and resolves issues more quickly.

Incorrect Answers:
A: The cost change control system is responsible for reviewing and controlling changes to the project costs.

C: The scope change control system focuses on reviewing the actual changes to the project scope. When a change to the project's scope is proposed, the configuration management system is also invoked.

D: Integrated change control examines the affect of a proposed change on the project as a whole.



What are the key control activities to be done to ensure business alignment? Each correct answer represents a part of the solution. Choose two.

  1. Define the business requirements for the management of data by IT
  2. Conduct IT continuity tests on a regular basis or when there are major changes in the IT infrastructure
  3. Periodically identify critical data that affect business operations
  4. Establish an independent test task force that keeps track of all events

Answer(s): A,C

Explanation:

Business alignment require following control activities:
Defining the business requirements for the management of data by IT.
Periodically identifying critical data that affect business operations, in alignment with the risk management model and IT service as well as the business continuity plan.

Incorrect Answers:
B: Conducting IT continuity tests on a regular basis or when there are major changes in the IT infrastructure is done for testing IT continuity plan. It does not ensure alignment with business.

D: This is not a valid answer.



Which of the following statements is true for risk analysis?

  1. Risk analysis should assume an equal degree of protection for all assets.
  2. Risk analysis should give more weight to the likelihood than the size of loss.
  3. Risk analysis should limit the scope to a benchmark of similar companies
  4. Risk analysis should address the potential size and likelihood of loss.

Answer(s): D

Explanation:

A risk analysis deals with the potential size and likelihood of loss. A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of:
Threats to various processes of organization. Threats to physical and information assets. Likelihood and frequency of occurrence from threat. Impact on assets from threat and vulnerability.

Risk analysis allows the auditor to do the following tasks :
Identify threats and vulnerabilities to the enterprise and its information system. Provide information for evaluation of controls in audit planning.
Aids in determining audit objectives. Supporting decision based on risks.

Incorrect Answers:
A: Assuming equal degree of protection would only be rational in the rare event that all the assets are similar in sensitivity and criticality. Hence this is not practiced in risk analysis.

B: Since the likelihood determines the size of the loss, hence both elements must be considered in the calculation.

C: A risk analysis would not normally consider the benchmark of similar companies as providing relevant information other than for comparison purposes.



You are working in Bluewell Inc. which make advertisement Websites. Someone had made unauthorized changes to your Website. Which of the following terms refers to this type of loss?

  1. Loss of confidentiality
  2. Loss of integrity
  3. Loss of availability
  4. Loss of revenue

Answer(s): B

Explanation:

Loss of integrity refers to the following types of losses: An e-mail message is modified in transit
A virus infects a file
Someone makes unauthorized changes to a Web site

Incorrect Answers:
A: Someone sees a password or a company's secret formula, this is referred to as loss of confidentiality.

C: An e-mail server is down and no one has e-mail access, or a file server is down so data files aren't available comes under loss of availability.

D: This refers to the events which would eventually cause loss of revenue.



Which of the following is NOT true for Key Risk Indicators?

  1. They are selected as the prime monitoring indicators for the enterprise
  2. They help avoid having to manage and report on an excessively large number of risk indicators
  3. The complete set of KRIs should also balance indicators for risk, root causes and business impact.
  4. They are monitored annually

Answer(s): D

Explanation:

They are monitored on regular basis as they indicate high probability and high impact risks. As risks change over time, hence KRIs should also be monitored regularly for its effectiveness on these changing risks.

Incorrect Answers:
A, B, C: These all are true for KRIs. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.

The complete set of KRIs should also balance indicators for risk, root causes and business impact, so as to indicate the risk and its impact completely.



Viewing page 70 of 361

Share your comments for ISACA CRISC exam with other users:

P
pankaj
9/28/2023 4:36:00 AM

it was helpful

Anonymous
U
User123
10/8/2023 9:59:00 AM

good question

UNITED STATES
V
vinay
9/4/2023 10:23:00 AM

really nice

Anonymous
U
Usman
8/28/2023 10:07:00 AM

please i need dumps for isc2 cybersecuity

Anonymous
Q
Q44
7/30/2023 11:50:00 AM

ans is coldline i think

UNITED STATES
A
Anuj
12/21/2023 1:30:00 PM

very helpful

Anonymous
G
Giri
9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more

UNITED STATES
A
Aaron
2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.

SOUTH AFRICA
S
Sarwar
12/21/2023 4:54:00 PM

how i can see exam questions?

CANADA
C
Chengchaone
9/11/2023 10:22:00 AM

can you please upload please?

Anonymous
M
Mouli
9/2/2023 7:02:00 AM

question 75: option c is correct answer

Anonymous
J
JugHead
9/27/2023 2:40:00 PM

please add this exam

Anonymous
S
sushant
6/28/2023 4:38:00 AM

please upoad

EUROPEAN UNION
J
John
8/7/2023 12:09:00 AM

has anyone recently attended safe 6.0 certification? is it the samq question from here.

Anonymous
B
Blessious Phiri
8/14/2023 3:49:00 PM

expository experience

Anonymous
C
concerned citizen
12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.

UNITED STATES
D
deedee
12/23/2023 5:10:00 PM

great help!!!

UNITED STATES
S
Samir
8/1/2023 3:07:00 PM

very useful tools

UNITED STATES
S
Saeed
11/7/2023 3:14:00 AM

looks a good platform to prepare az-104

Anonymous
M
Matiullah
6/24/2023 7:37:00 AM

want to pass the exam

Anonymous
S
SN
9/5/2023 2:25:00 PM

good resource

UNITED STATES
Z
Zoubeyr
9/8/2023 5:56:00 AM

question 11 : d

FRANCE
U
User
8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.

Anonymous
C
CW
7/6/2023 7:37:00 PM

good questions. thanks.

Anonymous
F
Farooqi
11/21/2023 1:37:00 AM

good for practice.

INDIA
I
Isaac
10/28/2023 2:30:00 PM

great case study

UNITED STATES
M
Malviya
2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.

INDIA
R
rsmyth
5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk

IRELAND
K
Keny
6/23/2023 9:00:00 PM

thanks, very relevant

PERU
M
Muhammad Rawish Siddiqui
11/29/2023 12:14:00 PM

wrong answer. it is true not false.

SAUDI ARABIA
J
Josh
7/10/2023 1:54:00 PM

please i need the mo-100 questions

Anonymous
V
VINNY
6/2/2023 11:59:00 AM

very good use full

Anonymous
A
Andy
12/6/2023 5:56:00 AM

very valid questions

Anonymous
M
Mamo
8/12/2023 7:46:00 AM

will these question help me to clear pl-300 exam?

UNITED STATES
AI Tutor 👋 I’m here to help!