Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?
Answer(s): B
The configuration management system ensures that proposed changes to the project's scope are reviewed and evaluated for their affect on the project's product.Configure management process is important in achieving business objectives. Ensuring the integrity of hardware and software configurations requires the establishment and maintenance of an accurate and complete configuration repository. This process includes collecting initial configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository as needed. Effective configuration management facilitates greater system availability minimizes production issues and resolves issues more quickly. Incorrect Answers:A: The cost change control system is responsible for reviewing and controlling changes to the project costs.C: The scope change control system focuses on reviewing the actual changes to the project scope. When a change to the project's scope is proposed, the configuration management system is also invoked.D: Integrated change control examines the affect of a proposed change on the project as a whole.
What are the key control activities to be done to ensure business alignment? Each correct answer represents a part of the solution. Choose two.
Answer(s): A,C
Business alignment require following control activities:Defining the business requirements for the management of data by IT.Periodically identifying critical data that affect business operations, in alignment with the risk management model and IT service as well as the business continuity plan.Incorrect Answers:B: Conducting IT continuity tests on a regular basis or when there are major changes in the IT infrastructure is done for testing IT continuity plan. It does not ensure alignment with business.D: This is not a valid answer.
Which of the following statements is true for risk analysis?
Answer(s): D
A risk analysis deals with the potential size and likelihood of loss. A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of:Threats to various processes of organization. Threats to physical and information assets. Likelihood and frequency of occurrence from threat. Impact on assets from threat and vulnerability. Risk analysis allows the auditor to do the following tasks :Identify threats and vulnerabilities to the enterprise and its information system. Provide information for evaluation of controls in audit planning.Aids in determining audit objectives. Supporting decision based on risks.Incorrect Answers:A: Assuming equal degree of protection would only be rational in the rare event that all the assets are similar in sensitivity and criticality. Hence this is not practiced in risk analysis.B: Since the likelihood determines the size of the loss, hence both elements must be considered in the calculation.C: A risk analysis would not normally consider the benchmark of similar companies as providing relevant information other than for comparison purposes.
You are working in Bluewell Inc. which make advertisement Websites. Someone had made unauthorized changes to your Website. Which of the following terms refers to this type of loss?
Loss of integrity refers to the following types of losses: An e-mail message is modified in transitA virus infects a fileSomeone makes unauthorized changes to a Web siteIncorrect Answers:A: Someone sees a password or a company's secret formula, this is referred to as loss of confidentiality.C: An e-mail server is down and no one has e-mail access, or a file server is down so data files aren't available comes under loss of availability.D: This refers to the events which would eventually cause loss of revenue.
Which of the following is NOT true for Key Risk Indicators?
They are monitored on regular basis as they indicate high probability and high impact risks. As risks change over time, hence KRIs should also be monitored regularly for its effectiveness on these changing risks.Incorrect Answers:A, B, C: These all are true for KRIs. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.The complete set of KRIs should also balance indicators for risk, root causes and business impact, so as to indicate the risk and its impact completely.
Share your comments for ISACA CRISC exam with other users:
these questions look good.
this is very helpful content
please provide the dumps
it is amazing
quesion 178 about "a banking system that predicts whether a loan will be repaid is an example of the" the answer is classification. not regresion, you should fix it.
please upload apache spark dumps
q14 is b&c to reduce you will switch off mail for every single alert and you will switch on daily digest to get a mail once per day, you might even skip the empty digest mail but i see this as a part of the daily digest adjustment
i think it is good question
good for students who wish to give certification.
is there a google drive link to the images? the links in questions are not working.
very promising, looks great, so much wow!
i scored 87% on the az-204 exam. thanks! i always trust
good need more
sample questions seems good
huawei is ok
good one nice
please continue
this exam dumps just did the job. i donot want to ruffle your feathers but your exam dumps and mock test engine is amazing.
nice questions
the explanation are really helpful
just passed my exam yesterday on my first attempt. these dumps were extremely helpful in passing first time. the questions were very, very similar to these questions!
cosmos db is paas not saas
what is the percentage of common questions in gcp exam compared to 197 dump questions? are they 100% matching with real gcp exam?
not able to see questions
by far one of the best sites for free questions. i have pass 2 exams with the help of this website.
excellent question bank.
it really helped
excelent material
the new versoin of this exam which i downloaded has all the latest questions from the exam. i only saw 3 new questions in the exam which was not in this dump.
question 8 - can cloudtrail be used for storing jobs? based on aws - aws cloudtrail is used for governance, compliance and investigating api usage across all of our aws accounts. every action that is taken by a user or script is an api call so this is logged to [aws] cloudtrail. something seems incorrect here.
question 13 tda - c01 answer : quick table calculation -> percentage of total , compute using table down
pls share teh dump
question 44 answer is user risk
please post the questions for preparation