Fully Updated Do not hesitate to choose Flydumps Isaca CRISC VCE Exam Dumps, all are updated timely by SAP expert professionals.Visit the site Flydumps.com to get the free Isaca https://www.pass4itsure.com/crisc.html pdf dumps and free vce player.
Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?
A. In order to avoid risk
B. Complex metrics require fine-tuning
C. Risk reports need to be timely
D. Threats and vulnerabilities change over time
Correct Answer: D
You are the project manager of a HGT project that has recently finished the final compilation process. The project customer has signed off on the project completion and you have to do few administrative closure activities. In the project, there were several large risks that could have wrecked the project but you and your project team found some new methods to resolve the risks without affecting the project costs or project completion date. What should you do with the risk responses that you have identified during the project’s monitoring and controlling process?
A. Include the responses in the project management plan.
B. Include the risk responses in the risk management plan.
C. Include the risk responses in the organization’s lessons learned database.
D. Nothing. The risk responses are included in the project’s risk register already.
Correct Answer: C
You are the project manager of GHT project. You have identified a risk event on your project that could save $100,000 in project costs if it occurs. Which of the following statements BEST describes this risk event?
A. This risk event should be mitigated to take advantage of the savings.
B. This is a risk event that should be accepted because the rewards outweigh the threat to the project.
C. This risk event should be avoided to take full advantage of the potential savings.
D. This risk event is an opportunity to the project and should be exploited.
Correct Answer: D
You are the project manager of a large construction project. This project will last for 18 months and will cost $750,000 to complete. You are working with your project team, experts, and stakeholders to identify risks within the project before the project work begins. Management wants to know why you have scheduled so many risk identification meetings throughout the project rather than just initially during the project planning. What is the best reason for the duplicate risk identification sessions?
A. The iterative meetings allow all stakeholders to participate in the risk identification processes throughout the project phases.
B. The iterative meetings allow the project manager to discuss the risk events which have passed the project and which did not happen.
C. The iterative meetings allow the project manager and the risk identification participants to identify newly discovered risk events throughout the project.
D. The iterative meetings allow the project manager to communicate pending risks events during project execution.
Correct Answer: C
You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk Priority Number (RPN) you would give to it?
Correct Answer: A QUESTION 6
Which of the following is the MOST important use of KRIs?
A. Providing a backward-looking view on risk events that have occurred
B. Providing an early warning signal
C. Providing an indication of the enterprise’s risk appetite and tolerance
D. Enabling the documentation and analysis of trends
Correct Answer: B QUESTION 7
Which of the following role carriers will decide the Key Risk Indicator of the enterprise? Each correct answer represents a part of the solution. Choose two.
A. Business leaders
B. Senior management
C. Human resource
D. Chief financial officer
Correct Answer: AB QUESTION 8
What are the requirements for creating risk scenarios? Each correct answer represents a part of the solution. Choose three.
A. Determination of cause and effect
B. Determination of the value of business process at risk
C. Potential threats and vulnerabilities that could cause loss
D. Determination of the value of an asset
Correct Answer: BCD QUESTION 9
You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
A. Resource Management Plan
B. Risk Management Plan
C. Stakeholder management strategy
D. Communications Management Plan
Correct Answer: D QUESTION 10
Which of the following controls is an example of non-technical controls?
A. Access control
B. Physical security
C. Intrusion detection system
Correct Answer: B QUESTION 11
You are the project manager of GHT project. Your project team is in the process of identifying project risks on your current project. The team has the option to use all of the following tools and techniques to diagram some of these potential risks EXCEPT for which one?
A. Process flowchart
B. Ishikawa diagram
C. Influence diagram
D. Decision tree diagram
Correct Answer: D QUESTION 12
Which of the following BEST describes the utility of a risk?
A. The finance incentive behind the risk
B. The potential opportunity of the risk
C. The mechanics of how a risk works
D. The usefulness of the risk to individuals or groups
Correct Answer: D QUESTION 13
Which of the following aspect of monitoring tool ensures that the monitoring tool has the ability to keep up with the growth of an enterprise?
D. Impact on performance
Correct Answer: A QUESTION 14
You are the project manager in your enterprise. You have identified risk that is noticeable failure threatening the success of certain goals of your enterprise. In which of the following levels do this identified risk exists?
A. Moderate risk
B. High risk
C. Extremely high risk
D. Low risk
Correct Answer: A QUESTION 15
Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes. What is the primary advantage to group risks by common causes during qualitative risk analysis?
A. It helps the project team realize the areas of the project most laden with risks.
B. It assist in developing effective risk responses.
C. It saves time by collecting the related resources, such as project team members, to analyze the risk events.
D. It can lead to the creation of risk categories unique to each project.
Correct Answer: B QUESTION 16
Which of the following processes is described in the statement below? “It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions.”
A. Risk governance
B. Risk identification
C. Risk response planning
D. Risk communication
Correct Answer: D QUESTION 17
You are an experienced Project Manager that has been entrusted with a project to develop a machine which produces auto components. You have scheduled meetings with the project team and the key stakeholders to identify the risks for your project. Which of the following is a key output of this process?
A. Risk Register
B. Risk Management Plan
C. Risk Breakdown Structure
D. Risk Categories
Correct Answer: A QUESTION 18
Which of the following components of risk scenarios has the potential to generate internal or external threat on an enterprise?
A. Timing dimension
Correct Answer: D QUESTION 19
You are the project manager of GHT project. You have planned the risk response process and now you are about to implement various controls. What you should do before relying on any of the controls?
A. Review performance data
B. Discover risk exposure
C. Conduct pilot testing
D. Articulate risk
Correct Answer: AC QUESTION 20
Which of the following is NOT true for risk management capability maturity level 1?
A. There is an understanding that risk is important and needs to be managed, but it is viewed asa technical issue and the business primarily considers the downside of IT risk
B. Decisions involving risk lack credible information
C. Risk appetite and tolerance are applied only during episodic risk assessments
D. Risk management skills exist on an ad hoc basis, but are not actively developed
Correct Answer: B QUESTION 21
An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.
A. Information security managers
B. Internal auditors
C. Incident response team members
D. Business managers
Correct Answer: D QUESTION 22
Which of the following is a technique that provides a systematic description of the combination of unwanted occurrences in a system?
A. Sensitivity analysis
B. Scenario analysis
C. Fault tree analysis
D. Cause and effect analysis
Correct Answer: C QUESTION 23
What is the process for selecting and implementing measures to impact risk called?
A. Risk Treatment
C. Risk Assessment
D. Risk Management
Correct Answer: A QUESTION 24
Which section of the Sarbanes-Oxley Act specifies “Periodic financial reports must be certified by CEO and CFO”?
A. Section 302
B. Section 404
C. Section 203
D. Section 409
Correct Answer: A QUESTION 25
What is the PRIMARY need for effectively assessing controls?
A. Control’s alignment with operating environment
B. Control’s design effectiveness
C. Control’s objective achievement
D. Control’s operating effectiveness Correct Answer: C
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders’ approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?
A. Human resource needs
B. Quality control concerns
Correct Answer: D
David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?
Correct Answer: B
Which of the following is the MOST important objective of the information system control?
A. Business objectives are achieved and undesired risk events are detected and corrected
B. Ensuring effective and efficient operations
C. Developing business continuity and disaster recovery plans
D. Safeguarding assets
Correct Answer: A
Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?
A. Business Continuity Strategy
B. Index of Disaster-Relevant Information
C. Disaster Invocation Guideline
D. Availability/ ITSCM/ Security Testing Schedule
Correct Answer: A
For which of the following risk management capability maturity levels do the statement given below is true? “Real-time monitoring of risk events and control exceptions exists, as does automation of policy management”
A. Level 3
B. Level 0
C. Level 5
D. Level 2
Correct Answer: C
Each Answers in Isaca https://www.pass4itsure.com/crisc.html study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.com.