• Home
  • Articles
  • [Q232-Q252] Latest ISACA CRISC First Attempt, Exam real Dumps Updated [Dec-2021]

[Q232-Q252] Latest ISACA CRISC First Attempt, Exam real Dumps Updated [Dec-2021]

Share

Latest ISACA CRISC First Attempt, Exam real Dumps Updated [Dec-2021]

Get the superior quality CRISC Dumps Questions from ITPassLeader. Nobody can stop you from getting to your dreams now. Your bright future is just a click away!

NEW QUESTION 232
You are elected as the project manager of GHT project. You are in project initialization phase and are busy in defining requirements for your project. While defining requirements you are describing how users will interact with a system. Which of the following requirements are you defining here?

  • A. is incorrect. Technical requirements and design specifications and coding specifications
    describe how the system will interact, conditions under which the system will operate and the
    information criteria the system should meet.
  • B. Technical requirement
  • C. Functional requirement
  • D. is incorrect. Business requirements contain descriptions of what a system should do.
  • E. Business requirement
  • F. Project requirement
  • G. Explanation:
    While defining requirements, there is need to define three requirements of the project- Business
    requirement, Functional requirement, and
    Technical requirement
    Functional requirements and use case models describe how users will interact with a system.
    Therefore here in this stem you are defining the functional requirement of the project.

Answer: C

Explanation:
is incorrect. Business requirement, Functional requirement, and Technical requirement
come under project requirement. In this stem it is particular defining the functional requirement,
hence this is not the best answer.

 

NEW QUESTION 233
A contract associated with a cloud service provider MUST include:

  • A. provision for source code escrow.
  • B. the providers financial statements.
  • C. ownership of responsibilities.
  • D. a business recovery plan.

Answer: C

 

NEW QUESTION 234
While defining the risk management strategies, what are the major parts to be determined first? Each correct answer represents a part of the solution. Choose two.

  • A. Risk tolerance
  • B. Organizational objectives
  • C. IT architecture complexity
  • D. Risk assessment criteria

Answer: A,B

Explanation:
Section: Volume B
Explanation:
While defining the risk management strategies, risk professional should first identify and analyze the objectives of the organization and the risk tolerance. Once the objectives of enterprise are known, risk professional can detect the possible risks which can occur in accomplishing those objectives. Analyzing the risk tolerance would help in identifying the priorities of risk which is the latter steps in risk management. Hence these two do the basic framework in risk management.
Incorrect Answers:
A: IT architecture complexity is related to the risk assessment and not the risk management, as it does much help in evaluating each significant risk identified.
D: Risk assessment is one of the various phases that occur while managing risks, which uses quantitative and qualitative approach to evaluate risks. Hence risk assessment criteria is only a part of this framework.

 

NEW QUESTION 235
The BEST way to obtain senior management support for investment in a control implementation would be to articulate the reduction in:

  • A. residual risk.
  • B. vulnerabilities.
  • C. detected incidents.
  • D. inherent risk.

Answer: A

 

NEW QUESTION 236
Which of the following is the BEST method for discovering high-impact risk types?

  • A. Delphi technique
  • B. Quantitative risk analysis
  • C. Failure modes and effects analysis
  • D. Qualitative risk analysis

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Failure modes and effects analysis is used in discovering high-impact risk types.
FMEA:
Is one of the tools used within the Six Sigma methodology to design and implement a robust process

to:
- Identify failure modes
- Establish a risk priority so that corrective actions can be put in place to address and reduce the risk
- Helps in identifying and documenting where in the process the source of the failure impacts the (internal or external) customer
- Is used to determine failure modes and assess risk posed by the process and thus, to the enterprise as a whole' Incorrect Answers:
A, D: These two are the methods of analyzing risk, but not specifically for high-impact risk types. Hence is not the best answer.
B: Delphi is a technique to identify potential risk. In this technique, the responses are gathered via a question: and their inputs are organized according to their contents. The collected responses are sent back to these experts for further input, addition, and comments. The final list of risks in the project is prepared after that. The participants in this technique are anonymous and therefore it helps prevent a person from unduly influencing the others in the group. The Delphi technique helps in reaching the consensus quickly.

 

NEW QUESTION 237
An interruption in business productivity is considered as which of the following risks?

  • A. Operational risk
  • B. Strategic risk
  • C. Legal risk
  • D. Explanation:
    Operation risks encompass any potential interruption in business. Operational risks are those risk that are associated with the day-to-day operations of the enterprise. They are generally more detailed as compared to strategic risks. It is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Some sub-categories of operational risks include: Organizational or management related risks Information security risks Production, process, and productivity risks Profitability operational risks Business interruption risks Project activity risks Contract and product liability riss Incidents and crisis Illegal or malicious acts
  • E. Reporting risk

Answer: A

Explanation:
is incorrect. Strategic risks have potential which breaks in obtaining strategic objectives. Since the strategic objective will shape and impact the entire organization, the risk of not meeting that objective can impose a great threat on the organization. Answer:A is incorrect. Reporting risks are those occurrences which prevent accurate and timely reporting. Answer:C is incorrect. Legal risks are dealing with those events which can deteriorate the company's legal status. Legal compliance is the process or procedure to ensure that an organization follows relevant laws, regulations and business rules. The definition of legal compliance, especially in the context of corporate legal departments, has recently been expanded to include understanding and adhering to ethical codes within entire professions, as well. Hence legal and compliance risk has the potential to deteriorate company's legal or regulatory status.

 

NEW QUESTION 238
Which of the following do NOT indirect information?

  • A. The lack of any significant differences between perpetual levels and actual levels of goods.
  • B. Information about the propriety of cutoff
  • C. Reports that provide information about any unusual deviations and individual product margins.
  • D. Reports that show orders that were rejected for credit limitations.

Answer: B

Explanation:
Section: Volume A
Explanation:
Information about the propriety of cutoff is a kind of direct information.
Incorrect Answers:
B: Reports that show orders that were rejected for credit limitations provide indirect information that credit checking aspects of the system are working as intended.
C: Reports that provide information about any unusual deviations and individual product margins (whereby, the price of an item sold is compared to its standard cost) provide indirect information that controls over billing and pricing are operating.
D: The lack of any significant differences between perpetual levels and actual levels provides indirect information that its billing controls are operating.

 

NEW QUESTION 239
You are the risk official of your enterprise. Your enterprise takes important decisions without considering risk credential information and is also unaware of external requirements for risk management and integration with enterprise risk management. In which of the following risk management capability maturity levels does your enterprise exists?

  • A. Level 0
  • B. Level 1
  • C. Level 4
  • D. Level 5

Answer: A

Explanation:
Explanation/Reference:
Explanation:
0 nonexistent: An enterprise's risk management capability maturity level is 0 when:
The enterprise does not recognize the need to consider the risk management or the business impact

from IT risk.
Decisions involving risk lack credible information.

Awareness of external requirements for risk management and integration with enterprise risk

management (ERM) do not exists.
Incorrect Answers:
A, C, D: These all are much higher levels of the risk management capability maturity model and in all these enterprises do take decisions considering the risk credential information. Moreover, in these levels enterprise is aware of external requirements for risk management and integrate with ERM.

 

NEW QUESTION 240
Which of the following should be the MAIN consideration when validating an organization's risk appetite?

  • A. Maturity of the risk culture.
  • B. Comparison against regulations.
  • C. Capacity to withstand loss.
  • D. Cost of risk mitigation options.

Answer: A

Explanation:
Section: Volume D

 

NEW QUESTION 241
Which of the following is the BEST approach for performing a business impact analysis (BIA) of a supply-chain management application?

  • A. Interviewing groups of key stakeholders
  • B. Reviewing the organization's policies and procedures
  • C. Circulating questionnaires to key internal stakeholders
  • D. Accepting IT personnel s view of business issues

Answer: A

 

NEW QUESTION 242
Who should be responsible for implementing and maintaining security controls?

  • A. Data custodian
  • B. Internal auditor
  • C. Data owner
  • D. End user

Answer: C

 

NEW QUESTION 243
Which of the following MUST be assessed before considering risk treatment options for a scenario with significant impact?

  • A. Risk magnitude
  • B. Incident probability
  • C. Cost-benefit analysis
  • D. Risk appetite

Answer: A

 

NEW QUESTION 244
Which of the following statements are true for enterprise's risk management capability maturity level 3?

  • A. Explanation:
    An enterprise's risk management capability maturity level is 3 when:
    Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are
    recognized.
    There is a selected leader for risk management, engaged with the enterprise risk committee,
    across the enterprise.
    The business knows how IT fits in the enterprise risk universe and the risk portfolio view.
    Local tolerances drive the enterprise risk tolerance.
    Risk management activities are being aligned across the enterprise.
    Formal risk categories are identified and described in clear terms.
    Situations and scenarios are included in risk awareness training beyond specific policy and
    structures and promote a common language for communicating risk.
    Defined requirements exist for a centralized inventory of risk issues.
    Workflow tools are used to accelerate risk issues and track decisions.
  • B. Risk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized
  • C. The enterprise formally requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals
  • D. Workflow tools are used to accelerate risk issues and track decisions
  • E. The business knows how IT fits in the enterprise risk universe and the risk portfolio view

Answer: A,B,D,E

Explanation:
is incorrect. Enterprise having risk management capability maturity level 5 requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals.

 

NEW QUESTION 245
You are preparing to complete the quantitative risk analysis process with your project team and several subject matter experts. You gather the necessary inputs including the project's cost management plan. Why is it necessary to include the project's cost management plan in the preparation for the quantitative risk analysis process?

  • A. The project's cost management plan is not an input to the quantitative risk analysis process.
  • B. The project's cost management plan provides direction on how costs may be changed due to identified risks.
  • C. The project's cost management plan can help you to determine what the total cost of the project is allowed to be.
  • D. The project's cost management plan provides control that may help determine the structure for quantitative analysis of the budget.

Answer: D

Explanation:
Section: Volume D
Explanation:
The cost management plan is an input to the quantitative risk analysis process because of the cost management control it provides.
The cost management plan sets how the costs on a project are managed during the project's life cycle. It defines the format and principles by which the project costs are measured, reported, and controlled. The cost management plan identifies the person responsible for managing costs, those who have the authority to approve changes to the project or its budget, and how cost performance is quantitatively calculated and reported upon.
Incorrect Answers:
B: The cost management plan defines the estimating, budgeting, and control of the project's cost.
C: While the cost management plan does define the cost change control system, this is not the best answer for this D: This is not a valid statement. The cost management plan is an input to the quantitative risk analysis process.

 

NEW QUESTION 246
The PRIMARY benefit associated with key risk indicators (KRls) is that they:

  • A. identify trends in the organization's vulnerabilities.
  • B. enable ongoing monitoring of emerging risk.
  • C. benchmark the organization's risk profile.
  • D. help an organization identify emerging threats.

Answer: B

 

NEW QUESTION 247
Which of the following are the principles of access controls?
Each correct answer represents a complete solution. Choose three.

  • A. Confidentiality
  • B. Availability
  • C. Integrity
  • D. Reliability

Answer: A,B,C

Explanation:
Explanation/Reference:
Explanation:
The principles of access controls focus on availability, integrity, and confidentiality, as loss or danger is directly related to these three:
Loss of confidentiality- Someone sees a password or a company's secret formula, this is referred to as

loss of confidentiality.
Loss of integrity- An e-mail message is modified in transit, a virus infects a file, or someone makes

unauthorized changes to a Web site is referred to as loss of integrity.
Loss of availability- An e-mail server is down and no one has e-mail access, or a file server is down so

data files aren't available comes under loss of availability.

 

NEW QUESTION 248
Which of the following is the BEST way to determine whether new controls mitigate security gaps in a business system?

  • A. Complete an offsite business continuity exercise.
  • B. Perform a vulnerability assessment.
  • C. Conduct a compliance check against standards.
  • D. Measure the change in inherent risk.

Answer: C

 

NEW QUESTION 249
Which of the following should be the PRIMARY objective of a risk awareness training program?

  • A. To enable risk-based decision making
  • B. To promote awareness of the risk governance function
  • C. To clarify fundamental risk management principles
  • D. To ensure sufficient resources are available

Answer: A

 

NEW QUESTION 250
A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:

  • A. provide a quantified detailed analysis
  • B. quantify key risk indicators (KRIs)
  • C. recommend risk tolerance thresholds
  • D. map findings to objectives

Answer: D

 

NEW QUESTION 251
You are the project manager of GFT project. Your project involves the use of electrical motor. It was stated in its specification that if its temperature would increase to 500 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. If the machine overheats even once it will delay the project's arrival date. So to prevent this you have decided while creating response that if the temperature of the machine reach 450, the machine will be paused for at least an hour so as to normalize its temperature. This temperature of 450 degrees is referred to as?

  • A. Risk trigger
  • B. Risk event
  • C. Risk identification
  • D. Risk response

Answer: A

Explanation:
Explanation/Reference:
Explanation:
A risk trigger is a warning sign or condition that a risk event is about to happen. Here the warning temperature is 450 degrees Fahrenheit, therefore it is referred as risk trigger.
Incorrect Answers:
A: Risk identification is the process of the identifying the risks. This process identifies the risk events that could affect the project adversely or would act as opportunity.
C: Here risk event is 500-degree temperature, as when machine reaches this temperature it should have to be shut-down for 48 hours, which in turn will laid a great impact on the working of project.
D: Risk response here is shutting off of machine when its temperature reaches 450 degree Fahrenheit, so as to prevent the occurring of risk event.

 

NEW QUESTION 252
......

ISACA Practice Test Engine with CRISC Questions: https://drive.google.com/open?id=16WC9F8UIwXUOTDhL0QUn-E0QsXWzrZ2V

Guaranteed Success with Valid ISACA CRISC Dumps: https://www.itpassleader.com/ISACA/CRISC-dumps-pass-exam.html

 

Related Articles

more
ISACA CRISC Certification Practice Exam
0
0
0
0