Course 2024 CRISC Test Prep Training Practice Exam Download [Q107-Q127]

Share

Course 2024 CRISC Test Prep Training Practice Exam Download

CRISC Exam Info and Free Practice Test Professional Quiz Study Materials


The benefits of obtaining a CRISC certification are numerous. Certified in Risk and Information Systems Control certification demonstrates to employers and clients that you have the necessary skills and knowledge to manage risks related to information technology and information systems. Additionally, CRISC professionals are in high demand and are often paid more than non-certified professionals in the same field. Furthermore, the certification is a globally recognized credential that can open doors to new opportunities and career advancement.

 

NEW QUESTION # 107
Which of the following is the BEST control to minimize the risk associated with scope creep in software development?

  • A. Business managements review of functional requirements
  • B. Segregation between development, test, and production
  • C. An established process for project change management
  • D. Retention of test data and results for review purposes

Answer: C


NEW QUESTION # 108
An organization has used generic risk scenarios to populate its risk register. Which of the following presents the GREATEST challenge to assigning of the associated risk entries?

  • A. The volume of risk scenarios is too large
  • B. Risk scenarios are not applicable
  • C. The risk analysts for each scenario is incomplete
  • D. Risk aggregation has not been completed

Answer: B


NEW QUESTION # 109
Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

  • A. Someone sees company's secret formula
  • B. A virus infects a file
  • C. Someone makes unauthorized changes to a Web site
  • D. An e-mail message is modified in transit

Answer: B,C,D

Explanation:
Section: Volume C
Explanation/Reference:
Explanation:
Loss of integrity refers to the following types of losses:
* An e-mail message is modified in transit A virus infects a file
* Someone makes unauthorized changes to a Web site
Incorrect Answers:
A: Someone sees company's secret formula or password comes under loss of confidentiality.


NEW QUESTION # 110
Which of the following assets are the examples of intangible assets of an enterprise?
Each correct answer represents a complete solution. Choose two.

  • A. Customer trust
  • B. Information
  • C. People
  • D. Infrastructure

Answer: A,B

Explanation:
Assets are the economic resources owned by business or company. Anything tangible or intangible that one possesses, usually considered as applicable to the payment of one's debts, is considered an asset. An asset can also be defined as a resource, process, product, computing infrastructure, and so forth that an organization has determined must be protected. Tangible asset: Tangible are those asset that has physical attributes and can be detected with the senses, e.g., people, infrastructure, and finances. Intangible asset: Intangible are those asset that has no physical attributes and cannot be detected with the senses, e.g., information, reputation and customer trust.


NEW QUESTION # 111
Which of the following can be interpreted from a single data point on a risk heat map?

  • A. Risk tolerance
  • B. Risk magnitude
  • C. Risk response
  • D. Risk appetite

Answer: B


NEW QUESTION # 112
You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?

  • A. Explanation:
    Physical or logical system access should be assigned on a need-to-know basis, where there is a legitimate business requirement based on least privilege and segregation of duties. This is done by user authentication.
  • B. Using a challenge response system
  • C. Providing access on a need-to-know basis
  • D. Monitoring and recording unsuccessful logon attempts
  • E. Forcing periodic password changes

Answer: A,C

Explanation:
is incorrect. Challenge response system is used to verify the user's identification but does not completely address the issue of access risk if access was not appropriately designed in the first place. Answer:B is incorrect. Forcing users to change their passwords does not ensure that access control is appropriately assigned. Answer:A is incorrect. Monitoring and recording unsuccessful logon attempts does not address the risk of appropriate access rights. In other words, it does not prevent unauthorized access.


NEW QUESTION # 113
Establishing an organizational code of conduct is an example of which type of control?

  • A. Directive
  • B. Compensating
  • C. Detective
  • D. Preventive

Answer: A

Explanation:
Section: Volume D


NEW QUESTION # 114
When defining thresholds for control key performance indicators (KPIs). it is MOST helpful to align:

  • A. information risk assessments with enterprise risk assessments.
  • B. control performance with risk tolerance of business owners.
  • C. key risk indicators (KRIs) with risk appetite of the business.
  • D. the control key performance indicators (KPIs) with audit findings.

Answer: C


NEW QUESTION # 115
Which of the following is a risk practitioner's BEST course of action upon learning that a control under internal review may no longer be necessary?

  • A. Update the status of the control as obsolete.
  • B. Consult the internal auditor for a second opinion.
  • C. Obtain approval to retire the control.
  • D. Verify the effectiveness of the original mitigation plan.

Answer: A


NEW QUESTION # 116
You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

  • A. Risk register
  • B. Stakeholder management strategy
  • C. Risk management plan
  • D. Lessons learned documentation

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Risks and the corresponding responses are documented in the risk register for the project. Risk register is a document that contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. Description, category, cause, probability of occurring, impact on objectives, proposed responses, owner, and the current status of all identified risks are put in the risk register.
Incorrect Answers:
A: The stakeholder management strategy defines how stakeholders and their threats, perceived threats, opinions, and influence over the project objectives will be addressed and managed.
B: The outcome of risk events and the corresponding risk responses may be documented in the project's lessons learned documented, but the best answer is to document the risk responses as part of the risk register.
D: The risk management plan defines how risks will be identified and analyzed, the available responses, and the monitoring and controlling of the risk events. The actual risk responses are included in the risk register.


NEW QUESTION # 117
You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

  • A. All risks must have a valid, documented risk response.
  • B. These risks can be added to a low priority risk watch list.
  • C. These risks can be dismissed.
  • D. These risks can be accepted.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Low-impact, low-probability risks can be added to the low priority risk watch list.
Incorrect Answers:
A: These risks are not dismissed; they are still documented on the low priority risk watch list.
B: While these risks may be accepted, they should be documented on the low priority risk watch list. This list will be periodically reviewed and the status of the risks may change.
D: Not every risk demands a risk response, so this choice is incorrect.


NEW QUESTION # 118
You are the project manager of GFT project. Your project involves the use of electrical motor. It was stated in its specification that if its temperature would increase to 500 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. If the machine overheats even once it will delay the project's arrival date. So to prevent this you have decided while creating response that if the temperature of the machine reach 450, the machine will be paused for at least an hour so as to normalize its temperature. This temperature of 450 degrees is referred to as?

  • A. Risk event
  • B. Risk response
  • C. Risk trigger
  • D. Risk identification

Answer: C

Explanation:
Explanation/Reference:
Explanation:
A risk trigger is a warning sign or condition that a risk event is about to happen. Here the warning temperature is 450 degrees Fahrenheit, therefore it is referred as risk trigger.
Incorrect Answers:
A: Risk identification is the process of the identifying the risks. This process identifies the risk events that could affect the project adversely or would act as opportunity.
C: Here risk event is 500-degree temperature, as when machine reaches this temperature it should have to be shut-down for 48 hours, which in turn will laid a great impact on the working of project.
D: Risk response here is shutting off of machine when its temperature reaches 450 degree Fahrenheit, so as to prevent the occurring of risk event.


NEW QUESTION # 119
Winch of the following key control indicators (KCIs) BEST indicates whether security requirements are identified and managed throughout a project He cycle?

  • A. Number of employees completing project-specific security training
  • B. Number of security-related status reports submitted by project managers
  • C. Number of projects going live without a security review
  • D. Number of security projects started in core departments

Answer: B


NEW QUESTION # 120
After migrating a key financial system to a new provider, it was discovered that a developer could gain access to the production environment. Which of the following is the BEST way to mitigate the risk in this situation?

  • A. Escalate the issue to the service provider.
  • B. Re-certify the application access controls.
  • C. Remove the developer's access.
  • D. Review the results of pre-migration testing.

Answer: B


NEW QUESTION # 121
Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

  • A. Business process owner
  • B. Chief information officer (CIO)
  • C. Business management
  • D. Chief risk officer (CRO)

Answer: D

Explanation:
Section: Volume A
Explanation:
Business management is the business individuals with roles relating to managing a program. They are typically accountable for analyzing risks, maintaining risk profile, and risk-aware decisions. Other than this, they are also responsible for managing risks, react to events, etc.
Incorrect Answers:
B: Business process owner is an individual responsible for identifying process requirements, approving process design and managing process performance. He/she is responsible for analyzing risks, maintaining risk profile, and risk-aware decisions but is not accounted for them.
C: CIO is the most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources. CIO has some responsibility analyzing risks, maintaining risk profile, and risk-aware decisions but is not accounted for them.


NEW QUESTION # 122
You are the project manager of the NNN Project. Stakeholders in the two-year project have requested to send status reports to them via. email every week. You have agreed and send reports every Thursday. After six months of the project, the stakeholders are pleased with the project progress and they would like you to reduce the status reports to every two weeks. What process will examine the change to this project process and implement it in the project?

  • A. Project change control process
  • B. Communications management
  • C. Configuration management
  • D. Perform integrated change control process
  • E. Explanation:
    Although this appears to be a simple change the project manager must still follow the rules of the project's change control system. Integrated change control is a way to manage the changes incurred during a project. It is a method that manages reviewing the suggestions for changes and utilizing the tools and techniques to evaluate whether the change should be approved or rejected. Integrated change control is a primary component of the project's change control system that examines the affect of a proposed change on the entire project.

Answer: D

Explanation:
is incorrect. Communications management is the execution of the communications management plan. Answer:D is incorrect. The project change control process not valid as it's the parent of the integrated change control process, which is more accurate for this option A is incorrect. Configuration management is the documentation and control of the product's features and functions.


NEW QUESTION # 123
An unauthorized individual has socially engineered entry into an organization's secured physical premises.
Which of the following is the BEST way to prevent future occurrences?

  • A. Conduct security awareness training.
  • B. Require security access badges.
  • C. Install security cameras.
  • D. Employ security guards.

Answer: A


NEW QUESTION # 124
You are the project manager of GHT project. You and your team have developed risk responses for those risks with the highest threat to or best opportunity for the project objectives. What are the immediate steps you should follow, after planning for risk response process? Each correct answer represents a complete solution.
Choose three.

  • A. Prepare Risk-related contracts
  • B. Updating Risk register
  • C. Applying controls
  • D. Updating Project management plan and Project document

Answer: A,B,D

Explanation:
Section: Volume C
Explanation:
The risk register is updated at the end of the plan risk response process with the information that was discovered during the process. The response plans are recorded in the risk register.
Project management plan consisting of WBS, schedule baseline and cost performance baseline should be updated. After planning risk response process, there may be requirement of updating project documents like technical documentation and assumptions, documented in the project scope statement.
If risk response strategies include responses such as transference or sharing, it may be necessary to purchase services or items from third parties. Contracts for those services can be prepared and discussed with the appropriate parties.
Incorrect Answers:
B: Controls are implemented in the latter stage of risk response process. It is not immediate task after the planning of risk response process, as updating of several documents is done first.
The purpose of the Plan Risk Responses process is to develop risk responses for those risks with the highest threat to or best opportunity for the project objectives. The Plan Risk Responses process has four outputs:
* Risk register updates
* Risk-related contract decisions
* Project management plan updates
* Project document updates


NEW QUESTION # 125
Which of the following statements is NOT true regarding the risk management plan?

  • A. The risk management plan includes thresholds, scoring and interpretation methods, responsible parties, and budgets.
  • B. The risk management plan includes a description of the risk responses and triggers.
  • C. Explanation:
    The risk management plan details how risk management processes will be implemented, monitored, and controlled throughout the life of the project. The risk management plan does not include responses to risks or triggers. Responses to risks are documented in the risk register as part of the Plan Risk Responses process.
  • D. The risk management plan is an output of the Plan Risk Management process.
  • E. The risk management plan is an input to all the remaining risk-planning processes.

Answer: B

Explanation:
D, and B are incorrect. These all statements are true for risk management plan. The risk management plan details how risk management processes will be implemented, monitored, and controlled throughout the life of the project. It includes thresholds, scoring and interpretation methods, responsible parties, and budgets. It also act as input to all the remaining risk-planning processes.


NEW QUESTION # 126
You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve this goal of improving the project's performance through risk analysis with your project stakeholders?

  • A. Focus on the high-priority risks through qualitative risk analysis
  • B. Use qualitative risk analysis to quickly assess the probability and impact of risk events
  • C. Involve the stakeholders for risk identification only in the phases where the project directly affects them
  • D. Involve subject matter experts in the risk analysis activities

Answer: A

Explanation:
Section: Volume A
Explanation:
By focusing on the high-priority of risk events through qualitative risk analysis you can improve the project's performance.
Qualitative analysis is the definition of risk factors in terms of high/medium/low or a numeric scale (1 to 10).
Hence it determines the nature of risk on a relative scale.
Some of the qualitative methods of risk analysis are:
* Scenario analysis- This is a forward-looking process that can reflect risk for a given point in time.
* Risk Control Self -assessment (RCSA) - RCSA is used by enterprises (like banks) for the identification and evaluation of operational risk exposure. It is a logical first step and assumes that business owners and managers are closest to the issues and have the most expertise as to the source of the risk. RCSA is a constructive process in compelling business owners to contemplate, and then explain, the issues at hand with the added benefit of increasing their accountability.
Incorrect Answers:
A: Subject matter experts can help the qualitative risk assessment, but by focusing on high-priority risks the project's performance can improve by addressing these risk events.
B: Stakeholders should be involved throughout the project as situations within the project demand their input to risk identification and analysis.
C: Qualitative analysis does use a fast approach of analyzing project risks, but it's not the best answer for this


NEW QUESTION # 127
......


The CRISC certification exam is ideal for individuals who are responsible for managing IT risks in their organizations, including IT and security professionals, risk management professionals, compliance professionals, and auditors. Certified in Risk and Information Systems Control certification validates the candidate's knowledge and expertise in the areas of IT risk management, including the ability to identify, assess, and evaluate IT risks, develop and implement risk management strategies, and monitor and report on the effectiveness of risk management processes. The CRISC certification is highly respected in the industry and demonstrates a candidate's commitment to professional development and excellence in the field of IT risk management.

 

Get 100% Authentic ISACA CRISC Dumps with Correct Answers: https://www.itexamdownload.com/CRISC-valid-questions.html

Accurate Hot Selling CRISC Exam Dumps 2024 Newly Released: https://drive.google.com/open?id=1jwS6kFN_gLczSx6gyoNVgMDO4SCxAULU