Taking good thing about the Isaca practice exam simply by Testking Isaca Isaca, you can throw apart the long Isaca CRISC books. The Testking web site provides Isaca Isaca CRISC preparation resources which ensure full accomplishment. You will pass the actual real CRISC exam with no any difficulty after you have participated the actual Testking Isaca CRISC online instruction. Getting the actual Isaca Isaca certification by on your own is very challenging. However, the actual Testking Isaca CRISC on-line practice tests have assisted many candidates to pass the Isaca Isaca CRISC true examination effortlessly. So, its a clever choice for you to consider the Testking Isaca Isaca CRISC simulation instruction. All the essential points regarding Isaca questions and answers will likely be within your current grasp simply by using the Isaca Isaca CRISC practice questions.
2021 Dec CRISC real exam
Q71. - (Topic 2)
You are the project manager of GHT project. You have initiated the project and conducted the feasibility study. What result would you get after conducting feasibility study?
Each correct answer represents a complete solution. Choose all that apply.
A. Recommend alternatives and course of action
B. Risk response plan
C. Project management plan
D. Results of criteria analyzed, like costs, benefits, risk, resources required and organizational impact
The completed feasibility study results should include a cost/benefit analysis report that: Provides the results of criteria analyzed (e.g., costs, benefits, risk, resources required and organizational impact)
Recommends one of the alternatives and a course of action
Answer: C and B are incorrect. Project management plan and risk response plan are the results of plan project management and plan risk response, respectively. They are not the result of feasibility study.
Q72. - (Topic 4)
You work as a project manager for BlueWell Inc. You are preparing for the risk identification process. You will need to involve several of the project's key stakeholders to help you identify and communicate the identified risk events. You will also need several documents to help you and the stakeholders identify the risk events. Which one of the following is NOT a document that will help you identify and communicate risks within the project?
A. Stakeholder registers
B. Activity duration estimates
C. Activity cost estimates
D. Risk register
Risk register is not an input to risk identification, but it is an output of risk identification.
Answer:C, B, and A are incorrect. These are an input to risk identification.
Identify Risks is the process of determining which risks may affect the project. It also documents risks' characteristics. The Identify Risks process is part of the Project RiskManagement knowledge area. As new risks may evolve or become known as the project progresses through its life cycle, Identify Risks is an iterative process. The process should involve the project team so that they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Risk Register is the only output of this process.
Q73. - (Topic 1)
Which of the following is the MOST important use of KRIs?
A. Providing a backward-looking view on risk events that have occurred
B. Providing an early warning signal
C. Providing an indication of the enterprise's risk appetite and tolerance
D. Enabling the documentation and analysis of trends
Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.
As KRIs are the indicators of risk, hence its most important function is to effectively give an early warning signal that a high risk is emerging to enable management to take proactive
action before the risk actually becomes a loss.
Answer: D is incorrect. This is not as important as giving early warning.
Answer: A is incorrect. This is one of the important functions of KRIs which can help management to improve but is not as important as giving early warning.
Answer: C is incorrect. KRIs provide an indication of the enterprise's risk appetite and tolerance through metric setting, but this is not as important as giving early warning.
Q74. - (Topic 3)
Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes?
A. Qualitative Risk Analysis
B. Plan Risk Management
C. Identify Risks
D. Quantitative Risk Analysis
The purpose of qualitative risk analysis is to determine what impact the identified risk events will have on the project and the probability they'll occur. It also puts risks in priority order according to their effects on the project objectives and assigns a risk score for the project.
Answer:D is incorrect. This process does not involve assessing the probability and consequences of identified risks.
Quantitative analysis is the use of numerical and statistical techniques rather than the analysis of verbal material for analyzing risks. Some of the quantitative methods of risk analysis are:
Internal loss method External data analysis
Business process modeling (BPM) and simulation Statistical process control (SPC)
Answer:C is incorrect. It involves listing of all the possible risks so as to cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry
some level of risk with them.
Answer:B is incorrect. Risk Management is used to identify, assess, and control risks. It includes analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats.
Assessing the probability and consequences of identified risks is only the part of risk management.
Q75. - (Topic 4)
You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a server. For this assessment you need to calculate monetary value of the server. On which of the following bases do you calculate monetary value?
A. Cost to obtain replacement
B. Original cost to acquire
C. Annual loss expectancy
D. Cost of software stored
The monetary value of the server should be based on the cost of its replacement. However, the financial impact to the enterprise may be much broader, based on the function that the server performs for the business and the value it brings to the enterprise.
Answer:C, D, and B are incorrect. Cost of software is not been counted because it can be restored from the back-up media. On the other hand' Ale for all risk related to the server does not represent the server's value. Lastly, the original cost may be significantly different from the current cost and, therefore, not relevant to this.
Leading CRISC test preparation:
Q76. - (Topic 2)
You are working as a project manager in Bluewell Inc.. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
A. Qualitative risk analysis
B. Risk audits
C. Quantitative risk analysis
D. Requested changes
Of all the choices given, only requested changes is an output of the monitor and control risks process. You might also have risk register updates, recommended corrective and preventive actions, organizational process assets, and updates to the project management plan.
Answer: A and C are incorrect. These are the plan risk management processes.
Answer: B is incorrect. Risk audit is a risk monitoring and control technique.
Q77. - (Topic 3)
While considering entity-based risks, which dimension of the COSO ERM framework is being referred?
A. Organizational levels
B. Risk components
C. Strategic objectives
D. Risk objectives
The organizational levels of the COSO ERM framework describe the subsidiary, business unit, division, and entity-levels of aspects of risk solutions.
Answer:C is incorrect. Strategic objectives includes strategic, operational, reporting, and compliance risks; and not entity-based risks.
Answer:B is incorrect. Risk components includes Internal Environment, Objectives settings, Event identification, Risk assessment,Risk response, Control activities, Information and communication, and monitoring.
Answer:D is incorrect. This is not valid answer.
Q78. - (Topic 1)
What are the responsibilities of the CRO?
Each correct answer represents a complete solution. Choose three.
A. Managing the risk assessment process
B. Implement corrective actions
C. Advising Board of Directors
D. Managing the supporting risk management function
Chief Risk Officer is the executive-level manager in an organization. They provide corporate, guidance, governance, and oversight over the enterprise's risk management activities. The main priority for the CRO is to ensure that the organization is in full compliance with applicable regulations. They may also deal with areas regarding insurance, internal auditing, corporate investigations, fraud, and information security. CRO's responsibilities include:
Managing the risk assessment process Implementation of corrective actions Communicate risk management issues Supporting the risk management functions
Q79. - (Topic 2)
You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?
A. Transaction data
B. Process integrity
C. Configuration settings
D. System changes
Monitoring tools that focuses on transaction data generally correlate information from one system to another, such as employee data from the human resources (HR) system with spending information from the expense system or the payroll system.
Answer: B is incorrect. Process integrity is confirmed within the system, it dose not need monitoring.
Answer: D is incorrect. System changes are compared from a previous state to the current state, it dose not correlate information from multiple sources.
Answer: C is incorrect. Configuration settings are generally compared against predefined values and not based on the correlation between multiple souces.
Q80. - (Topic 2)
Which of the following is true for risk evaluation?
A. Risk evaluation is done only when there is significant change.
B. Risk evaluation is done once a year for every business processes.
C. Risk evaluation is done annually or when there is significant change.
D. Risk evaluation is done every four to six months for critical business processes.
Due to the reason that risk is constantly changing, it is being evaluated annually or when there is significant change. This gives best alternative as it takes into consideration a reasonable time frame of one year, and meanwhile it also addresses significant changes (if any).
Answer: A is incorrect. Evaluating risk only when there is significant changes do not take into consideration the effect of time. As the risk is changing constantly, small changes do occur with time that would affect the overall risk. Hence risk evaluation should be done annually too.
Answer: D is incorrect. Risk evaluation need not to be done every four to six months for critical processes, as it does not addresses important changes in timely manner.
Answer: B is incorrect. Evaluating risk once a year is not sufficient in the case when some significant change takes place. This significant change should be taken into account as it affects the overall risk.
see more CRISC dumps