Finding Abreast of the times CRISC questions pool

Want to know Examcollection CRISC Exam practice test features? Want to lear more about Isaca Certified in Risk and Information Systems Control certification experience? Study Precise Isaca CRISC answers to Update CRISC questions at Examcollection. Gat a success with an absolute guarantee to pass Isaca CRISC (Certified in Risk and Information Systems Control) test on your first attempt.

2017 Jan CRISC exam cost

Q141.  - (Topic 3)

You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming year. Management has asked you to identify the risk events and communicate the event's probability and impact as early as possible in the project. Management wants to avoid risk events and needs to analyze the cost-benefits of each risk event in this project. What term is assigned to the low-level of stakeholder tolerance in this project?

A. Mitigation-ready project management

B. Risk avoidance

C. Risk utility function

D. Risk-reward mentality

Answer: C

Explanation:

Risk utility function is assigned to the low-level of stakeholder tolerance in this project.

The risk utility function describes a person's or organization's willingness to accept risk. It is synonymous with stakeholder tolerance to risk.

Risk utility function facilitates the selection and acceptance of risk and provides opportunity to merge the approach with setting thresholds

of risk acceptability and using utility-risk ratios if necessary.

Answer:B is incorrect. Risk avoidance is a risk response to avoid negative risk events. 

Answer:A is incorrect. This is not a valid project management and risk management term. 

Answer:D is incorrect. Risk-reward describes the balance between accepting risks and the expected reward for the risk event. Risk-reward mentality is not a valid project management term.


Q142.  - (Topic 3)

You are the project manager for Bluewell Inc. You are studying the documentation of project plan. The documentation states that there are twenty-five stakeholders with the project. What will be the number of communication channel s for the project?

A. 20

B. 100

C. 50

D. 300

Answer: D

Explanation:

Communication channels are paths of communication with stakeholders in a project. The number of communication channels shows the complexity of a project's communication and can be derived through the formula shown below:

Total Number of Communication Channels = n (n-1)/2

Where n is the number of stakeholders. Hence, a project having five stakeholders will have ten communication channels. Putting the value of the number of stakeholders in the formula will provide the number of communication channels.

Hence,

Number of communication channel = (n (n-1)) / 2

= (25 (25-1)) / 2

= (25 x 24) / 2

= 600 / 2

= 300

Answer:A, C, and B are incorrect.

These are not valid number of communication channels for the given scenario.


Q143.  - (Topic 1)

Out of several risk responses, which of the following risk responses is used for negative risk events?

A. Share

B. Enhance

C. Exploit

D. Accept

Answer: D

Explanation:

Among the given choices only Acceptance response is used for negative risk events. Risk acceptance means that no action is taken relative to a particular risk; loss is accepted if it occurs. If an enterprise adopts a risk acceptance, it should carefully consider who can accept the risk. Risk should be accepted only by senior management in relationship with senior management and the board. There are two alternatives to the acceptance strategy, passive and active.

Passive acceptance means that enterprise has made no plan to avoid or mitigate the risk but willing to accept the consequences of the risk.

Active acceptance is the second strategy and might include developing contingency plans and reserves to deal with risks.

Answer: C, A, and B are incorrect. These all are used to deal with opportunities or positive risks, and not with negative risks.


Q144.  - (Topic 3)

Which of the following will significantly affect the standard information security governance model?

A. Currency with changing legislative requirements

B. Number of employees

C. Complexity of the organizational structure

D.  Cultural differences between physical locations

Answer: C

Explanation:

Complexity of the organizational structure will have the most significant impact on the Information security governance model. Some of the elements that impact organizational structure are multiple business units and functions across the organization.

Answer:A is incorrect. Currency with changing legislative requirements should not have major impact once good governance models are placed, hence, governance will help in effective management of the organization's ongoing compliance.

Answer:B and D are incorrect. The numbers of employees and the distance between physical locations have less impact on

Information security models as well-defined process, technology and people components together provide the proper governance.


Q145.  - (Topic 1)

Which of the following is described by the definition given below? "It is the expected guaranteed value of taking a risk."

A. Certainty equivalent value

B. Risk premium

C. Risk value guarantee

D. Certain value assurance

Answer: A

Explanation:

The Certainty equivalent value is the expected guaranteed value of taking a risk. It is derived by the uncertainty of the situation and the potential value of the situation's outcome.

Answer: B is incorrect. The risk premium is the difference between the larger expected value of the risk and the smaller certainty equivalent value.

Answer: and are incorrect. These are not valid answers.


Update CRISC test questions:

Q146.  - (Topic 1)

Which of the following is the MOST effective inhibitor of relevant and efficient communication?

A. A false sense of confidence at the top on the degree of actual exposure related to IT and lack

of a well-understood direction for risk management from the top down

B. The perception that the enterprise is trying to cover up known risk from stakeholders

C. Existence of a blame culture

D. Misalignment between real risk appetite and translation into policies

Answer: C

Explanation:

Blame culture should be avoided. It is the most effective inhibitor of relevant and efficient communication. In a blame culture, business units tend to point the finger at IT when projects are not delivered on time or do not meet expectations. In doing so, they fail to realize how the business unit's involvement up front affects project success. In extreme cases, the business unit may assign blame for a failure to meet the expectations that the unit never clearlycommunicated. Executive leadership must identify and quickly control a blame culture if collaboration is to be fostered throughout the enterprise.

Answer: A is incorrect. This is the consequence of poor risk communication, not the inhibitor of effective communication.

Answer: D is incorrect. Misalignment between real risk appetite and translation into policies is an inhibitor of effective communication, but is not a prominent as existence of blame culture.

Answer: B is incorrect. . This is the consequence of poor risk communication, not the inhibitor of effective communication.


Q147.  - (Topic 2)

Which one of the following is the only output for the qualitative risk analysis process?

A. Project management plan

B. Risk register updates

C. Organizational process assets

D. Enterprise environmental factors

Answer: B

Explanation:

Risk register update is the only output of the choices presented for the qualitative risk analysis process. The four inputs for the qualitative risk analysis process are the risk register, risk management plan, project scope statement, and organizational process assets. The output of perform qualitative risk analysis process is Risk Register Updates. Risk register is updated with the information from perform qualitative risk analysis and the updated risk register is included in the project documents. Updates include the following important elements:

Relative ranking or priority list of project risks Risks grouped by categories

Causes of risk or project areas requiring particular attention List of risks requiring response in the near-term

List of risks for additional analysis and response Watchlist of low priority risks

Trends in qualitative risk analysis results

Answer: C, D, and A are incorrect. These are not the valid outputs for the qualitative risk analysis process.


Q148.  - (Topic 2)

You are the project manager of your project. You have to analyze various project risks. You have opted for quantitative analysis instead of qualitative risk analysis. What is the MOST significant drawback of using quantitative analysis over qualitative risk analysis?

A. lower objectivity

B. higher cost

C. higher reliance on skilled personnel

D. lower management buy-in

Answer: B

Explanation:

Quantitative risk analysis is generally more complex and thus is costlier than qualitative risk analysis.

Answer: A is incorrect. Neither of the two risk analysis methods is fully objective. Qualitative method subjectively assigns high, medium and low frequency and impact categories to a specific risk, whereas quantitative method subjectivity expressed in mathematical "weights".

Answer: C is incorrect. To be effective, both processes require personnel who have a good understanding of the business. So there is equal requirement of skilled personnel in both. 

Answer: D is incorrect. Quantitative analysis generally has a better buy-in than qualitative analysis to the point where it can cause over-reliance on the results. Hence this option is not correct.


Q149.  - (Topic 3)

You are working in an enterprise. Your enterprise owned various risks. Which among the following is MOST likely to own the risk to an information system that supports a critical business process?

A. System users

B. Senior management

C. IT director

D. Risk management department

Answer: B

Explanation:

Senior management is responsible for the acceptance and mitigation of all risk. Hence they will also own the risk to an information system that supports a critical business process. 

Answer:C is incorrect. The IT director manages the IT systems on behalf of the business owners.

Answer:D is incorrect. The risk management department determines and reports on level of risk, but does not own the risk. Risk is owned by senior management.

Answer:A is incorrect. The system users are responsible for utilizing the system properly and following procedures, but they do not own the risk.


Q150.  - (Topic 4)

Which of the following terms is described in the statement below?

"They are the prime monitoring indicators of the enterprise, and are highly relevant and possess a high probability of predicting or indicating important risk. "

A. Key risk indicators

B. Lag indicators

C. Lead indicators

D. Risk indicators

Answer: A

Explanation:

Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly relevant and possess a high probability of predicting or indicating important risk. KRIs help in avoiding excessively large number of risk indicators to manage and report that a large enterprise may have.

Answer:D is incorrect. Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks.

Answer:C is incorrect. Lead indicators are the risk indicators that is used to indicate which capabilities are in place to prevent events from occurring.

Answer:B is incorrect. Lag indicators are the risk indicators that is used to indicate risk after events have occurred.



see more CRISC dumps