ISACA CRISC Exam Preparation Guide and PDF Download [Q156-Q175]

Share

ISACA CRISC Exam Preparation Guide and PDF Download

Verified & Correct CRISC Practice Test Reliable Source Oct 14, 2023 Updated


ISACA CRISC (Certified in Risk and Information Systems Control) certification exam is one of the most highly respected and sought-after credentials in the field of information technology. Certified in Risk and Information Systems Control certification is designed to recognize IT professionals who are experts in identifying and managing risks related to information systems. The CRISC certification is awarded by the Information Systems Audit and Control Association (ISACA), a professional association that provides guidance and certifications to IT professionals around the world.

 

NEW QUESTION # 156
Which of the following should be PRIMARILY considered while designing information systems controls?

  • A. The organizational strategic plan
  • B. The present IT budget
  • C. The IT strategic plan
  • D. The existing IT environment

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Review of the enterprise's strategic plan is the first step in designing effective IS controls that would fit the enterprise's long-term plans.
Incorrect Answers:
A: The IT strategic plan exists to support the enterprise's strategic plan but is not solely considered while designing information system control.
B: Review of the existing IT environment is also useful and necessary but is not the first step that needs to be undertaken.
D: The present IT budget is just one of the components of the strategic plan.


NEW QUESTION # 157
You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

  • A. Identification information for each stakeholder
  • B. Stakeholder classification of their role in the project
  • C. Stakeholder management strategy
  • D. Assessment information of the stakeholders' major requirements, expectations, and potential influence

Answer: C

Explanation:
Section: Volume C
Explanation:
The stakeholder management strategy is generally not included in the stakeholder registry because it may contain sensitive information that should not be shared with project team members or certain other individuals that could see the stakeholder register. The stakeholder register is a project management document that contains a list of the stakeholders associated with the project. It assesses how they are involved in the project and identifies what role they play in the organization. The information in this document can be very perceptive and is meant for limited exchange only. It also contains relevant information about the stakeholders, such as their requirements, expectations, and influence on the project.
Incorrect Answers:
B, C, D: Stakeholder identification, Assessment information, and Stakeholder classification should be included in the stakeholder register.


NEW QUESTION # 158
Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

  • A. An e-mail message is modified in transit
  • B. Someone makes unauthorized changes to a Web site
  • C. Someone sees company's secret formula
  • D. A virus infects a file

Answer: A,B,D

Explanation:
Explanation/Reference:
Explanation:
Loss of integrity refers to the following types of losses:
An e-mail message is modified in transit A virus infects a file

Someone makes unauthorized changes to a Web site

Incorrect Answers:
A: Someone sees company's secret formula or password comes under loss of confidentiality.


NEW QUESTION # 159
Which of the following approaches will BEST help to ensure the effectiveness of risk awareness training?

  • A. Reviewing content with senior management
  • B. Creating modules for targeted audiences
  • C. Piloting courses with focus groups
  • D. Using reputable third-party training programs

Answer: B

Explanation:
Section: Volume D


NEW QUESTION # 160
What activity should be done for effective post-implementation reviews during the project?

  • A. Allow a sufficient number of business cycles to be executed in the new system
  • B. Identify the information collected during each stage of the project
  • C. Establish the business measurements up front
  • D. Identify the information to be reviewed

Answer: C

Explanation:
Explanation/Reference:
Explanation:
For effective post-implementation review the business measurements up front is established during the project.
Incorrect Answers:
B: Executing sufficient number of business cycles in the new system is done after the completion of the project.
C, D: Identifying the information to be reviewed and information collected during each stage of project is done in pre-project phase and not during project for effective post-implementation review.


NEW QUESTION # 161
Which of the following aspects are included in the Internal Environment Framework of COSO ERM?
Each correct answer represents a complete solution. Choose three.

  • A. Enterprise's integrity and ethical values
  • B. Enterprise's human resource standards
  • C. Enterprise's risk appetite
  • D. Enterprise's working environment

Answer: A,B,C

Explanation:
Section: Volume B
Explanation:
The internal environment for risk management is the foundational level of the COSO ERM framework, which describes the philosophical basics of managing risks within the implementing enterprise. The different aspects of the internal environment include the enterprise's:
* Philosophy on risk management
* Risk appetite
* Attitudes of Board of Directors
* Integrity and ethical values
* Commitment to competence
* Organizational structure
* Authority and responsibility
* Human resource standards


NEW QUESTION # 162
Which of the following is the BEST indicator of the effectiveness of a control monitoring program?

  • A. Time spent on internal control assessment reviews
  • B. Number of internal control failures within the measurement period
  • C. Time between control failure and failure detection
  • D. Number of key controls as a percentage of total control count

Answer: C


NEW QUESTION # 163
Of the following, who should be responsible for determining the inherent risk rating of an application?

  • A. Senior management
  • B. Application owner
  • C. Risk practitioner
  • D. Business process owner

Answer: B


NEW QUESTION # 164
Which of the following BEST indicates the efficiency of a process for granting access privileges?

  • A. Number and type of locked obsolete accounts
  • B. Number of changes in access granted to users
  • C. Average number of access privilege exceptions
  • D. Average time to grant access privileges

Answer: D


NEW QUESTION # 165
You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

  • A. All risks must have a valid, documented risk response.
  • B. These risks can be dismissed.
  • C. These risks can be accepted.
  • D. These risks can be added to a low priority risk watch list.

Answer: D

Explanation:
Section: Volume C
Explanation/Reference:
Explanation:
Low-impact, low-probability risks can be added to the low priority risk watch list.
Incorrect Answers:
A: These risks are not dismissed; they are still documented on the low priority risk watch list.
B: While these risks may be accepted, they should be documented on the low priority risk watch list. This list will be periodically reviewed and the status of the risks may change.
D: Not every risk demands a risk response, so this choice is incorrect.


NEW QUESTION # 166
Which of the following provides the MOST useful information to assess the magnitude of identified deficiencies in the IT control environment?

  • A. Business impact analysis (BIA) results
  • B. Threat analysis results
  • C. Peer benchmarks
  • D. Internal audit reports

Answer: B


NEW QUESTION # 167
Which one of the following is the only output for the qualitative risk analysis process?

  • A. Risk register updates
  • B. Enterprise environmental factors
  • C. Organizational process assets
  • D. Project management plan

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Risk register update is the only output of the choices presented for the qualitative risk analysis process.
The four inputs for the qualitative risk analysis process are the risk register, risk management plan, project scope statement, and organizational process assets. The output of perform qualitative risk analysis process is Risk Register Updates. Risk register is updated with the information from perform qualitative risk analysis and the updated risk register is included in the project documents. Updates include the following important elements:
Relative ranking or priority list of project risks

Risks grouped by categories

Causes of risk or project areas requiring particular attention

List of risks requiring response in the near-term

List of risks for additional analysis and response

Watchlist of low priority risks

Trends in qualitative risk analysis results

Incorrect Answers:
A, C, D: These are not the valid outputs for the qualitative risk analysis process.


NEW QUESTION # 168
Which of the following is the MOST important objective of establishing an enterprise risk management (ERM) function within an organization?

  • A. To ensure risk profiles are presented in a consistent format within the organization
  • B. To optimize risk management resources across the organization
  • C. To have a standard risk management process for complying with regulations
  • D. To have a unified approach to risk management across the organization

Answer: D


NEW QUESTION # 169
What can be determined from the risk scenario chart?

  • A. The multiple risk factors addressed by a chosen response
  • B. Relative positions on the risk map
  • C. Risk treatment options
  • D. Capability of enterprise to implement

Answer: A

Explanation:
Section: Volume D


NEW QUESTION # 170
Which of the following BEST contributes to the implementation of an effective risk response action plan?

  • A. An IT tactical plan
  • B. A business impact analysis
  • C. Assigned roles and responsibilities
  • D. Disaster recovery and continuity testing

Answer: C


NEW QUESTION # 171
Jeff works as a Project Manager for www.company.com Inc. He and his team members are involved in the identify risk process. Which of the following tools & techniques will Jeff use in the identify risk process?
Each correct answer represents a complete solution. (Choose three.)

  • A. Information gathering technique
  • B. Risk categorization
  • C. Checklist analysis
  • D. Documentation reviews

Answer: A,C,D

Explanation:
Explanation/Reference:
Explanation:
The various tools & techniques used in the identify risk process are as follows:
Documentation reviews

Information gathering technique

Checklist analysis

Assumption analysis

Diagramming techniques

SWOT analysis

Expert judgment


NEW QUESTION # 172
Which of the following provides the MOST helpful reference point when communicating the results of a risk assessment to stakeholders?

  • A. Risk appetite
  • B. Risk awareness
  • C. Risk policy
  • D. Risk tolerance

Answer: A


NEW QUESTION # 173
When does the Identify Risks process take place in a project?

  • A. At the Executing stage.
  • B. Throughout the project life-cycle.
  • C. At the Planning stage.
  • D. At the Initiating stage.

Answer: B

Explanation:
Section: Volume D
Explanation:
Identify Risks is the process of determining which risks may affect the project. It also documents risks' characteristics. The Identify Risks process is part of the Project Risk Management knowledge area. As new risks may evolve or become known as the project progresses through its life cycle, Identify Risks is an iterative process. The process should involve the project team so that they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Risk Register is the only output of this process.
Incorrect Answers:
A, B, C: Identify Risks process takes place at all the stages of a project, because risk changes over time.


NEW QUESTION # 174
Which of the following provides an organization with the MOST insight with regard to operational readiness associated with risk?

  • A. Capability maturity assessment results
  • B. Benchmarking against industry standards
  • C. Minutes of the enterprise risk committee meetings
  • D. Self-assessment of capabilities

Answer: D

Explanation:
Section: Volume D


NEW QUESTION # 175
......

Pass ISACA CRISC exam Dumps 100 Pass Guarantee With Latest Demo: https://www.prepawaypdf.com/ISACA/CRISC-practice-exam-dumps.html

Free ISACA CRISC Exam Files Downloaded Instantly: https://drive.google.com/open?id=1pu9a-Fw3MaRy8iWPQq8fJIYVB63Vw4Bw