CRISC Exam Dumps | Prepare Your Exam with Actual CRISC Exam Questions PDF

1. Isaca CRISC Exam APICS Certified Supply Chain Professional Questions & Answers (Demo Version) https://examslead.com/CRISC-practice-exam-dumps/ Buy Full Product Here:

2. Question 1 Assessing the probability and consequences of identied risks to the project objectiess assigning a risk score to each risks and creatng a list of prioritied risks describes which of the following processes? A. Identfy Risks B. Qualitatie Risk Analysis C. Quanttatie Risk Analysis D. Plan Risk Management Aoswern B Explanatonn The purpose of qualitatie risk analysis is to determine what impact the identied risk eients will haie on the project and the probability they'll occur. It also puts risks in priority order according to their efects on the project objecties and assigns a risk score for the project. Answern C is incorrect. This process does not iniolie assessing the probability and consequences of identied risks. Quanttatie analysis is the use of numerical and statstcal techniques rather than the analysis of ierbal material for analyiing risks. Some of the quanttatie methods of risk analysis aren Internal loss method External data analysis Business process modeling (BPM) and simulaton Statstcal process control (SPC) Answern A is incorrect. It iniolies listng of all the possible risks so as to cure them before it can occur. In risk identicaton both threats and opportunites are considereds as both carry some leiel of risk with them. Answern D is incorrect. Risk Management is used to identfys assesss and control risks. It includes analyiing the ialue of assets to the businesss identfying threats to those assetss and eialuatng how iulnerable each asset is to those threats. Assessing the probability and consequences of identied risks is only the part of risk management. Question 2 Which of the following characteristcs of baseline represents speciicaton that is used to identfy approied requirements in baseline modeling? A. Functonal B. Allocated C. Product D. Deielopmental Aoswern B Explanatonn

3. In baseline modelings the baseline can characteriie the functonals allocateds deielopmentals and product aspects of a soluton. The allocated characteristc focus on the speciicatons which met the requirements approied by management. Answern As Cs and D are incorrect. These characteristcs do not represents speciicaton that is used to identfy approied requirements in baseline modeling. Question 3 Which of the following iariables are associated with quanttatie assessment of risks? Each correct answer represents a complete soluton. Choose three. A. Impact B. Probability C. Cost D. Frequency Aoswern D, B, aod A Explanatonn The measurable data used by this assessment include frequencys probabilitys impacts and efectieness of countermeasures. Risk assessment is a process of analyiing the identied risks both quanttatiely and qualitatiely. Quanttatie risk assessment requires calculatons of two components of risks the magnitude of the potental losss and the probability that the loss will occur. While qualitatiely risk assessment checks the seierity of risk. The assessment atempts to determine the likelihood of the risk being realiied and the impact of the risk on the operaton. This proiides seieral conclusions n Probability-establishing the likelihood of occurrence independently and combined. Interdependencies-the relatonship between diferent types of risk. For instances one risk may haie greater potental of occurring if another risk has occurred. Or probability or impact of a situaton may increase with combined risk. and reoccurrence of speciic riskss Question 4 Which of the following laws applies to organiiatons handling health care informaton? A. SOX B. GLBA C. HIPAA D. FISMA Aoswern C Explanatonn HIPAA handles health care informaton of an organiiaton. The Health Insurance Portability and Accountability Act (HIPAA) were introduced in 1996. It ensures

4. that health informaton data is protected. Before HIPAAs personal medical informaton was ofen aiailable to anyone. Security to protect the data was laxs and the data was ofen misused. If your organiiaton handles health informatons HIPAA applies. HIPAA deines health informaton as any data that is created or receiied by health care proiiderss health planss public health authoritess employerss life insurerss schools or uniiersitess and health care clearinghouses. HIPAA deines any data that is related to the health of an indiiiduals including past/present/future healths physical/mental healths and past/present/future payments for health care. Creatng a HIPAA compliance plan iniolies following phasesn Assessmentn An assessment helps in identfying whether organiiaton is coiered by HIPAA. If it iss then further requirement is to identfy what data is needed to protect. Risk analysisn A risk analysis helps to identfy the risks. In this phases analyiing method of handling data of organiiaton is done. Plan creatonn Afer identfying the riskss plan is created. This plan includes methods to reduce the risk. Plan implementatonn In this plan is being implemented. Contnuous monitoringn Security in depth requires contnuous monitoring. Monitor regulatons for changes. Monitor risks for changes. Monitor the plan to ensure it is stll used. Assessmentn Regular reiiews are conducted to ensure that the organiiaton remains in compliance. Answern A is incorrect. SOX designed to hold executies and board members personally responsible for inancial data. Answern B is incorrect. GLBA is not used for handling health care informaton. Answern D is incorrect. FISMA ensures protecton of data of federal agencies. Question 5 You are the project manager of GRT project. You discoiered that by bringing on more qualiied resources or by proiiding eien beter quality than originally planneds could result in reducing the amount of tme required to complete the project. If your organiiaton seiies this opportunity it would be an example of what risk response? A. Share B. Enhance C. Exploit D. Accept Aoswern C Explanatonn Exploit response is one of the strategies to negate risks or threats that appear in a project. This strategy may be selected for risks with positie impacts where the organiiaton wishes to ensure that the opportunity is realiied. Exploitng a risk eient proiides opportunites for positie impact on a project. Assigning more talented resources to the project to reduce the tme to completon is an example of exploit response. Answern A is incorrect. - The share strategy is similar as transfer because in this a porton of the risk is shared with an external organiiaton or another internal entty. Answern B is incorrect. The enhance strategy closely watches the probability or impact of the risk eient to assure that the organiiaton realiies the beneits. The primary point of this strategy is to

5. atempt to increase the probability and/or impact of positie risks. Answern D is incorrect. Risk acceptance means that no acton is taken relatie to a partcular risk; loss is accepted if it occurs. Question 6 You are the project manager of the NHQ project in Bluewell Inc. The project has an asset ialued at $200s000 and is subjected to an exposure factor of 45 percent. If the annual rate of occurrence of loss in this project is once a months then what will be the Annual Loss Expectancy (ALE) of the project? A. $ 2s160s000 B. $ 95s000 C. $ 90s000 D. $ 108s000 Aoswern D Explanatonn The ALE of this project will be $ 108s000. Single Loss Expectancy is a term related to Quanttatie Risk Assessment. It can be deined as the monetary ialue expected from the occurrence of a risk on an asset. It is mathematcally expressed as followsn SLE = Asset ialue * Exposure factor Therefores SLE = 200s000 * 0.45 = $ 90s000 As the loss is occurring once eiery months therefore ARO is 12. Now ALE can be calculated as followsn ALE = SLE * ARO = 90s000 * 12 = $ 108s000 Question 7 Which of the following is NOT true for Key Risk Indicators? A. The complete set of KRIs should also balance indicators for risks root causes and business impact. B. They help aioid haiing to manage and report on an excessiiely large number of risk indicators C. They are monitored annually D. They are selected as the prime monitoring indicators for the enterprise Aoswern C Explanatonn They are monitored on regular basis as they indicate high probability and high impact risks. As risks change oier tmes hence KRIs should also be monitored regularly for its efectieness on these changing risks.

6. Answern Ds Bs and A are incorrect. These all are true for KRIs. Key Risk Indicators are the prime monitoring indicators of the enterprise. KRIs are highly releiant and possess a high probability of predictng or indicatng important risk. KRIs help in aioiding excessiiely large number of risk indicators to manage and report that a large enterprise may haie. The complete set of KRIs should also balance indicators for risks root causes and business impacts so as to indicate the risk and its impact completely. Question 8 You work as a project manager for SofTech Inc. You are working with the project stakeholders to begin the qualitatie risk analysis process. Which of the following inputs will be needed for the qualitatie risk analysis process in your project? Each correct answer represents a complete soluton. Choose all that apply. A. Cost management plan B. Organiiatonal process assets C. Project scope statement D. Risk register Aoswern D, B, aod C Explanatonn The primary goal of qualitatie risk analysis is to determine proporton of efect and theoretcal response. The inputs to the Qualitatie Risk Analysis process aren Organiiatonal process assets Project Scope Statement Risk Management Plan Risk Register Answern A is incorrect. The cost management plan is the input to the perform quanttatie risk analysis process. Question 9 You haie identied seieral risks in your project. You haie opted for risk mitgaton in order to respond to identied risk. Which of the following ensures that risk mitgaton method that you haie chosen is efectie? A. Reducton in the frequency of a threat B. Minimiiaton of inherent risk C. Reducton in the impact of a threat D. Minimiiaton of residual risk Aoswern B Explanatonn The inherent risk of a process is a giien and cannot be afected by risk reducton or risk mitgaton eforts. Hence it should be reduced as far as possible.

7. Answern D is incorrect. The objectie of risk reducton is to reduce the residual risk to leiels below the enterprise's risk tolerance leiel. Answern A is incorrect. Risk reducton eforts can focus on either aioiding the frequency of the risk or reducing the impact of a risk. Answern C is incorrect. Risk reducton eforts can focus on either aioiding the frequency of the risk or reducing the impact of a risk. Question 10 Which of the following methods iniolies the use of predictie or diagnostc analytcal tool for exposing risk factors? A. Fault tree analysis B. Scenario analysis C. Sensitiity analysis D. Cause and efect analysis Aoswern D Explanatonn Cause-and-efect analysis iniolies the use of predictie or diagnostc analytcal tool for exploring the root causes or factors that contribute to positie or negatie efects or outcomes. These tools also help in identfying potental risk. Answern C is incorrect. Sensitiity analysis is the quanttatie risk analysis technique thatn Assist in determinaton of risk factors that haie the most potental impact Examines the extent to which the uncertainty of each element afects the object under consideraton when all other uncertain elements are held at their baseline ialues Answern A is incorrect. Fault tree analysis (FIA) is a technique that proiides a systematc descripton of the combinaton of possible occurrences in a systems which can result in an undesirable outcome. It combines hardware failures and human failures. Answern B is incorrect. This analysis is not a method for exposing risk factors. It is used for analyiing scenarios. Question 11 Henry is the project sponsor of the JQ Project and Nancy is the project manager. Henry has asked Nancy to start the risk identicaton process for the projects but Nancy insists that the project team be iniolied in the process. Why should the project team be iniolied in the risk identicaton? A. So that the project team can deielop a sense of ownership for the risks and associated risk responsibilites. B. So that the project team and the project manager can work together to assign risk ownership. C. So that the project manager can identfy the risk owners for the risks within the project and the needed risk responses. D. So that the project manager isn't the only person identfying the risk eients within the project.

8. Aoswern A Explanatonn The best answer to include the project team members is that they'll need to deielop a sense of ownership for the risks and associated risk responsibilites. Answern D is incorrect. While the project manager shouldn't be the only person to identfy the risk eientss this isn't the best answer. Answern B is incorrect. The reason to include the project team is that the project team needs to deielop a sense of ownership for the risks and associated risk responsibilitess not to assign risk ownership. Answern C is incorrect. The reason to include the project team is that the project team needs to deielop a sense of ownership for the risks and associated risk responsibilitess not to assign risk ownership and risk responses at this point. Question 12 Which of the following test is BEST to map for conirming the efectieness of the system access management process? A. user accounts to human resources (HR) records. B. the iendor database to user accounts. C. access requests to user accounts. D. user accounts to access requests. Aoswern D Explanatonn Tying user accounts to access requests conirms that all existng accounts haie been approied. Hences the efectieness of the system access management process can be accounted. Answern C is incorrect. Tying access requests to user accounts conirms that all access requests haie been processed; howeiers the test does not consider user accounts that haie been established without the supportng access request. Answern A is incorrect. Tying user accounts to human resources (HR) records conirms whether user accounts are uniquely ted to employeess not accounts for the efectieness of the system access management process. Answern B is incorrect. Tying iendor records to user accounts may conirm ialid accounts on an e- commerce applicatons but it does not consider user accounts that haie been established without the supportng access request. Question 13 You are the administrator of your enterprise. You haie to preient unauthoriied access to an enterprise's informaton. Which of the following control you would use? A. User authentcaton B. User identicaton C. User authoriiaton

9. D. User accountability Aoswern A Explanatonn Authentcaton ieriies the user's identty and the right to access informaton according to the access rules. Hence it preients unauthoriied access to an enterprise's informaton. Answern D is incorrect. User accountability does not grant access. Answern B is incorrect. User identicaton without authentcaton does not grant access. Answern C is incorrect. User authoriiaton without authentcaton does not grant access. Question 14 You work as a project manager for BlueWell Inc. You are about to complete the quanttatie risk analysis process for your project. You can use three aiailable tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quanttatie risk analysis process? A. Expert judgment B. Quanttatie risk analysis and modeling techniques C. Organiiatonal process assets D. Data gathering and representaton techniques Aoswern C Explanatonn Organiiatonal process asset is not a tool and techniques but an input to the quanttatie risk analysis process. Quanttatie Risk Analysis is a process to assess the probability of achieiing partcular project objectiess to quantfy the efect of risks on the whole project objecties and to prioritie the risks based on the impact to oierall project risk. Quanttatie Risk Analysis process analyies the afect of a risk eient deriiing a numerical ialue. It also presents a quanttatie approach to build decisions in the presence of uncertainty. The inputs for Quanttatie Risk Analysis are n Organiiatonal process assets Project Scope Statement Risk Management Plan Risk Register Project Management Plan Answern D is incorrect. Data gathering and representaton technique is a tool and technique for the quanttatie risk analysis process. Answern B is incorrect. Quanttatie risk analysis and modeling techniques is a tool and technique for the quanttatie risk analysis process. Answern A is incorrect. Expert judgment is a tool and technique for the quanttatie risk analysis process. Question 15

10. Which of the following is the PRIMARY requirement before choosing Key performance indicators of an enterprise? A. Determine siie and complexity of the enterprise B. Enterprise must establish its strategic and operatonal goals C. Determine type of market in which the enterprise operates D. Prioritie iarious enterprise processes Aoswern B Explanatonn Key Performance Indicators is a set of measures that a company or industry uses to measure and/or compare performance in terms of meetng their strategic and operatonal goals. KPIs iary with company to companys depending on their priorites or performance criteria. A company must establish its strategic and operatonal goals and then choose their KPIs which can best refect those goals. For examples if a sofware company's goal is to haie the fastest growth in its industrys its main performance indicator may be the measure of its annual reienue growth. Answern D is incorrect. This is not the ialid answer. Answern A is incorrect. Determinaton of siie and complexity of the enterprise is the selecton criteria of the KRIs not KPI. KPI does not haie any releiancy with siie and complexity of the enterprise. Answern C is incorrect. Type of market in which the enterprise is operatng do not afect the selecton of KPIs. Question 16 Which of the following serie as the authoriiaton for a project to begin? A. Approial of project management plan B. Approial of risk management document C. Approial of a risk response document D. Approial of a project request document Aoswern D Explanatonn Approial of a project initaton document (PID) or a project request document (PRD) is the authoriiaton for a project to begin. Answern B is incorrect. Risk management document is being prepared later afer the project initatons during the risk management plan. It has no scope during project initaliiaton. Answern C is incorrect. Risk response document comes under risk management processs hence the later phase in project deielopment process. Answern A is incorrect. Project management plan is being made afer the project is being authoriied. Question 17 You work as the project manager for www.company.com Inc. The project on which you are working has seieral risks that will afect seieral stakeholder requirements. Which project management plan

11. will deine who will be aiailable to share informaton on the project risks? A. Risk Management Plan B. Communicatons Management Plan C. Stakeholder management strategy D. Resource Management Plan Aoswern B Explanatonn The Communicatons Management Plan deiness in regard to risk managements who will be aiailable to share informaton on risks and responses throughout the project. The Communicatons Management Plan aims to deine the communicaton necessites for the project and how the informaton will be circulated. The Communicatons Management Plan sets the communicaton structure for the project. This structure proiides guidance for communicaton throughout the project's life and is updated as communicaton needs change. The Communicaton Managements Plan identies and deines the roles of persons concerned with the project. It includes a matrix known as the communicaton matrix to map the communicaton requirements of the project. Answern C is incorrect. The stakeholder management strategy does not address risk communicatons. Answern A is incorrect. The Risk Management Plan deals with risk identicatons analysiss responses and monitoring. Answern D is incorrect. The Resource Management Plan does not deine risk communicatons. Question 18 You are working in an enterprise. Your enterprise owned iarious risks. Which among the following is MOST likely to own the risk to an informaton system that supports a critcal business process? A. Senior management B. System users C. Risk management department D. IT director Aoswern A Explanatonn Senior management is responsible for the acceptance and mitgaton of all risk. Hence they will also own the risk to an informaton system that supports a critcal business process. Answern D is incorrect. The IT director manages the IT systems on behalf of the business owners. Answern C is incorrect. The risk management department determines and reports on leiel of risks but does not own the risk. Risk is owned by senior management. Answern B is incorrect. The system users are responsible for utliiing the system properly and following proceduress but they do not own the risk. Question 19

12. Which of the following statements is NOT true for risk management plan? A. The risk management plan includes a descripton of the responses to risks and triggers. B. The risk management plan is an input to all the remaining risk-planning processes. C. The risk management plan is an output of the Plan Risk Management process. D. The risk management plan includes thresholdss scoring and interpretaton methodss responsible partess and budgets. Aoswern A Explanatonn The risk management plan details how risk management processes will be implementeds monitoreds and controlled throughout the life of the project. The risk management plan does not include responses to risks or triggers. Responses to risks are documented in the risk register as part of the Plan Risk Responses process. Answern Cs Ds and B are incorrect. These statements are true for risk management plan. The risk management is the result of Plan Risk Management process and do act as input for the remaining risk-planning process. It also includes thresholdss scoring and interpretaton methodss responsible partess and budgets. Question 20 Which of the following comes under phases of risk management? A. Identfy risk B. Deieloping risk C. Assessing risk D. Prioritiaton of risk E. Monitoring risk Aoswern A, C, D, aod E Explanatonn Risk management proiides an approach for indiiiduals and groups to make a decision on how to deal with potentally harmful situatons. Following are the four phases iniolied in risk managementn 1.Risk identicaton nThe irst thing we must do in risk management is to identfy the areas of the project where the risks can occur. This is termed as risk identicaton. Listng all the possible risks is proied to be iery productie for the enterprise as we can cure them before it can occur. In risk identicaton both threats and opportunites are considereds as both carry some leiel of risk with them. 2.Risk Assessment and Eialuaton nRisk assessment use quanttatie and qualitatie analysis approaches to eialuate each signiicant risk identied. 3.Risk Prioritiaton and Response nAs many risks are being identied in an enterprises it is best to giie each risk a score based on its likelihood and signiicance in form of ranking. This concludes whether the risk with high likelihood and high signiicance must be giien greater atenton as

13. compared to similar risk with low likelihood and low signiicance. Hences risks can be prioritied and appropriate responses to those risks are created. 4.Risk Monitoring nRisk monitoring is an actiity which oiersees the changes in risk assessment. Oier tmes the likelihood or signiicance originally atributed to a risk may change. This is especially true when certain responsess such as mitgatons haie been made.

14. Buy Full Product Here: