Certified in Risk and Information Systems Control CRISC Exam Questions

Looking for Certified in Risk and Information Systems Control CRISC Exam preparation? PassQuestion provides the latest Certified in Risk and Information Systems Control CRISC Exam Questions which contain 933 questions with verified answers to help you pass your CRISC exam easily in your first time. You are guaranteed to read CRISC pdf and software before taking Certified in Risk and Information Systems Control CRISC exam.

Test Online ISACA CRISC Free Questions

1. Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?

 
 
 
 

2. You are the project manager of a HGT project that has recently finished the final compilation process. The project customer has signed off on the project completion and you have to do few administrative closure activities. In the project, there were several large risks that could have wrecked the project but you and your project team found some new methods to resolve the risks without affecting the project costs or project completion date.

What should you do with the risk responses that you have identified during the project’s monitoring and controlling process?

 
 
 
 

3. You are the project manager of GHT project. You have identified a risk event on your project that could save $100,000 in project costs if it occurs.

Which of the following statements BEST describes this risk event?

 
 
 
 

4. You are the project manager of a large construction project. This project will last for 18 months and will cost $750,000 to complete. You are working with your project team, experts, and stakeholders to identify risks within the project before the project work begins. Management wants to know why you have scheduled so many risk identification meetings throughout the project rather than just initially during the project planning.

What is the best reason for the duplicate risk identification sessions?

 
 
 
 

5. You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively.

What Risk Priority Number (RPN) you would give to it?

 
 
 
 

6. Which of the following is the MOST important use of KRIs?

 
 
 
 

7. Which of the following role carriers will decide the Key Risk Indicator of the enterprise? Each correct answer represents a part of the solution. Choose two.

 
 
 
 

8. What are the requirements for creating risk scenarios? Each correct answer represents a part of the solution. Choose three.

 
 
 
 

9. You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements.

Which project management plan will define who will be available to share information on the project risks?

 
 
 
 

10. Which of the following controls is an example of non-technical controls?

 
 
 
 

11. You are the project manager of GHT project. Your project team is in the process of identifying project risks on your current project.

The team has the option to use all of the following tools and techniques to diagram some of these potential risks EXCEPT for which one?

 
 
 
 

12. Which of the following BEST describes the utility of a risk?

 
 
 
 

13. Which of the following aspect of monitoring tool ensures that the monitoring tool has the ability to keep up with the growth of an enterprise?

 
 
 
 

14. You are the project manager in your enterprise. You have identified risk that is noticeable failure threatening the success of certain goals of your enterprise.

In which of the following levels do this identified risk exists?

 
 
 
 

15. Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes.

What is the primary advantage to group risks by common causes during qualitative risk analysis?

 
 
 
 

16. Which of the following processes is described in the statement below?

"It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."

 
 
 
 

17. You are an experienced Project Manager that has been entrusted with a project to develop a machine which produces auto components. You have scheduled meetings with the project team and the key stakeholders to identify the risks for your project.

Which of the following is a key output of this process?

 
 
 
 

18. Which of the following components of risk scenarios has the potential to generate internal or external threat on an enterprise?

 
 
 
 

19. You are the project manager of GHT project. You have planned the risk response process and now you are about to implement various controls.

What you should do before relying on any of the controls?

 
 
 
 

20. Which of the following is NOT true for risk management capability maturity level 1?

 
 
 
 

21. An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.

 
 
 
 

22. Which of the following is a technique that provides a systematic description of the combination of unwanted occurrences in a system?

 
 
 
 

23. What is the process for selecting and implementing measures to impact risk called?

 
 
 
 

24. Which section of the Sarbanes-Oxley Act specifies "Periodic financial reports must be certified by CEO and CFO"?

 
 
 
 

25. What is the PRIMARY need for effectively assessing controls?

 
 
 
 

26. You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders’ approval, to fast track the project work to get the project done faster.

When you fast track the project, what is likely to increase?

 
 
 
 

27. David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000.

What type of risk response has David adopted?

 
 
 
 

28. Which of the following is the MOST important objective of the information system control?

 
 
 
 

29. Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?

 
 
 
 

30. For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"

 
 
 
 

31. Which of the following is true for Cost Performance Index (CPI)?

 
 
 
 

32. Which of the following do NOT indirect information?

 
 
 
 

33. Ben works as a project manager for the MJH Project. In this project, Ben is preparing to identify stakeholders so he can communicate project requirements, status, and risks. Ben has elected to use a salience model as part of his stakeholder identification process.

Which of the following activities best describes a salience model?

 
 
 
 

34. Which of the following is the first MOST step in the risk assessment process?

 
 
 
 

35. Which of the following matrices is used to specify risk thresholds?

 
 
 
 

36. What are the two MAJOR factors to be considered while deciding risk appetite level? Each correct answer represents a part of the solution. Choose two.

 
 
 
 

37. You are the project manager of the GHY Project for your company. You need to complete a project management process that will be on the lookout for new risks, changing risks, and risks that are now outdated.

Which project management process is responsible for these actions?

 
 
 
 

38. You are the project manager of the HGT project in Bluewell Inc. The project has an asset valued at

$125,000 and is subjected to an exposure factor of 25 percent.

What will be the Single Loss Expectancy of this project?

 
 
 
 

39. Which of the following are the principles of access controls?

Each correct answer represents a complete solution. Choose three.

 
 
 
 

40. You are the project manager of GHT project. You have selected appropriate Key Risk Indicators for your project. Now, you need to maintain those Key Risk Indicators.

What is the MOST important reason to maintain Key Risk Indicators?

 
 
 
 

41. Which of the following controls do NOT come under technical class of control?

 
 
 
 

42. Mary is a project manager in her organization. On her current project she is working with her project team and other key stakeholders to identify the risks within the project. She is currently aiming to create a comprehensive list of project risks so she is using a facilitator to help generate ideas about project risks.

What risk identification method is Mary likely using?

 
 
 
 

43. Which of the following is an administrative control?

 
 
 
 

44. You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team.

What document do you and your team is creating in this scenario?

 
 
 
 

45. Where are all risks and risk responses documented as the project progresses?

 
 
 
 

46. A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project.

Which type of risk response is this?

 
 
 
 

47. John works as a project manager for BlueWell Inc. He is determining which risks can affect the project.

Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?

 
 
 
 

48. Which of the following events refer to loss of integrity?

Each correct answer represents a complete solution. Choose three.

 
 
 
 

49. Which of the following should be PRIMARILY considered while designing information systems controls?

 
 
 
 

50. Which of the following is the MOST effective inhibitor of relevant and efficient communication?

 
 
 
 

51. You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won’t affect your project much if they happen.

What should you do with these identified risk events?

 
 
 
 

52. You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise.

What type of control is an intrusion detection system (IDS)?

 
 
 
 

53. What are the functions of audit and accountability control? Each correct answer represents a complete solution. (Choose three.)

 
 
 
 

54. Which among the following acts as a trigger for risk response process?

 
 
 
 

55. What is the value of exposure factor if the asset is lost completely?

 
 
 
 

56. Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit.

If your organization seizes this opportunity it would be an example of what risk response?

 
 
 
 

57. Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?

 
 
 
 

58. Which of the following statements are true for enterprise’s risk management capability maturity level 3?

 
 
 
 

59. Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

 
 
 
 

60. You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines.

What is this poor quality of password and unsafe transmission refers to?

 
 
 
 

61. Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise’s information security policy?

 
 
 
 

62. You are the project manager of RFT project. You have identified a risk that the enterprise’s IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk, the response adopted is re-architecture of the existing system and purchase of new integrated system.

In which of the following risk prioritization options would this case be categorized?

 
 
 
 

63. Which of the following BEST ensures that a firewall is configured in compliance with an enterprise’s security policy?

 
 
 
 

64. Which of following is NOT used for measurement of Critical Success Factors of the project?

 
 
 
 

65. Which of the following statements is NOT true regarding the risk management plan?

 
 
 
 

66. You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses.

Which of the following tools would you use to choose the appropriate risk response?

 
 
 
 

67. Which of the following is the priority of data owners when establishing risk mitigation method?

 
 
 
 

68. What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?

 
 
 
 

69. Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just $15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution.

What type of risk response is this?

 
 
 
 

70. Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?

 
 
 
 

71. Out of several risk responses, which of the following risk responses is used for negative risk events?

 
 
 
 

72. Which of the following risks refer to probability that an actual return on an investment will be lower than the investor’s expectations?

 
 
 
 

73. What are the PRIMARY requirements for developing risk scenarios?

Each correct answer represents a part of the solution. Choose two.

 
 
 
 

74. What are the responsibilities of the CRO?

Each correct answer represents a complete solution. Choose three.

 
 
 
 

75. You are working with a vendor on your project. A stakeholder has requested a change for the project, which will add value to the project deliverables. The vendor that you’re working with on the project will be affected by the change.

What system can help you introduce and execute the stakeholder change request with the vendor?

 
 
 
 

76. You are the project manager of GHT project. You are performing cost and benefit analysis of control. You come across the result that costs of specific controls exceed the benefits of mitigating a given risk.

What is the BEST action would you choose in this scenario?

 
 
 
 

77. Mortality tables are based on what mathematical activity? Each correct answer represents a complete solution. Choose three.

 
 
 
 

78. Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work.

What type of risk response is Harry implementing?

 
 
 
 

79. The Identify Risk process determines the risks that affect the project and document their characteristics.

Why should the project team members be involved in the Identify Risk process?

 
 
 
 

80. What are the requirements of monitoring risk?

Each correct answer represents a part of the solution. Choose three.

 
 
 
 

81. Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc.

Which of the following risk management techniques is your company using?

 
 
 
 

82. You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project’s performance as a whole.

What approach can you use to achieve this goal of improving the project’s performance through risk analysis with your project stakeholders?

 
 
 
 

83. You are a project manager for your organization and you’re working with four of your key stakeholders. One of the stakeholders is confused as to why you’re not discussing the current problem in the project during the risk identification meeting.

Which one of the following statements best addresses when a project risk actually happens?

 
 
 
 

84. Which of the following is the MOST effective method for indicating that the risk level is approaching a high or unacceptable level of risk?

 
 
 
 

85. You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements.

Which project management plan will define who will be available to share information on the project risks?

 
 
 
 

86. Your project spans the entire organization. You would like to assess the risk of your project but worried about that some of the managers involved in the project could affect the outcome of any risk identification meeting. Your consideration is based on the fact that some employees would not want to publicly identify risk events that could declare their supervision as poor. You would like a method that would allow participants to anonymously identify risk events.

What risk identification method could you use?

 
 
 
 

87. Which of the following represents lack of adequate controls?

 
 
 
 

88. The only output of qualitative risk analysis is risk register updates.

When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?

 
 
 
 

89. Which of the following risks is the risk that happen with an important business partner and affects a large group of enterprises within an area or industry?

 
 
 
 

90. You have been assigned as the Project Manager for a new project that involves development of a new interface for your existing time management system. You have completed identifying all possible risks along with the stakeholders and team and have calculated the probability and impact of these risks.

Which of the following would you need next to help you prioritize the risks?

 
 
 
 

91. You are the project manager of a large networking project. During the execution phase the customer requests for a change in the existing project plan.

What will be your immediate action?

 
 
 
 

92. Which of the following is described by the definition given below?

"It is the expected guaranteed value of taking a risk."

 
 
 
 

93. You are the project manager of GHT project. Your hardware vendor left you a voicemail saying that the delivery of the equipment you have ordered would not arrive on time. She wanted to give you a heads-up and asked that you return the call.

Which of the following statements is TRUE?

 
 
 
 

94. There are five inputs to the quantitative risk analysis process.

Which one of the following is NOT an input to quantitative risk analysis process?

 
 
 
 

95. Stephen is the project manager of the GBB project. He has worked with two subject matter experts and his project team to complete the risk assessment technique. There are approximately 47 risks that have a low probability and a low impact on the project.

Which of the following answers best describes what Stephen should do with these risk events?

 
 
 
 

96. Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified.

What should Jenny do with these risk events?

 
 
 
 

97. You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce.

This scenario is demonstrating which of the following form?

 
 
 
 

98. Which of the following are risk components of the COSO ERM framework? Each correct answer represents a complete solution. Choose three.

 
 
 
 

99. Your project team has completed the quantitative risk analysis for your project work. Based on their findings, they need to update the risk register with several pieces of information.

Which one of the following components is likely to be updated in the risk register based on their analysis?

 
 
 
 

Question 1 of 99

COBIT 5 Foundation Exam Questions

Leave a Reply

Your email address will not be published. Required fields are marked *