Verified CRISC Exam Dumps PDF [2023] Access using ExamcollectionPass [Q128-Q147]

Rate this post

Verified CRISC Exam Dumps PDF [2023] Access using ExamcollectionPass

Try Best CRISC Exam Questions from Training Expert ExamcollectionPass

The CRISC certification is ideal for IT professionals who are responsible for managing risks in their organizations. This includes IT risk professionals, IT managers, business analysts, compliance professionals, and security professionals. The certification provides a comprehensive understanding of risk management and enables professionals to effectively manage risks in their organizations. The exam is challenging and requires extensive preparation, but passing the exam demonstrates a high level of knowledge and expertise in IT risk management. Overall, the CRISC certification is a valuable credential that enhances the professional credibility of IT risk management professionals.

To be eligible to take the exam, candidates must have at least three years of experience in the fields of risk management or information systems control, as well as a solid understanding of the principles and practices of these areas. Additionally, candidates must meet certain educational requirements and agree to abide by the ISACA Code of Professional Ethics.

NO.128 Which of the following should be the PRIMARY objective of a risk awareness training program?

To promote awareness of the risk governance function.

To clarify fundamental risk management principles.

To enable risk-based decision making.

To ensure sufficient resources are available.

NO.129 Establishing ao organizational code of conduct is an example of which type of control?

Preventive

Directive

Detective

Compensating

NO.130 Which of the following are true for threats?
Each correct answer represents a complete solution. Choose three.

They can become more imminent as time goes by, or it can diminish

They can result in risks from external sources

They are possibility

They are real

They will arise and stay in place until they are properly dealt.

NO.131 Which of the following would be of GREATEST concern to a risk practitioner reviewing current key risk indicators (KRIs)?

The KRIs’ source data lacks integrity.

The KRIs are not automated.

The KRIs are not quantitative.

The KRIs do not allow for trend analysis.

NO.132 Which of the following is MOST important to compare against the corporate risk profile?

Industry benchmarks

Risk tolerance

Risk appetite

Regulatory compliance

NO.133 You are the project manager of the QPS project. You and your project team have identified a pure risk.
You along with the key stakeholders, decided to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?

It is a risk event that only has a negative side and not any positive result.

It is a risk event that is created by the application of risk response.

It is a risk event that is generated due to errors or omission in the project work.

It is a risk event that cannot be avoided because of the order of the work.

NO.134 Which of the following is MOST important when developing key risk indicators (KRIs)?

Alignment with regulatory requirements

Availability of qualitative data

Properly set thresholds

Alignment with industry benchmarks

NO.135 For no apparent reason, the time required to complete daily processing for a legacy application is approaching a risk threshold. Which of the following activities should be performed FIRST?

Temporarily increase the risk threshold.

Initiate a feasibility study for a new application.

Suspend processing to investigate the problem.

Conduct a root-cause analysis.

NO.136 You are the project manager of a large networking project. During the execution phase the customer requests for a change in the existing project plan. What will be your immediate action?

Update the risk register.

Ask for a formal change request.

Ignore the request as the project is in the execution phase.

Refuse the change request.

Explanation:
Whenever the customer or key stakeholder asks for a change in the existing plan, you should ask him/her to submit a formal change request. Change requests may modify project policies or procedures, project scope, project cost or budget, project schedule, or project quality.

NO.137 Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

Someone sees company’s secret formula

Someone makes unauthorized changes to a Web site

An e-mail message is modified in transit

A virus infects a file

NO.138 Which of the following attributes of a key risk indicator (KRI) is MOST important?

Repeatable

Qualitative

Automated

Quantitative

NO.139 Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

Someone sees company’s secret formula

Someone makes unauthorized changes to a Web site

An e-mail message is modified in transit

A virus infects a file

NO.140 The PRIMARY reason for periodically monitoring key risk indicators (KRIs) is to:

detect changes in the risk profile.

rectify errors in results of KRIs.

continually improve risk assessments.

reduce costs of risk mitigation controls

NO.141 Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?

Business Continuity Strategy

Index of Disaster-Relevant Information

Disaster Invocation Guideline

Availability/ ITSCM/ Security Testing Schedule

NO.142 A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it’ll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?

Add the identified risk to a quality control management chart.

Add the identified risk to the issues log.

Add the identified risk to the risk register.

Add the identified risk to the low-level risk watch-list.

NO.143 When developing risk treatment alternatives for a Business case, it is MOST helpful to show risk reduction based on:

cost-benefit analysis.

risk appetite.

regulatory guidelines

control efficiency

NO.144 The number of tickets to rework application code has significantly exceeded the established threshold. Which of the following would be the risk practitioner s BEST recommendation?

Perform a root cause analysis

Perform a code review

Implement version control software.

Implement training on coding best practices

NO.145 FISMA requires federal agencies to protect IT systems and data. How often should compliance be audited by an external organization?

Annually

Quarterly

Every three years

Never

NO.146 Which of the following BEST indicates the effectiveness of anti-malware software?

Number of staff hours lost due to malware attacks

Number of downtime hours in business critical servers

Number of patches made to anti-malware software

Number of successful attacks by malicious software

NO.147 Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?

Utilize the change management process.

Validate functionality by running in a test environment.

Perform an in-depth code review with an expert.

Implement a service level agreement.

Latest 100% Passing Guarantee – Brilliant CRISC Exam Questions PDF: https://www.examcollectionpass.com/ISACA/CRISC-practice-exam-dumps.html

Leave a Reply Cancel reply