CRISC - Certified in Risk and Information Systems Control
Go back to ISACA
Which of the following is a key component of strong internal control environment?
Segregation of duties
Della works as a project manager for Tech Perfect Inc. She is studying the documentation of planning of a project. The documentation states that there are twenty-eight stakeholders with the project. What will be the number of communication channels for the project?
What should be considered while developing obscure risk scenarios? Each correct answer represents a part of the solution. Choose two.
Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response?
There are four inputs to the Monitoring and Controlling Project Risks process. Which one of the following will NOT help you, the project manager, to prepare for risk monitoring and controlling?
What is the IMMEDIATE step after defining set of risk scenarios?
Which of the following is true for Cost Performance Index (CPI)?
If the CPI > 1, it indicates better than expected performance of project
Which of the following type of risk could result in bankruptcy?
Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?
Business Continuity Strategy
Mike is the project manager of the NNP Project for his organization. He is working with his project team to plan the risk responses for the NNP Project. Mike would like the project team to work together on establishing risk thresholds in the project. What is the purpose of establishing risk threshold?
It helps to identify those risks for which specific responses are needed.
Which of the following come under the phases of risk identification and evaluation? Each correct answer represents a complete solution. Choose three.
Maintain a risk profile
When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk?
Insuring against the risk
Which of the following control audit is performed to assess the efficiency of the productivity in the operations environment?
You are the program manager for your organization and you are working with Alice, a project manager in her program. Alice calls you and insists you to add a change to program scope. You agree for that the change. What must Alice do to move forward with her change request?
Document the change request in a change request form.
Which of the following is an output of risk assessment process?
Identification of appropriate controls
Which of the following operational risks ensures that the provision of a quality product is not overshadowed by the production costs of that product?
Profitability operational risks
You are working with a vendor on your project. A stakeholder has requested a change for the project, which will add value to the project deliverables. The vendor that you're working with on the project will be affected by the change. What system can help you introduce and execute the stakeholder change request with the vendor?
Contract change control system
Which of the following will significantly affect the standard information security governance model?
Complexity of the organizational structure
You are the project manager of GHT project. During the data extraction process you evaluated the total number of transactions per year by multiplying the monthly average by twelve. This process of evaluating total number of transactions is known as?
Which of the following role carriers are responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk-aware business decisions, and setting the enterprise's risk culture? Each correct answer represents a complete solution. Choose two.
Board of directors
You are the project manager of the NNN Project. Stakeholders in the two-year project have requested to send status reports to them via. email every week. You have agreed and send reports every Thursday. After six months of the project, the stakeholders are pleased with the project progress and they would like you to reduce the status reports to every two weeks. What process will examine the change to this project process and implement it in the project?
Perform integrated change control process
You are working in Bluewell Inc. which make advertisement Websites. Someone had made unauthorized changes to a your Website. Which of the following terms refers to this type of loss?
Loss of integrity
For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"
Which of the following risks refer to probability that an actual return on an investment will be lower than the investor's expectations?
John is the project manager of the HGH Project for her company. He and his project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of response does John adopt here?
Contingent response strategy
Your project has several risks that may cause serious financial impact if they occur. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?
You are the project manager of your enterprise. While performing risk management, you are given a task to identify where your enterprise stand in certain practice and also to suggest the priorities for improvements. Which of the following models would you use to accomplish this task?
Capability maturity model
Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly. What type of risk response had been used by him?
Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events?
The events should be entered into the risk register.
Which of the following is the BEST defense against successful phishing attacks?
What are the two MAJOR factors to be considered while deciding risk appetite level? Each correct answer represents a part of the solution. Choose two.
The amount of loss the enterprise wants to accept
The capacity of the enterprise's objective to absorb loss.
Which of the following assets are the examples of intangible assets of an enterprise? Each correct answer represents a complete solution. Choose two.
Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?
Uncertainty in values such as duration of schedule activities
Which of following is NOT used for measurement of Critical Success Factors of the project?
Out of several risk responses, which of the following risk responses is used for negative risk events?
Which of the following role carriers has to account for collecting data on risk and articulating risk?
Chief risk officer (CRO)
You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
Communications Management Plan
Which of the following IS processes provide indirect information? Each correct answer represents a complete solution. Choose three.
Post-implementation reviews of program changes
Security log monitoring
Which of the following is the priority of data owners when establishing risk mitigation method?
User entitlement changes
Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?
A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?
You are the project manager of a HGT project that has recently finished the final compilation process. The project customer has signed off on the project completion and you have to do few administrative closure activities. In the project, there were several large risks that could have wrecked the project but you and your project team found some new methods to resolve the risks without affecting the project costs or project completion date. What should you do with the risk responses that you have identified during the project's monitoring and controlling process?
Include the risk responses in the organization's lessons learned database.
You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?
Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.
Which of the following is the MOST important objective of the information system control?
Business objectives are achieved and undesired risk events are detected and corrected
You are working as a project manager in Bluewell Inc.. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
Which of the following is the MOST important aspect to ensure that an accurate risk register is maintained?
Publish the risk register in a knowledge management platform with workflow features that periodically contacts and polls risk assessors to ensure accuracy of content
Which of the following should be PRIMARILY considered while designing information systems controls?
The organizational strategic plan
The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?
Risk probability-impact matrix
Which of the following is the best reason for performing risk assessment?
To determine the present state of risk
You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?