Category «CRISC»

Exam CRISC: Certified in Risk and Information Systems Control

Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?

Which of the following is the MOST important reason to maintain key risk indicators (KRIs)? A.In order to avoid risk B.Complex metrics require fine-tuning C.Risk reports need to be timely D.Threats and vulnerabilities change over time Explanation: Threats and vulnerabilities change over time and KRI maintenance ensures that KRIs continue toeffectively capture these changes.The risk …

What should you do with the risk responses that you have identified during the project’s monitoring and

You are the project manager of a HGT project that has recently finished the final compilationprocess. The project customer has signed off on the project completion and you have to do fewadministrative closure activities. In the project, there were several large risks that could havewrecked the project but you and your project team found some …

What Risk Priority Number (RPN) you would give to it?

You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has arating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk PriorityNumber (RPN) you would give to it? A.120 B.100 C.15 D.30 Explanation: Steps involving in calculating risk priority number are as follows:Identify potential …

Which of the following is the MOST important use of KRIs?

Which of the following is the MOST important use of KRIs? A.Providing a backward-looking view on risk events that have occurred B.Providing an early warning signal C.Providing an indication of the enterprise’s risk appetite and tolerance D.Enabling the documentation and analysis of trends Explanation: Key Risk Indicators are the prime monitoring indicators of the enterprise. …

Which of the following role carriers will decide the Key Risk Indicator of the enterprise?

Which of the following role carriers will decide the Key Risk Indicator of the enterprise?Each correct answer represents a part of the solution. Choose two. A.Business leaders B.Senior management C.Human resource D.Chief financial officer Explanation: An enterprise may have hundreds of risk indicators such as logs, alarms and reports. The CRISCwill usually need to work …

What are the requirements for creating risk scenarios?

What are the requirements for creating risk scenarios? Each correct answer represents a part ofthe solution. Choose three. A.Determination of cause and effect B.Determination of the value of business process at risk C.Potential threats and vulnerabilities that could cause loss D.Determination of the value of an asset Explanation: Creating a scenario requires determination of the …

Which project management plan will define who will be available to share information on the project risks?

You work as the project manager for Bluewell Inc. Your project has several risks that will affectseveral stakeholder requirements. Which project management plan will define who will beavailable to share information on the project risks? A.Resource Management Plan B.Risk Management Plan C.Stakeholder management strategy D.Communications Management Plan Explanation: The Communications Management Plan defines, in regard …

Which of the following controls is an example of non-technical controls?

Which of the following controls is an example of non-technical controls? A.Access control B.Physical security C.Intrusion detection system D.Encryption Explanation: Physical security is an example of non-technical control. It comes under the family of operationalcontrols.the safeguards that are incorporated into computer hardware, software or firmware, hence theyrefer to as technical controls. Show Answer