Certified in Risk and Information Systems Control, or CRISC for short, is a well-known qualification in the field of information technology. ISACA offers this certification to confirm a person’s abilities and expertise in recognizing, analyzing, managing, and decreasing various risks. It adequately prepares the employee for interactions with the organization’s regulators, stakeholders, or peers. The certification holder may effectively engage in the company’s risk management and provide the right solution for information security control thanks to his or her knowledge.

get 100% pass dumps

Question 1
Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise’s information security policy?
A. Penetration testing
B. Service level monitoring
C. Security awareness training
D. Periodic audits

Answer : D

Question 2
You are the project manager of RFT project. You have identified a risk that the enterprise’s IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk, the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?
A. Deferrals
B. Quick win
C. Business case to be made
D. Contagious risk

Answer : C

Question 3
Which of the following BEST ensures that a firewall is configured in compliance with an enterprise’s security policy?
A. Interview the firewall administrator.
B. Review the actual procedures.
C. Review the device’s log file for recent attacks.
D. Review the parameter settings.

Answer : D

Question 4
Which of following is NOT used for measurement of Critical Success Factors of the project?
A. Productivity
B. Quality
C. Quantity
D. Customer service

Answer : C

Question 5
Which of the following statements is NOT true regarding the risk management plan?
A. The risk management plan is an output of the Plan Risk Management process.
B. The risk management plan is an input to all the remaining risk-planning processes.
C. The risk management plan includes a description of the risk responses and triggers.
D. The risk management plan includes thresholds, scoring and interpretation methods, responsible parties, and budgets.

Answer : C

get 100% pass dumps

Question 6
You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?
A. Project network diagrams
B. Cause-and-effect analysis
C. Decision tree analysis
D. Delphi Technique

Answer : C

Question 7
You are the risk official of your enterprise. Your enterprise takes important decisions without considering risk credential information and is also unaware of external requirements for risk management and integration with enterprise risk management. In which of the following risk management capability maturity levels does your enterprise exists?
A. Level 1
B. Level 0
C. Level 5
D. Level 4

Answer : B

Question 8
Which of the following is the priority of data owners when establishing risk mitigation method?
A. User entitlement changes
B. Platform security
C. Intrusion detection
D. Antivirus controls

Answer : A

Question 9
What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?
A. Anti-harassment policy
B. Acceptable use policy
C. Intellectual property policy
D. Privacy policy

Answer : B

Question 10
Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just $15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?
A. Mitigation
B. Avoidance
C. Transference
D. Enhancing

Answer : A

Question 11
Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?
A. Monitor and Control Risk
B. Plan risk response
C. Identify Risks
D. Qualitative Risk Analysis

Answer : B

Question 12
Out of several risk responses, which of the following risk responses is used for negative risk events?
A. Share
B. Enhance
C. Exploit
D. Accept

Answer : D

Question 13
Which of the following risks refer to probability that an actual return on an investment will be lower than the investor’s expectations?
A. Integrity risk
B. Project ownership risk
C. Relevance risk
D. Expense risk

Answer : D

Question 14
What are the PRIMARY requirements for developing risk scenarios?
Each correct answer represents a part of the solution. Choose two.
A. Potential threats and vulnerabilities that could lead to loss events
B. Determination of the value of an asset at risk
C. Determination of actors that has potential to generate risk
D. Determination of threat type

Answer : AB

Question 15
What are the responsibilities of the CRO?
Each correct answer represents a complete solution. Choose three.
A. Managing the risk assessment process
B. Implement corrective actions
C. Advising Board of Directors
D. Managing the supporting risk management function

Answer : ABD

More Exam Dumps that Guarantees 100% Pass Your Real Exam Questions!

get 100% pass dumps

Latest SPOTO Candidates Pass Feedback

Last modified: 2021-11-17

Author

Comments

Write a Reply or Comment

Your email address will not be published.