ISACA-CRISC

Isaca's CRISC You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?

Isaca's CRISC Which among the following acts as a trigger for risk response process?

Isaca's CRISC Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?

Isaca's CRISC Which of the following statements are true for enterprise's risk management capability maturity level 3?

Isaca's CRISC You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk, the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?

Isaca's CRISC You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?

Isaca's CRISC What is the MAIN purpose of designing risk management programs?

Isaca's CRISC Out of several risk responses, which of the following risk responses is used for negative risk events?

Isaca's CRISC Which of the following is the MOST critical security consideration when an enterprise outsource is major part of IT department to a third party whose servers are in foreign company?

Isaca's CRISC Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization.Which of the following assessment are you doing?

Isaca's CRISC You are the project manager of the PFO project. You are working with your project team members and two subject matter experts to assess the identified risk events in the project. Which of the following approaches is the best to assess the risk events in the project?

Isaca's CRISC You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?

Isaca's CRISC Which of the following are true for threats?Each correct answer represents a complete solution. (Choose three.) E. They will arise and stay in place until they are properly dealt.

Isaca's CRISC You are the project manager of GHT project. You have analyzed the risk and applied appropriate controls. In turn, you got residual risk as a result of this. Residual risk can be used to determine which of the following?

Isaca's CRISC Which of the following will significantly affect the standard information security governance model?

Isaca's CRISC What activity should be done for effective post-implementation reviews during the project?

Isaca's CRISC Which of the following is the best reason for performing risk assessment?

Isaca's CRISC What are the PRIMARY objectives of a control?

Isaca's CRISC Sensitive data has been lost after an employee inadvertently removed a file from the premises, in violation of organizational policy. Which of the following controlsMOST likely failed?

Isaca's CRISC You are the project manager of the GHY project for your company. This project has a budget of $543,000 and is expected to last 18 months. In this project, you have identified several risk events and created risk response plans. In what project management process group will you implement risk response plans?

Isaca's CRISC You are the project manager of GRT project. You discovered that by bringing on more qualified resources or by providing even better quality than originally planned, could result in reducing the amount of time required to complete the project. If your organization seizes this opportunity, it would be an example of what risk response?

Isaca's CRISC Your project has several risks that may cause serious financial impact if they occur. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

Isaca's CRISC What is the FIRST phase of IS monitoring and maintenance process?

Isaca's CRISC You are working in an enterprise. Assuming that your enterprise periodically compares finished goods inventory levels to the perpetual inventories in its ERP system. What kind of information is being provided by the lack of any significant differences between perpetual levels and actual levels?

Isaca's CRISC You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a server. For this assessment you need to calculate monetary value of the server. On which of the following bases do you calculate monetary value?

Isaca's CRISC You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project?

Isaca's CRISC You are the project manager of GHT project. You have identified a risk event on your current project that could save $670,000 in project costs if it occurs. Your organization is considering hiring a vendor to help establish proper project management techniques in order to assure it realizes these savings. Which of the following statements is TRUE for this risk event?

Isaca's CRISC Which of the following role carriers has to account for collecting data on risk and articulating risk?

Isaca's CRISC You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

Isaca's CRISC Which is the MOST important parameter while selecting appropriate risk response?