CRISC exam

Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?A . In order to avoid riskB . Complex metrics require fine-tuningC . Risk reports need to be timelyD . Threats and vulnerabilities change over timeView AnswerAnswer: D Explanation: Threats and vulnerabilities change over time and...

Which of the following do NOT indirect information?A . Information about the propriety of cutoffB . Reports that show orders that were rejected for credit limitations.C . Reports that provide information about any unusual deviations and individual product margins.D . The lack of any significant differences between perpetual levels and...

What are the PRIMARY requirements for developing risk scenarios? Each correct answer represents a part of the solution. Choose two.A . Potential threats and vulnerabilities that could lead to loss eventsB . Determination of the value of an asset at riskC . Determination of actors that has potential to generate...

Your project team has completed the quantitative risk analysis for your project work. Based on their findings, they need to update the risk register with several pieces of information. Which one of the following components is likely to be updated in the risk register based on their analysis?A . Listing...

Which of the following is the MOST effective method for indicating that the risk level is approaching a high or unacceptable level of risk?A . Risk registerB . Cause and effect diagramC . Risk indicatorD . Return on investmentView AnswerAnswer: C Explanation: Risk indicators are metrics used to indicate risk...

Mary is a project manager in her organization. On her current project she is working with her project team and other key stakeholders to identify the risks within the project. She is currently aiming to create a comprehensive list of project risks so she is using a facilitator to help...

Which of the following is the MOST important objective of the information system control?A . Business objectives are achieved and undesired risk events are detected and correctedB . Ensuring effective and efficient operationsC . Developing business continuity and disaster recovery plansD . Safeguarding assetsView AnswerAnswer: A Explanation: The basic purpose...

Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?A . Monitor and Control RiskB . Plan risk responseC . Identify RisksD . Qualitative Risk AnalysisView AnswerAnswer: B Explanation: The plan risk response project...

Which of the following components of risk scenarios has the potential to generate internal or external threat on an enterprise?A . Timing dimensionB . EventsC . AssetsD . ActorsView AnswerAnswer: D Explanation: Components of risk scenario that are needed for its analysis are: - Actor: Actors are those components of...

Which of the following statements are true for enterprise's risk management capability maturity level 3?A . Workflow tools are used to accelerate risk issues and track decisionsB . The business knows how IT fits in the enterprise risk universe and the risk portfolio viewC . The enterprise formally requires continuous...