CRISC exam

Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?A . Business Continuity StrategyB . Index of Disaster-Relevant InformationC . Disaster Invocation GuidelineD . Availability/ ITSCM/ Security Testing ScheduleView AnswerAnswer: A Explanation: The Business Continuity Strategy is an...

Which of the following processes is described in the statement below? "It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."A . Risk governanceB . Risk identificationC . Risk response planningD . Risk communicationView AnswerAnswer: D Explanation: Risk communication is the...

Which of the following is the MOST effective inhibitor of relevant and efficient communication?A . A false sense of confidence at the top on the degree of actual exposure related to IT and lack of a well-understood direction for risk management from the top downB . The perception that the...

Mary is a project manager in her organization. On her current project she is working with her project team and other key stakeholders to identify the risks within the project. She is currently aiming to create a comprehensive list of project risks so she is using a facilitator to help...

Which among the following acts as a trigger for risk response process?A . Risk level increases above risk appetiteB . Risk level increase above risk toleranceC . Risk level equates risk appetiteD . Risk level equates the risk toleranceView AnswerAnswer: B Explanation: The risk response process is triggered when a...

What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?A . Anti-harassment policyB . Acceptable use policyC . Intellectual property policyD . Privacy policyView AnswerAnswer: B Explanation: An acceptable use policy is a set of rules applied by the owner/manager of...

Which of the following statements are true for enterprise's risk management capability maturity level 3?A . Workflow tools are used to accelerate risk issues and track decisionsB . The business knows how IT fits in the enterprise risk universe and the risk portfolio viewC . The enterprise formally requires continuous...

There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to quantitative risk analysis process?A . Risk management planB . Enterprise environmental factorsC . Cost management planD . Risk registerView AnswerAnswer: B Explanation: Enterprise environmental factor is not an input to...

Which of the following controls is an example of non-technical controls?A . Access controlB . Physical securityC . Intrusion detection systemD . EncryptionView AnswerAnswer: B Explanation: Physical security is an example of non-technical control. It comes under the family of operational controls. Incorrect Answers: A, C, D: Intrusion detection system,...

The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?A . Trends in qualitative risk analysisB . Risk probability-impact matrixC . Risks grouped...