Download ISACA.CRISC.PracticeTest.2019-01-24.251q.tqb

Download Exam

File Info

Exam Certified in Risk and Information Systems Control
Number CRISC
File Name ISACA.CRISC.PracticeTest.2019-01-24.251q.tqb
Size 1 MB
Posted Jan 24, 2019
Download ISACA.CRISC.PracticeTest.2019-01-24.251q.tqb

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?


  1. risk avoidance
  2. risk treatment
  3. risk acceptance
  4. risk transfer
Correct answer: A
Explanation:
Each business process involves inherent risk. Not engaging in any activity avoids the inherent risk associated with the activity. Hence this demonstrates risk avoidance. Incorrect Answers:B: Risk treatment means that action is taken to reduce the frequency and impact of a risk.C: Acceptance means that no action is taken relative to a particular risk, and loss is accepted when/if it occurs. This is different from being ignorant of risk; accepting risk assumes that the risk is known, i.e., an informed decision has been made by management to accept it as such.D: Risk transfer/sharing means reducing either risk frequency or impact by transferring or otherwise sharing a portion of the risk. Common techniques include insurance and outsourcing. These techniques do not relieve an enterprise of a risk, but can involve the skills of another party in managing the risk and reducing the financial consequence if an adverse event occurs.
Each business process involves inherent risk. Not engaging in any activity avoids the inherent risk associated with the activity. Hence this demonstrates risk avoidance. 
Incorrect Answers:
B: Risk treatment means that action is taken to reduce the frequency and impact of a risk.
C: Acceptance means that no action is taken relative to a particular risk, and loss is accepted when/if it occurs. This is different from being ignorant of risk; accepting risk assumes that the risk is known, i.e., an informed decision has been made by management to accept it as such.
D: Risk transfer/sharing means reducing either risk frequency or impact by transferring or otherwise sharing a portion of the risk. Common techniques include insurance and outsourcing. These techniques do not relieve an enterprise of a risk, but can involve the skills of another party in managing the risk and reducing the financial consequence if an adverse event occurs.



Question 2

Which of the following are risk components of the COSO ERM framework? 
Each correct answer represents a complete solution. Choose three.


  1. Risk response
  2. Internal environment
  3. Business continuity
  4. Control activities
Correct answer: ABD
Explanation:
The risk components defined by the COSO ERM are internal environment, objective settings, event identification, risk assessment, risk response, control objectives, information and communication, and monitoring. Incorrect Answers:C: Business continuity is not considered as risk component within the ERM framework.
The risk components defined by the COSO ERM are internal environment, objective settings, event identification, risk assessment, risk response, control objectives, information and communication, and monitoring. 
Incorrect Answers:
C: Business continuity is not considered as risk component within the ERM framework.



Question 3

Your project team has completed the quantitative risk analysis for your project work. Based on their findings, they need to update the risk register with several pieces of information. Which one of the following components is likely to be updated in the risk register based on their analysis?


  1. Listing of risk responses
  2. Risk ranking matrix
  3. Listing of prioritized risks
  4. Qualitative analysis outcomes
Correct answer: C
Explanation:
The outcome of quantitative analysis can create a listing of prioritized risks that should be updated in the risk register. The project team will create and update the risk register with four key components:probabilistic analysis of the project probability of achieving time and cost objectives list of quantified risks trends in quantitative risk analysis Incorrect Answers:A, B, D: These subjects are not updated in the risk register as a result of quantitative risk analysis.
The outcome of quantitative analysis can create a listing of prioritized risks that should be updated in the risk register. The project team will create and update the risk register with four key components:
  • probabilistic analysis of the project 
  • probability of achieving time and cost objectives 
  • list of quantified risks 
  • trends in quantitative risk analysis 
Incorrect Answers:
A, B, D: These subjects are not updated in the risk register as a result of quantitative risk analysis.









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files