CRISC Certified in Risk and Information Systems Control Exam Set 5

When does the Identify Risks process take place in a project?


Options are :

  • Throughout the project life-cycle. (Correct)
  • At the Executing stage.
  • At the Initiating stage.
  • At the Planning stage.

Answer : Throughout the project life-cycle.

Which of the following statements is true for risk analysis?


Options are :

  • Risk analysis should assume an equal degree of protection for all assets.
  • Risk analysis should give more weight to the likelihood than the size of loss.
  • Risk analysis should limit the scope to a benchmark of similar companies
  • Risk analysis should address the potential size and likelihood of loss (Correct)

Answer : Risk analysis should address the potential size and likelihood of loss

You are the risk professional of your enterprise. Your enterprise has introduced new systems in many departments. The business requirements that were to be addressed by the new system are still unfulfilled, and the process has been a waste of resources. Even if the system is implemented, it will most likely be underutilized and not maintained making it obsolete in a short period of time. What kind of risk is it?


Options are :

  • Inherent risk
  • Business risk (Correct)
  • Project risk
  • Residual risk

Answer : Business risk

Malicious code protection is which type control?


Options are :

  • Media protection control
  • Personal security control
  • Configuration management control
  • System and information integrity control (Correct)

Answer : System and information integrity control

You are the project manager of GHT project. A stakeholder of this project requested a change request in this project. What are your responsibilities as the project manager that you should do in order to approve this change request? Each correct answer represents a complete solution. Choose two.


Options are :

  • Evaluate the change request on behalf of the sponsor
  • Judge the impact of each change request on project activities, schedule and budget. (Correct)
  • Formally accept the updated project plan
  • Archive copies of all change requests in the project file. (Correct)

Answer : Judge the impact of each change request on project activities, schedule and budget. Archive copies of all change requests in the project file.

Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?


Options are :

  • Cost change control system
  • Configuration management system (Correct)
  • Scope change control system
  • Integrated change control

Answer : Configuration management system

A teaming agreement is an example of what type of risk response?


Options are :

  • Share (Correct)
  • Acceptance
  • Mitigation
  • Transfer

Answer : Share

Natural disaster is BEST associated to which of the following types of risk?


Options are :

  • Large impact
  • Long-term
  • Short-term
  • Discontinuous (Correct)

Answer : Discontinuous

Which of the following are the responsibilities of Enterprise risk committee? Each correct answer represents a complete solution. Choose three.


Options are :

  • Articulate risk (Correct)
  • Risk aware decision (Correct)
  • React to risk events
  • Analyze risk (Correct)

Answer : Articulate risk Risk aware decision Analyze risk

You are the project manager of the GHT project. You are accessing data for further analysis. You have chosen such a data extraction method in which management monitors its own controls. Which of the following data extraction methods you are using here?


Options are :

  • Extracting data from risk register
  • Extracting data from the system custodian (IT) after system owner approval
  • Extracting data from lesson learned register
  • Extracting data directly from the source systems after system owner approval (Correct)

Answer : Extracting data directly from the source systems after system owner approval

David is the project manager of HRC project. He concluded while HRC project is in process that if he adopts e-commerce, his project can be more fruitful. But he did not engaged in electronic commerce (e-commerce) so that he would escape from risk associated with that line of business. What type of risk response had he adopted?


Options are :

  • Enhance
  • Exploit
  • Acceptance
  • Avoidance (Correct)

Answer : Avoidance

Which of the following is a performance measure that is used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments?


Options are :

  • Redundant Array of Inexpensive Disks
  • Total Cost of Ownership
  • Return On Security Investment
  • Return On Investment (Correct)

Answer : Return On Investment

Qualitative risk assessment uses which of the following terms for evaluating risk level? Each correct answer represents a part of the solution. Choose two.


Options are :

  • Impact (Correct)
  • Single loss expectancy
  • Probability (Correct)
  • Annual rate of occurrence

Answer : Impact Probability

Which of the following serve as the authorization for a project to begin?


Options are :

  • Approval of a project request document (Correct)
  • Approval of a risk response document
  • Approval of risk management document
  • Approval of project management plan

Answer : Approval of a project request document

In the project initiation phase of System Development Life Cycle, there is information on project initiated by which of the following role carriers?


Options are :

  • Business management
  • CRO
  • CIO
  • Sponsor (Correct)

Answer : Sponsor

In which of the following risk management capability maturity levels does the enterprise takes major business decisions considering the probability of loss and the probability of reward? Each correct answer represents a complete solution. Choose two.


Options are :

  • Level 2
  • Level 4 (Correct)
  • Level 5 (Correct)
  • Level 0

Answer : Level 4 Level 5

Henry is the project sponsor of the JQ Project and Nancy is the project manager. Henry has asked Nancy to start the risk identification process for the project, but Nancy insists that the project team be involved in the process. Why should the project team be involved in the risk identification?


Options are :

  • So that the project manager can identify the risk owners for the risks within the project and the needed risk responses.
  • So that the project team can develop a sense of ownership for the risks and associated risk responsibilities. (Correct)
  • So that the project team and the project manager can work together to assign risk ownership.
  • So that the project manager isn't the only person identifying the risk events within the project.

Answer : So that the project team can develop a sense of ownership for the risks and associated risk responsibilities.

Which of the following role carriers has to account for collecting data on risk and articulating risk?


Options are :

  • Business process owner
  • Enterprise risk committee
  • Chief information officer (CIO)
  • Chief risk officer (CRO) (Correct)

Answer : Chief risk officer (CRO)

Which of the following is the MOST important aspect to ensure that an accurate risk register is maintained?


Options are :

  • Monitor key risk indicators, and record the findings in the risk register
  • Perform regular audits by audit personnel and maintain risk register
  • Publish the risk register in a knowledge management platform with workflow features that periodically contacts and polls risk assessors to ensure accuracy of content (Correct)
  • Submit the risk register to business process owners for review and updating

Answer : Publish the risk register in a knowledge management platform with workflow features that periodically contacts and polls risk assessors to ensure accuracy of content

Which of the following comes under phases of risk management?


Options are :

  • Identify risk (Correct)
  • Prioritization of risk (Correct)
  • Monitoring risk (Correct)
  • Assessing risk (Correct)

Answer : Identify risk Prioritization of risk Monitoring risk Assessing risk

Which of the following is the way to verify control effectiveness?


Options are :

  • The test results of intended objectives. (Correct)
  • Its reliability
  • Whether it is preventive or detective.
  • The capability of providing notification of failure.

Answer : The test results of intended objectives.

Which of the following test is BEST to map for confirming the effectiveness of the system access management process?


Options are :

  • access requests to user accounts.
  • the vendor database to user accounts.
  • user accounts to human resources (HR) records.
  • user accounts to access requests. (Correct)

Answer : user accounts to access requests.

You are the project manager for GHT project. You need to perform the Qualitative risk analysis process. When you have completed this process, you will produce all of the following as part of the risk register update output except which one?


Options are :

  • Risks grouped by categories
  • Watch list of low-priority risks
  • Priority list of risks
  • Probability of achieving time and cost estimates (Correct)

Answer : Probability of achieving time and cost estimates

Which of the following business requirements MOST relates to the need for resilient business and information systems processes?


Options are :

  • Availability (Correct)
  • Confidentiality
  • Effectiveness
  • Integrity

Answer : Availability

You are the risk official at Bluewell Inc. There are some risks that are posing threat on your enterprise. You are measuring exposure of those risk factors, which has the highest potential, by examining the extent to which the uncertainty of each element affects the object under consideration when all other uncertain elements are held at their baseline values. Which type of analysis you are performing?


Options are :

  • Cause-and-effect analysis
  • Scenario analysis
  • Sensitivity analysis (Correct)
  • Fault tree analysis

Answer : Sensitivity analysis

You are the project manager for BlueWell Inc. Your current project is a high priority and high profile project within your organization. You want to identify the project stakeholders that will have the most power in relation to their interest on your project. This will help you plan for project risks, stakeholder management, and ongoing communication with the key stakeholders in your project. In this process of stakeholder analysis, what type of a grid or model should you create based on these conditions?


Options are :

  • Stakeholder register
  • Stakeholder power/interest grid (Correct)
  • Influence/impact grid
  • Salience model

Answer : Stakeholder power/interest grid

Which of the following interpersonal skills has been identified as one of the biggest reasons for project success or failure?


Options are :

  • Influencing
  • Communication (Correct)
  • Motivation
  • Political and cultural awareness

Answer : Communication

Which of the following assets are the examples of intangible assets of an enterprise? Each correct answer represents a complete solution. Choose two.


Options are :

  • People
  • Infrastructure
  • Customer trust (Correct)
  • Information (Correct)

Answer : Customer trust Information

You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project?


Options are :

  • Acquire software
  • Plan project management
  • Define requirements of project
  • Conduct a feasibility study (Correct)

Answer : Conduct a feasibility study

In which of the following risk management capability maturity levels risk appetite and tolerance are applied only during episodic risk assessments?


Options are :

  • Level 1 (Correct)
  • Level 4
  • Level 2
  • Level 3

Answer : Level 1

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions