CRISC Certified in Risk and Information Systems Control Exam Set 6

You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a server. For this assessment you need to calculate monetary value of the server. On which of the following bases do you calculate monetary value?


Options are :

  • Cost to obtain replacement (Correct)
  • Cost of software stored
  • Annual loss expectancy
  • Original cost to acquire

Answer : Cost to obtain replacement

John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?


Options are :

  • Risk Response Plan
  • Risk Management Plan
  • Project Management Plan
  • Communications Management Plan (Correct)

Answer : Communications Management Plan

Which of the following come under the management class of controls? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Risk assessment control (Correct)
  • Identification and authentication control (Correct)
  • Audit and accountability control
  • Program management control

Answer : Risk assessment control Identification and authentication control

You are the project manager of HJT project. You want to measure the operational effectiveness of risk management capabilities. Which of the following is the BEST option to measure the operational effectiveness?


Options are :

  • Key risk indicators
  • Capability maturity models
  • Key performance indicators (Correct)
  • Metric thresholds

Answer : Key performance indicators

You are the program manager for your organization and you are working with Alice, a project manager in her program. Alice calls you and insists you to add a change to program scope. You agree for that the change. What must Alice do to move forward with her change request?


Options are :

  • Add the change request to the scope and complete integrated change control
  • Document the change request in a change request form. (Correct)
  • Create a change request charter justifying the change request
  • Add the change to the program scope herself, as she is a project manager

Answer : Document the change request in a change request form.

Which of the following risk responses include feedback and guidance from well-qualified risk officials and those internal to the project?


Options are :

  • Contingent response strategy
  • Expert judgment (Correct)
  • Risk transfer
  • Risk Acceptance

Answer : Expert judgment

Which of the following parameters are considered for the selection of risk indicators? Each correct answer represents a part of the solution. Choose three.


Options are :

  • Strategy focus of the enterprise (Correct)
  • Risk appetite and risk tolerance
  • Size and complexity of the enterprise (Correct)
  • Type of market in which the enterprise operates (Correct)

Answer : Strategy focus of the enterprise Size and complexity of the enterprise Type of market in which the enterprise operates

Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?


Options are :

  • Project charter
  • Project scope statement
  • Risk register (Correct)
  • Risk low-level watch list

Answer : Risk register

You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here?


Options are :

  • Of risk identification
  • Of risk trigger
  • Of risk response
  • Of risk indicator (Correct)

Answer : Of risk indicator

What is the FIRST phase of IS monitoring and maintenance process?


Options are :

  • Identifying controls
  • Report result
  • Implement monitoring
  • Prioritizing risks (Correct)

Answer : Prioritizing risks

Which of the following controls focuses on operational efficiency in a functional area sticking to management policies?


Options are :

  • Internal accounting control
  • Administrative control (Correct)
  • Detective control
  • Operational control

Answer : Administrative control

Which is the MOST important parameter while selecting appropriate risk response?


Options are :

  • Importance of risk
  • Capability to implement response
  • Efficiency of response
  • Cost of response (Correct)

Answer : Cost of response

How are the potential choices of risk based decisions are represented in decision tree analysis?


Options are :

  • Decision node (Correct)
  • Event node
  • Root node
  • End node

Answer : Decision node

Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?


Options are :

  • Sammy is correct, because organizations can create risk scores for each objective of the project. (Correct)
  • Harry is correct, the risk probability and impact matrix is the only approach to risk assessment.
  • Sammy is correct, because she is the project manager.
  • Harry is correct, because the risk probability and impact considers all objectives of the project.

Answer : Sammy is correct, because organizations can create risk scores for each objective of the project.

You are working in an enterprise. You enterprise is willing to accept a certain amount of risk. What is this risk called?


Options are :

  • Hedging
  • Tolerance
  • Appetite (Correct)
  • Aversion

Answer : Appetite

You are preparing to complete the quantitative risk analysis process with your project team and several subject matter experts. You gather the necessary inputs including the project's cost management plan. Why is it necessary to include the project's cost management plan in the preparation for the quantitative risk analysis process?


Options are :

  • The project's cost management plan provides direction on how costs may be changed due to identified risks.
  • The project's cost management plan provides control that may help determine the structure for quantitative analysis of the budget. (Correct)
  • The project's cost management plan is not an input to the quantitative risk analysis process.
  • The project's cost management plan can help you to determine what the total cost of the project is allowed to be.

Answer : The project's cost management plan provides control that may help determine the structure for quantitative analysis of the budget.

Which of the following terms is described in the statement below? "They are the prime monitoring indicators of the enterprise, and are highly relevant and possess a high probability of predicting or indicating important risk. "


Options are :

  • Lead indicators
  • Key risk indicators (Correct)
  • Lag indicators
  • Risk indicators

Answer : Key risk indicators

Which of the following parameters would affect the prioritization of the risk responses and development of the risk response plan? Each correct answer represents a complete solution. Choose three.


Options are :

  • Cost of the response to reduce risk within tolerance levels (Correct)
  • Importance of the risk (Correct)
  • Time required to mitigate risk.
  • Effectiveness of the response (Correct)

Answer : Cost of the response to reduce risk within tolerance levels Importance of the risk Effectiveness of the response

You are the project manager of the GHY project for your company. This project has a budget of $543,000 and is expected to last 18 months. In this project, you have identified several risk events and created risk response plans. In what project management process group will you implement risk response plans?


Options are :

  • Planning
  • In any process group where the risk event resides
  • Executing
  • Monitoring and Controlling (Correct)

Answer : Monitoring and Controlling

Which of the following is NOT true for Key Risk Indicators?


Options are :

  • They help avoid having to manage and report on an excessively large number of risk indicators
  • They are selected as the prime monitoring indicators for the enterprise
  • The complete set of KRIs should also balance indicators for risk, root causes and business impact.
  • They are monitored annually (Correct)

Answer : They are monitored annually

You are the project manager of HJT project. Important confidential files of your project are stored on a computer. Keeping the unauthorized access of this computer in mind, you have placed a hidden CCTV in the room, even on having protection password. Which kind of control CCTV is?


Options are :

  • Technical control
  • Management control
  • Administrative control
  • Physical control (Correct)

Answer : Physical control

Which of the following is the final step in the policy development process?


Options are :

  • Management approval
  • Communication to employees
  • Maintenance and review (Correct)
  • Continued awareness activities

Answer : Maintenance and review

During which of the following processes, probability and impact matrix are prepared?


Options are :

  • Quantitative risk assessment
  • Qualitative risk assessment
  • Monitoring and Control Risk (Correct)
  • Risk response

Answer : Monitoring and Control Risk

You are the project manager of your enterprise. You have identified several risks. Which of the following responses to risk is considered the MOST appropriate?


Options are :

  • Insuring
  • Accepting
  • Any of the above (Correct)
  • Avoiding

Answer : Any of the above

You are the project manager in your enterprise. You have identified occurrence of risk event in your enterprise. You have pre-planned risk responses. You have monitored the risks that had occurred. What is the immediate step after this monitoring process that has to be followed in response to risk events?


Options are :

  • Initiate incident response (Correct)
  • Update the risk register
  • Communicate lessons learned from risk events
  • Eliminate the risk completely

Answer : Initiate incident response

You have been assigned as the Project Manager for a new project that involves building of a new roadway between the city airport to a designated point within the city. However, you notice that the transportation permit issuing authority is taking longer than the planned time to issue the permit to begin construction. What would you classify this as?


Options are :

  • Project Risk
  • Status Update
  • Risk Update
  • Project Issue (Correct)

Answer : Project Issue

What are the key control activities to be done to ensure business alignment? Each correct answer represents a part of the solution. Choose two.


Options are :

  • Establish an independent test task force that keeps track of all events
  • Periodically identify critical data that affect business operations (Correct)
  • Define the business requirements for the management of data by IT (Correct)
  • Conduct IT continuity tests on a regular basis or when there are major changes in the IT infrastructure

Answer : Periodically identify critical data that affect business operations Define the business requirements for the management of data by IT

You are the project manager for your organization to install new workstations, servers, and cabling throughout a new building, where your company will be moving into. The vendor for the project informs you that the cost of the cabling has increased due to the some reason. This new cost will cause the cost of your project to increase by nearly eight percent. What change control system should the costs be entered into for review?


Options are :

  • Only changes to the project scope should pass through a change control system.
  • Contract change control system
  • Cost change control system (Correct)
  • Scope change control system

Answer : Cost change control system

Which of the following is NOT true for effective risk communication?


Options are :

  • Use of technical terms of risk (Correct)
  • For each risk, critical moments exist between its origination and its potential business consequence
  • Any communication on risk must be relevant
  • Risk information must be known and understood by all stakeholders.

Answer : Use of technical terms of risk

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?


Options are :

  • Lessons learned documentation
  • Risk management plan
  • Risk register (Correct)
  • Stakeholder management strategy

Answer : Risk register

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions