CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CRISC—Certified in Risk and Information Systems Control Certification Questions and answer - Part 19
1. When it appears that a project risk is going to happen, what is this term called?
A) Issue
B) Contingency response
C) Trigger
D) Threshold
2. You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. Which of the following inputs will be needed for the qualitative risk analysis process in your project?Each correct answer represents a complete solution. Choose all that apply.(Select 3answers)
A) Project scope statement
B) Cost management plan
C) Risk register
D) Organizational process assets
3. Which of the following will significantly affect the standard information security governance model?
A) Currency with changing legislative requirements
B) Number of employees
C) Complexity of the organizational structure
D) Cultural differences between physical locations
4. You are the risk professional in Bluewell Inc. You have identified a risk and want to implement a specific risk mitigation activity. What you should PRIMARILY utilize?
A) Vulnerability assessment report
B) Business case
C) Technical evaluation report
D) Budgetary requirements
5. You are the project manager of the AFD project for your company. You are working with the project team to reassess existing risk events and to identify risk events that have not happened and whose relevancy to the project has passed. What should you do with these events that have not happened and would not happen now in the project?
A) Add the risk to the issues log
B) Close the outdated risks
C) Add the risks to the risk register
D) Add the risks to a low-priority watch-list
A) Issue
B) Contingency response
C) Trigger
D) Threshold
2. You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. Which of the following inputs will be needed for the qualitative risk analysis process in your project?Each correct answer represents a complete solution. Choose all that apply.(Select 3answers)
A) Project scope statement
B) Cost management plan
C) Risk register
D) Organizational process assets
3. Which of the following will significantly affect the standard information security governance model?
A) Currency with changing legislative requirements
B) Number of employees
C) Complexity of the organizational structure
D) Cultural differences between physical locations
4. You are the risk professional in Bluewell Inc. You have identified a risk and want to implement a specific risk mitigation activity. What you should PRIMARILY utilize?
A) Vulnerability assessment report
B) Business case
C) Technical evaluation report
D) Budgetary requirements
5. You are the project manager of the AFD project for your company. You are working with the project team to reassess existing risk events and to identify risk events that have not happened and whose relevancy to the project has passed. What should you do with these events that have not happened and would not happen now in the project?
A) Add the risk to the issues log
B) Close the outdated risks
C) Add the risks to the risk register
D) Add the risks to a low-priority watch-list
1. Right Answer: C
Explanation: A trigger is a warning sign or a condition that a risk event is likely to occur within the project.Incorrect Answers:A: Issues are events that come about as a result of risk events. Risks become issues only after they have actually occurred.B: A contingency response is a pre-planned response for a risk event, such as a rollback plan.D: A threshold is a limit that the risk passes to actually become an issue in the project.
2. Right Answer: A,C,D
Explanation: The primary goal of qualitative risk analysis is to determine proportion of effect and theoretical response. The inputs to the Qualitative Risk Analysis process are: Organizational process assets Project Scope Statement Risk Management PlanRisk Register -Incorrect Answers:B: The cost management plan is the input to the perform quantitative risk analysis process.
3. Right Answer: C
Explanation: Complexity of the organizational structure will have the most significant impact on the Information security governance model. Some of the elements that impact organizational structure are multiple business units and functions across the organization.Incorrect Answers:A: Currency with changing legislative requirements should not have major impact once good governance models are placed, hence, governance will help in effective management of the organization's ongoing compliance.B, D: The numbers of employees and the distance between physical locations have less impact onInformation security models as well-defined process, technology and people components together provide the proper governance.
4. Right Answer: B
Explanation: As business case includes business need (like new product, change in process, compliance need, etc.) and the requirements of the enterprise (new technology, cost, etc.), risk professional should utilize this for implementing specific risk mitigation activity. Risk professional must look at the costs of the various controls and compare them against the benefits that the organization will receive from the risk response. Hence he/she needs to have knowledge of business case development to illustrate the costs and benefits of the risk response.Incorrect Answers:A, C, D: These all options are supplemental.
5. Right Answer: B
Explanation: Risks that are now outdated should be closed by the project manager, there is no need to keep record of that.Incorrect Answers:A: Risks do not go into the issue log, but the risk register.C: Identified risks are already in the risk register.D: Risks with low probability and low impact go on the risk watchlist.
Explanation: A trigger is a warning sign or a condition that a risk event is likely to occur within the project.Incorrect Answers:A: Issues are events that come about as a result of risk events. Risks become issues only after they have actually occurred.B: A contingency response is a pre-planned response for a risk event, such as a rollback plan.D: A threshold is a limit that the risk passes to actually become an issue in the project.
2. Right Answer: A,C,D
Explanation: The primary goal of qualitative risk analysis is to determine proportion of effect and theoretical response. The inputs to the Qualitative Risk Analysis process are: Organizational process assets Project Scope Statement Risk Management PlanRisk Register -Incorrect Answers:B: The cost management plan is the input to the perform quantitative risk analysis process.
3. Right Answer: C
Explanation: Complexity of the organizational structure will have the most significant impact on the Information security governance model. Some of the elements that impact organizational structure are multiple business units and functions across the organization.Incorrect Answers:A: Currency with changing legislative requirements should not have major impact once good governance models are placed, hence, governance will help in effective management of the organization's ongoing compliance.B, D: The numbers of employees and the distance between physical locations have less impact onInformation security models as well-defined process, technology and people components together provide the proper governance.
4. Right Answer: B
Explanation: As business case includes business need (like new product, change in process, compliance need, etc.) and the requirements of the enterprise (new technology, cost, etc.), risk professional should utilize this for implementing specific risk mitigation activity. Risk professional must look at the costs of the various controls and compare them against the benefits that the organization will receive from the risk response. Hence he/she needs to have knowledge of business case development to illustrate the costs and benefits of the risk response.Incorrect Answers:A, C, D: These all options are supplemental.
5. Right Answer: B
Explanation: Risks that are now outdated should be closed by the project manager, there is no need to keep record of that.Incorrect Answers:A: Risks do not go into the issue log, but the risk register.C: Identified risks are already in the risk register.D: Risks with low probability and low impact go on the risk watchlist.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment