CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CRISC—Certified in Risk and Information Systems Control Certification Questions and answer - Part 24
1. Which of the following is the BEST way of managing risk inherent to wireless network?
A) Enabling auditing on every host that connects to a wireless network
B) Require private, key-based encryption to connect to the wireless network
C) Require that the every host that connect to this network have a well-tested recovery plan
D) Enable auditing on every connection to the wireless network
2. You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project?
A) Conduct a feasibility study
B) Acquire software
C) Define requirements of project
D) Plan project management
3. John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?
A) Risk Response Plan
B) Communications Management Plan
C) Project Management Plan
D) Risk Management Plan
4. Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology.Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?
A) Project scope statement
B) Project charter
C) Risk low-level watch list
D) Risk register
5. You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?
A) Monitoring and recording unsuccessful logon attempts
B) Forcing periodic password changes
C) Using a challenge response system
D) Providing access on a need-to-know basis
A) Enabling auditing on every host that connects to a wireless network
B) Require private, key-based encryption to connect to the wireless network
C) Require that the every host that connect to this network have a well-tested recovery plan
D) Enable auditing on every connection to the wireless network
2. You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project?
A) Conduct a feasibility study
B) Acquire software
C) Define requirements of project
D) Plan project management
3. John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?
A) Risk Response Plan
B) Communications Management Plan
C) Project Management Plan
D) Risk Management Plan
4. Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology.Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?
A) Project scope statement
B) Project charter
C) Risk low-level watch list
D) Risk register
5. You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?
A) Monitoring and recording unsuccessful logon attempts
B) Forcing periodic password changes
C) Using a challenge response system
D) Providing access on a need-to-know basis
1. Right Answer: B
Explanation: As preventive control and prevention is preferred over detection and recovery, therefore, private and key-based encryption should be adopted for managing risks.Incorrect Answers:A, C, D: As explained in above section preventive control and prevention is preferred over detection and recovery, hence these are less preferred way.
2. Right Answer: A
Explanation: Conducting a feasibility study begins once initial approval has been given to move forward with a project. It includes an analysis to clearly define the need and to identify alternatives for addressing the need.Incorrect Answers:B: Acquiring software involves building new or modifying existing hardware or software after final approval by the stakeholder, which is not a phase in the standardSDLC process. If a decision was reached to acquire rather than develop software, this task should occur after feasibility study and defining requirements.C: Requirements of the project is being defined after conducting feasibility study.D: This is latter phase in project development process.
3. Right Answer: B
Explanation: The Communications Management Plan will direct John on the information to be communicated, when to communicate, and how to communicate with external stakeholders.The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. TheCommunications Management Plan sets the communication structure for the project. This structure provides guidance for communication throughout the project's life and is updated as communication needs change. The Communication Managements Plan identifies and defines the roles of persons concerned with the project. It includes a matrix known as the communication matrix to map the communication requirements of the project.Incorrect Answers:A: The Risk Response Plan identifies how risks will be responded to.C: The Project Management Plan is the parent of all subsidiary management plans and it is not the most accurate choice for this questionD: The Risk Management Plan defines how risks will be identified, analyzed, responded to, and controlled throughout the project.
4. Right Answer: D
Explanation: A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains: A description of the risk The impact should this event actually occur The probability of its occurrence Risk Score (the multiplication of Probability and Impact) A summary of the planned response should the event occur A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event) Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved. It records the initial risks, the potential responses, and tracks the status of each identified risk in the project.Incorrect Answers:A: The project scope statement does document initially defined risks but it is not a place that will record risks responses and status of risks.B: The project charter does not define risks.C: The risk low-level watch list is for identified risks that have low impact and low probability in the project.
5. Right Answer: D
Explanation: Physical or logical system access should be assigned on a need-to-know basis, where there is a legitimate business requirement based on least privilege and segregation of duties. This is done by user authentication.Incorrect Answers:A: Monitoring and recording unsuccessful logon attempts does not address the risk of appropriate access rights. In other words, it does not prevent unauthorized access.B: Forcing users to change their passwords does not ensure that access control is appropriately assigned.C: Challenge response system is used to verify the user's identification but does not completely address the issue of access risk if access was not appropriately designed in the first place.
Explanation: As preventive control and prevention is preferred over detection and recovery, therefore, private and key-based encryption should be adopted for managing risks.Incorrect Answers:A, C, D: As explained in above section preventive control and prevention is preferred over detection and recovery, hence these are less preferred way.
2. Right Answer: A
Explanation: Conducting a feasibility study begins once initial approval has been given to move forward with a project. It includes an analysis to clearly define the need and to identify alternatives for addressing the need.Incorrect Answers:B: Acquiring software involves building new or modifying existing hardware or software after final approval by the stakeholder, which is not a phase in the standardSDLC process. If a decision was reached to acquire rather than develop software, this task should occur after feasibility study and defining requirements.C: Requirements of the project is being defined after conducting feasibility study.D: This is latter phase in project development process.
3. Right Answer: B
Explanation: The Communications Management Plan will direct John on the information to be communicated, when to communicate, and how to communicate with external stakeholders.The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. TheCommunications Management Plan sets the communication structure for the project. This structure provides guidance for communication throughout the project's life and is updated as communication needs change. The Communication Managements Plan identifies and defines the roles of persons concerned with the project. It includes a matrix known as the communication matrix to map the communication requirements of the project.Incorrect Answers:A: The Risk Response Plan identifies how risks will be responded to.C: The Project Management Plan is the parent of all subsidiary management plans and it is not the most accurate choice for this questionD: The Risk Management Plan defines how risks will be identified, analyzed, responded to, and controlled throughout the project.
4. Right Answer: D
Explanation: A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains: A description of the risk The impact should this event actually occur The probability of its occurrence Risk Score (the multiplication of Probability and Impact) A summary of the planned response should the event occur A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event) Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved. It records the initial risks, the potential responses, and tracks the status of each identified risk in the project.Incorrect Answers:A: The project scope statement does document initially defined risks but it is not a place that will record risks responses and status of risks.B: The project charter does not define risks.C: The risk low-level watch list is for identified risks that have low impact and low probability in the project.
5. Right Answer: D
Explanation: Physical or logical system access should be assigned on a need-to-know basis, where there is a legitimate business requirement based on least privilege and segregation of duties. This is done by user authentication.Incorrect Answers:A: Monitoring and recording unsuccessful logon attempts does not address the risk of appropriate access rights. In other words, it does not prevent unauthorized access.B: Forcing users to change their passwords does not ensure that access control is appropriately assigned.C: Challenge response system is used to verify the user's identification but does not completely address the issue of access risk if access was not appropriately designed in the first place.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment