CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CRISC—Certified in Risk and Information Systems Control Certification Questions and answer - Part 8
1. You are the project manager of the QPS project. You and your project team have identified a pure risk. You along with the key stakeholders, decided to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?
A) It is a risk event that only has a negative side and not any positive result.
B) It is a risk event that is created by the application of risk response.
C) It is a risk event that is generated due to errors or omission in the project work.
D) It is a risk event that cannot be avoided because of the order of the work.
2. You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?
A) 5
B) 7
C) 1
D) 4
3. You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?
A) Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
B) Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
C) Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.
D) Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.
4. You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?Each correct answer represents a complete solution. Choose all that apply.(Select 3answers)
A) Education of staff or business partners
B) Deployment of a threat-specific countermeasure
C) Modify of the technical architecture
D) Apply more controls
5. Which of the following risks is associated with not receiving the right information to the right people at the right time to allow the right action to be taken?
A) Relevance risk
B) Integrity risk
C) Availability risk
D) Access risk
A) It is a risk event that only has a negative side and not any positive result.
B) It is a risk event that is created by the application of risk response.
C) It is a risk event that is generated due to errors or omission in the project work.
D) It is a risk event that cannot be avoided because of the order of the work.
2. You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?
A) 5
B) 7
C) 1
D) 4
3. You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?
A) Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
B) Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
C) Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.
D) Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.
4. You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?Each correct answer represents a complete solution. Choose all that apply.(Select 3answers)
A) Education of staff or business partners
B) Deployment of a threat-specific countermeasure
C) Modify of the technical architecture
D) Apply more controls
5. Which of the following risks is associated with not receiving the right information to the right people at the right time to allow the right action to be taken?
A) Relevance risk
B) Integrity risk
C) Availability risk
D) Access risk
1. Right Answer: A
Explanation: A pure risk has only a negative effect on the project. Pure risks are activities that are dangerous to complete and manage such as construction, electrical work, or manufacturing. It is a class of risk in which loss is the only probable result and there is no positive result.Pure risk is associated to the events that are outside the risk-taker's control.Incorrect Answers:B: The risk event created by the application of risk response is called secondary risk.C: A risk event that is generated due to errors or omission in the project work is not necessarily pure risk.D: This in not valid definition of pure risk.
2. Right Answer: D
Explanation: Four risk response options are there to deal with negative risks or threats on the project objectives- avoid, transfer, mitigate, and accept. Risk avoidance Risk mitigation Risk transfer Risk acceptanceIncorrect Answers:A, B ,C: These are incorrect choices as only 4 risk response are available to deal with negative risks.
3. Right Answer: C
Explanation: Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives. It is performed on risk that have been prioritized through the qualitative risk analysis process.Incorrect Answers:A: While somewhat true, this statement does not completely define the quantitative risk analysis process.B: This is actually the definition of qualitative risk analysis.D: This is not a valid statement about the quantitative risk analysis process. Risk response planning is a separate project management process.
4. Right Answer: A,B,C
Explanation: As new threats are identified and prioritized in terms of impact, the first step is to evaluate the ability of existing controls to mitigate risk associated with new threats and if it does not work then in that case facilitate the: Modification of the technical architecture Deployment of a threat-specific countermeasure Implementation of a compensating mechanism or process until mitigating controls are developed Education of staff or business partnersIncorrect Answers:D: Applying more controls is not the good solution. They usually complicate the condition.
5. Right Answer: A
Explanation: Relevance risk is the risk associated with not receiving the right information to the right people (or process or systems) at the right time to allow the right action to be taken.Incorrect Answers:B: The risk that data cannot be relied on because they are unauthorized, incomplete or inaccurate is termed as integrity risk.C: The risk of loss of service or that data is not available when needed is referred as availability risk.D: The risk that confidential or private information may be disclosed or made available to those without appropriate authority is termed as access or security risk.An aspect of this risk is non-compliance with local, national and international laws related to privacy and protection of personal information.
Explanation: A pure risk has only a negative effect on the project. Pure risks are activities that are dangerous to complete and manage such as construction, electrical work, or manufacturing. It is a class of risk in which loss is the only probable result and there is no positive result.Pure risk is associated to the events that are outside the risk-taker's control.Incorrect Answers:B: The risk event created by the application of risk response is called secondary risk.C: A risk event that is generated due to errors or omission in the project work is not necessarily pure risk.D: This in not valid definition of pure risk.
2. Right Answer: D
Explanation: Four risk response options are there to deal with negative risks or threats on the project objectives- avoid, transfer, mitigate, and accept. Risk avoidance Risk mitigation Risk transfer Risk acceptanceIncorrect Answers:A, B ,C: These are incorrect choices as only 4 risk response are available to deal with negative risks.
3. Right Answer: C
Explanation: Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives. It is performed on risk that have been prioritized through the qualitative risk analysis process.Incorrect Answers:A: While somewhat true, this statement does not completely define the quantitative risk analysis process.B: This is actually the definition of qualitative risk analysis.D: This is not a valid statement about the quantitative risk analysis process. Risk response planning is a separate project management process.
4. Right Answer: A,B,C
Explanation: As new threats are identified and prioritized in terms of impact, the first step is to evaluate the ability of existing controls to mitigate risk associated with new threats and if it does not work then in that case facilitate the: Modification of the technical architecture Deployment of a threat-specific countermeasure Implementation of a compensating mechanism or process until mitigating controls are developed Education of staff or business partnersIncorrect Answers:D: Applying more controls is not the good solution. They usually complicate the condition.
5. Right Answer: A
Explanation: Relevance risk is the risk associated with not receiving the right information to the right people (or process or systems) at the right time to allow the right action to be taken.Incorrect Answers:B: The risk that data cannot be relied on because they are unauthorized, incomplete or inaccurate is termed as integrity risk.C: The risk of loss of service or that data is not available when needed is referred as availability risk.D: The risk that confidential or private information may be disclosed or made available to those without appropriate authority is termed as access or security risk.An aspect of this risk is non-compliance with local, national and international laws related to privacy and protection of personal information.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment