ISACA-CRISC

Ben works as a project manager for the MJH Project. In this project, Ben is preparing to identify stakeholders so he can communicate project requirements, status, and risks. Ben has elected to use a salience model as part of his stakeholder identification process. Which of the following activities best describes a salience model?

Which of the following is the first MOST step in the risk assessment process?

Which of the following matrices is used to specify risk thresholds?

You are the project manager of the HGT project in Bluewell Inc. The project has an asset valued at $125,000 and is subjected to an exposure factor of 25 percent.What will be the Single Loss Expectancy of this project?

Mary is a project manager in her organization. On her current project she is working with her project team and other key stakeholders to identify the risks within the project. She is currently aiming to create a comprehensive list of project risks so she is using a facilitator to help generate ideas about project risks. What risk identification method is Mary likely using?

Which of the following is an administrative control?

You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team.What document do you and your team is creating in this scenario?

Where are all risks and risk responses documented as the project progresses?

A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

John works as a project manager for BlueWell Inc. He is determining which risks can affect the project. Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?

Which of the following events refer to loss of integrity?Each correct answer represents a complete solution. (Choose three.)

Which of the following should be PRIMARILY considered while designing information systems controls?

Which of the following is the MOST effective inhibitor of relevant and efficient communication?

You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?

Which among the following acts as a trigger for risk response process?

Which of the following statements are true for enterprise's risk management capability maturity level 3?

Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

Which of following is NOT used for measurement of Critical Success Factors of the project?

Out of several risk responses, which of the following risk responses is used for negative risk events?

What are the PRIMARY requirements for developing risk scenarios?Each correct answer represents a part of the solution. (Choose two.)

What are the responsibilities of the CRO?Each correct answer represents a complete solution. (Choose three.)

You are working with a vendor on your project. A stakeholder has requested a change for the project, which will add value to the project deliverables. The vendor that you're working with on the project will be affected by the change. What system can help you introduce and execute the stakeholder change request with the vendor?

Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?

What are the requirements of monitoring risk?Each correct answer represents a part of the solution. (Choose three.)

You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve this goal of improving the project's performance through risk analysis with your project stakeholders?

You are a project manager for your organization and you're working with four of your key stakeholders. One of the stakeholders is confused as to why you're not discussing the current problem in the project during the risk identification meeting. Which one of the following statements best addresses when a project risk actually happens?

The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?

Which of the following is described by the definition given below?"It is the expected guaranteed value of taking a risk."

There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to quantitative risk analysis process?