Online Access Free ISACA.CRISC.v2022-02-22.q349 Practice Test (Page 29)

CRISC Exam Question 136

Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level to the most mature level. Which of the following capability maturity levels shows that the enterprise does not recognize the need to consider the risk management or the business impact from IT risk?

A.Level 2

B.Level 0

C.Level 3

D.Level 1

CRISC Exam Question 137

You are the project manager of GRT project. You discovered that by bringing on more qualified resources or by providing even better quality than originally planned, could result in reducing the amount of time required to complete the project. If your organization seizes this opportunity it would be an example of what risk response?

A.Enhance

B.Exploit

C.Accept

D.Share

E.Explanation:
Exploit response is one of the strategies to negate risks or threats that appear in a project. This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. Exploiting a risk event provides opportunities forpositive impact on a project. Assigning more talented resources to the project to reduce the time to completion is an example of exploit response.

CRISC Exam Question 138

You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. Which of the following inputs will be needed for the qualitative risk analysis process in your project?
Each correct answer represents a complete solution. Choose all that apply.

A.Project scope statement

B.Cost management plan

C.Risk register

D.Organizational process assets

E.Explanation:
The primary goal of qualitative risk analysis is to determine proportion of effect and theoretical response. The inputs to the Qualitative Risk Analysis process are: Organizational process assets Project Scope Statement Risk Management Plan Risk Register

CRISC Exam Question 139

During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?

A.Complete a risk exception form

B.Report the gap to senior management

C.Consult with the business owner to update the BCP

D.Consult with the IT department to update the RTO

CRISC Exam Question 140

Which of the following is the GREATEST risk associated with the misclassification of data?

A.Data disruption

B.Inadequate resource allocation

C.Unauthorized access

D.Inadequate retention schedules

Other Version: 1021ISACA.CRISC.v2025-08-27.q675; 3119ISACA.CRISC.v2025-01-04.q999; 1415ISACA.CRISC.v2024-06-13.q683; 2105ISACA.CRISC.v2024-04-02.q999; 2695ISACA.CRISC.v2023-07-10.q544; 5419ISACA.CRISC.v2022-05-25.q338; 76ISACA.Actual4dump.CRISC.v2022-04-12.by.newman.349q.pdf; 5062ISACA.CRISC.v2021-10-27.q295; 42ISACA.Updatedumps.CRISC.v2021-09-05.by.bonnie.114q.pdf

Latest Upload: 306ISACA.CGEIT.v2025-09-19.q537; 155Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 156Scrum.SAFe-Practitioner.v2025-09-18.q63; 146Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 129Oracle.1Z1-182.v2025-09-17.q32; 245Nutanix.NCP-US-6.5.v2025-09-16.q73; 266Oracle.1z0-071.v2025-09-16.q232; 203Oracle.1Z1-922.v2025-09-16.q125; 326CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CRISC Exam Question 136

CRISC Exam Question 137

CRISC Exam Question 138

CRISC Exam Question 139

CRISC Exam Question 140

Download PDF File