Which of the following is the process of numerically analyzing the effects of identified risks on the overall enterprise's objectives?
Correct Answer: B
is incorrect. Unlike the quantitative risk assessment, qualitative risk assessment does not assign dollar values. Rather, it determines risk's level based on the probability and impact of a risk. These values are determined by gathering the opinions of experts. Probability- establishing the likelihood of occurrence and reoccurrence of specific risks, independently, and combined. The risk occurs when a threat exploits vulnerability. Scaling is done to define the probability that a risk will occur. The scale can be based on word values such as Low, Medium, or High. Percentage can also be assigned to these words, like 10% to low and 90% to high. Impact- Impact is used to identify the magnitude of identified risks. The risk leads to some type of loss. However, instead of quantifying the loss as a dollar value, an impact assessment could use words such as Low, Medium, or High. Impact is expressed as a relative value. For example, low could be 10, medium could be 50, and high could be 100. Risk level= Probability*Impact Answer: A is incorrect. The first thing we must do in risk management is to identify the areas of the project where the risks can occur. This is termed as risk identification. Listing all the possible risks is proved to be very productive for the enterprise as we can cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry some level of risk with them. Answer: D is incorrect. This is the process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness through the project.
CRISC Exam Question 202
An organization's recovery team is attempting to recover critical data backups following a major flood in its data center. However, key team members do not know exactly what steps should be taken to address this crisis. Which of the following is the MOST likely cause of this situation?
Correct Answer: C
CRISC Exam Question 203
Which of the following BEST measures the efficiency of an incident response process?
Correct Answer: D
Section: Volume D
CRISC Exam Question 204
Which of the following matrices is used to specify risk thresholds?
Correct Answer: A
Explanation/Reference: Explanation: Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks. Incorrect Answers: B, D: Estimation of risk's consequence and priority for awareness is conducted by using probability and impact matrix. These matrices specify the mixture of probability and impact that directs to rating the risks as low, moderate, or high priority. C: A risk scenario is a description of an event that can lay an impact on business, when and if it would occur. Some examples of risk scenario are of: Having a major hardware failure Failed disaster recovery planning (DRP) Major software failure
CRISC Exam Question 205
Which of the following events refer to loss of integrity? Each correct answer represents a complete solution. Choose three.
Correct Answer: B,C,D
Explanation/Reference: Explanation: Loss of integrity refers to the following types of losses: An e-mail message is modified in transit A virus infects a file Someone makes unauthorized changes to a Web site Incorrect Answers: A: Someone sees company's secret formula or password comes under loss of confidentiality.
Newest CRISC Exam PDF Dumps shared by Actual4test.com for Helping Passing CRISC Exam! Actual4test.com now offer the updated CRISC exam dumps, the Actual4test.com CRISC exam questions have been updated and answers have been corrected get the latest Actual4test.com CRISC pdf dumps with Exam Engine here:
