Which of the following will BEST help in communicating strategic risk priorities?
Correct Answer: D
CRISC Exam Question 602
A multinational organization is considering implementing standard background checks to' all new employees A KEY concern regarding this approach
Correct Answer: C
CRISC Exam Question 603
Which of the following is described by the definition given below? "It is the expected guaranteed value of taking a risk."
Correct Answer: A
and are incorrect. These are not valid answers.
CRISC Exam Question 604
Which of the following is the MOST effective control to maintain the integrity of system configuration files?
Correct Answer: C
CRISC Exam Question 605
What are the various outputs of risk response?
Correct Answer: C,D,E,F
is incorrect. Residual risk is not an output of risk response. Residual risk is the risk that remains after applying controls. It is not feasible to eliminate all risks from an organization. Instead, measures can be taken to reduce risk to an acceptable level. The risk that is left is residual risk. As, Risk = Threat Vulnerabilityand Total risk = Threat Vulnerability Asset Value Residual risk can be calculated with the following formula: Residual Risk = Total Risk - Controls Senior management is responsible for any losses due to residual risk. They decide whether a risk should be avoided, transferred, mitigated or accepted. They also decide what controls to implement. Any loss due to their decisions falls on their sides. Residual risk assessments are conducted after mitigation to determine the impact of the risk on the enterprise. For risk assessment, the effect and frequency is reassessed and the impact is recalculated. Answer: A is incorrect. Risk priority number is not an output for risk response but instead it is done before applying response. Hence it act as one of the inputs of risk response and is not the output of it.
