Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?
Correct Answer: B
is incorrect. Qualitative analysis is the definition of risk factors in terms of high/medium/low or a numeric scale (1 to 10). Hence it determines the nature of risk on a relative scale. Some of the qualitative methods of risk analysis are: Scenario analysis- This is a forward-looking process that can reflect risk for a given point in time. Risk Control Self -assessment (RCSA) - RCSA is used by enterprises (like banks) for the identification and evaluation of operational risk exposure. It is a logical first step and assumes that business owners and managers are closest to the issues and have the most expertise as to the source of the risk. RCSA is a constructive process in compelling business owners to contemplate, and then explain, the issues at hand with the added benefit of increasing their accountability.
CRISC Exam Question 67
The BEST indicator of the risk appetite of an organization is the
Correct Answer: B
CRISC Exam Question 68
You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission refers to?
Correct Answer: C
Section: Volume A Explanation: Vulnerabilities represent characteristics of information resources that may be exploited by a threat. The given scenario describes such a situation, hence it is a vulnerability. Incorrect Answers: A: Probabilities represent the likelihood of the occurrence of a threat, and this scenario does not describe a probability. B: Threats are circumstances or events with the potential to cause harm to information resources. This scenario does not describe a threat. D: Impacts represent the outcome or result of a threat exploiting a vulnerability. The stem does not describe an impact.
CRISC Exam Question 69
Which of the following is an output of risk assessment process?
Correct Answer: B
Section: Volume B Explanation: The output of the risk assessment process is identification of appropriate controls for reducing or eliminating risk during the risk mitigation process. To determine the likelihood of a future adverse event, threats to an IT system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the IT system. Once risk factors have been identified, existing or new controls are designed and measured for their strength and likelihood of effectiveness. Controls are preventive, detective or corrective; manual or programmed; and formal or ad hoc. Incorrect Answers: A: Risk identification acts as input of the risk assessment process. C: This is an output of risk mitigation process, that is, after applying several risk responses. D: Residual risk is the latter output after appropriate control.
CRISC Exam Question 70
Which of the following is MOST important for a risk practitioner to consider when determining the control requirements for data privacy arising from emerging technologies?
