Online Access Free ISACA.CRISC.v2024-06-13.q683 Practice Test (Page 23)

CRISC Exam Question 106

Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?

A.ALE= ARO/SLE

B.ARO= SLE/ALE

C.ARO= ALE*SLE

D.ALE= ARO*SLE

E.Explanation:
A quantitative risk assessment quantifies risk in terms of numbers such as dollar values. This involves gathering data and then entering it into standard formulas. The results can help in identifying the priority of risks. These results are also used to determine the effectiveness of controls. Some of the terms associated with quantitative risk assessments are : Single loss expectancy (SLE)-It refers to the total loss expected from a single incident. This incident can occur when vulnerability is being exploited by threat. The loss is expressed as a dollar value such as $1,000. It includes the value of data, software, and hardware. SLE = Asset value * Exposure factor Annual rate of occurrence (ARO)-It refers to the number of times expected for an incident to occur in a year. If an incident occurred twice a month in the past year, the ARO is 24. Assuming nothing changes, it is likely that it will occur 24 times next year. Annual loss expectancy (ALE)-It is the expected loss for a year. ALE is calculated by multiplying SLE with ARO. Because SLE is a given in a dollar value, ALE is also given in a dollar value. For example, if the SLE is $1,000 and the ARO is 24, the ALE is $24,000. ALE = SLE * ARO Safeguard value-This is the cost of a control. Controls are used to mitigate risk. For example, antivirus software of an average cost of $50 for each computer. If there are 50 computers, the safeguard value is $2,500.

CRISC Exam Question 107

When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?

A.Recommend management accept the low risk scenarios

B.Propose mitigating controls

C.Re-evaluate the risk scenarios associated with the control

D.Assess management's risk tolerance

CRISC Exam Question 108

After a risk has been identified, who is in the BEST position to select the appropriate risk treatment option?

A.The risk practitioner

B.The risk owner

C.The control owner

D.The business process owner

CRISC Exam Question 109

Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

A.The number of resolved security incidents

B.The number of newly identified security incidents

C.The number of security incidents escalated to senior management

D.The number of recurring security incidents

CRISC Exam Question 110

Which of the following is MOST helpful in aligning IT risk with business objectives?

A.Performing a business impact analysis (BlA)

B.Integrating the results of top-down risk scenario analyses

C.Introducing an approved IT governance framework

D.Implementing a risk classification system

Other Version: 1022ISACA.CRISC.v2025-08-27.q675; 3122ISACA.CRISC.v2025-01-04.q999; 2109ISACA.CRISC.v2024-04-02.q999; 2704ISACA.CRISC.v2023-07-10.q544; 5427ISACA.CRISC.v2022-05-25.q338; 76ISACA.Actual4dump.CRISC.v2022-04-12.by.newman.349q.pdf; 5234ISACA.CRISC.v2022-02-22.q349; 5070ISACA.CRISC.v2021-10-27.q295; 42ISACA.Updatedumps.CRISC.v2021-09-05.by.bonnie.114q.pdf

Latest Upload: 306ISACA.CGEIT.v2025-09-19.q537; 155Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62; 156Scrum.SAFe-Practitioner.v2025-09-18.q63; 146Workday.Workday-Prism-Analytics.v2025-09-17.q17; 131Oracle.1Z0-1055-24.v2025-09-17.q28; 129Oracle.1Z1-182.v2025-09-17.q32; 246Nutanix.NCP-US-6.5.v2025-09-16.q73; 266Oracle.1z0-071.v2025-09-16.q232; 203Oracle.1Z1-922.v2025-09-16.q125; 326CyberArk.PAM-CDE-RECERT.v2025-09-15.q100

CRISC Exam Question 106

CRISC Exam Question 107

CRISC Exam Question 108

CRISC Exam Question 109

CRISC Exam Question 110

Download PDF File