CRISC EXAM PREPARATIONS - 150 QUESTIONS AND ANSWER PRACTICE ~ TRAINER ITIL | COBIT | POWER BI | ISO 27001 CISA | COGNOS | MS PROJECT | CISM | CISSP

ISACA CRISC EXAM PREPARATIONS - 150 QUESTIONS AND ANSWER PRACTICE

BY MR. HERY PURNAMA , SE.,MM.
CISA, CISM, CRISC, CDPSE, CISSP, PMP, CDMPCTFL, COBIT, TOGAF, CTFL
+62-81223344-506

1. Which of the following would present the GREATEST challenge when assigning accountability for control ownership?

⚫ Unclear reporting relationships

⚪ Weak governance structures

⚪ Senior management scrutiny

⚪ Complex regulatory environment

2. You are working in an enterprise. Your enterprise is willing to accept a certain amount of risk. What is this risk called?

⚪ Hedging

⚪ Aversion

⚫ Appetite

⚪ Tolerance

3. Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

⚪ Gather scenarios from senior management

⚪ Derive scenarios from IT risk policies and standards

⚪ Benchmark scenarios against industry peers

⚫ Map scenarios to a recognized risk management framework

4. You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission referring to?

⚪ Probabilities

⚪ Threats

⚫ Vulnerabilities

⚪ Impacts

5. Out of several risk responses, which of the following risk responses is used for negative risk events?

⚪ Share

⚪ Enhance

⚪ Exploit

⚫ Accept

6. For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"

⚪ Level 3

⚪ Level

⚫ Level 5

⚪ Level 2

7. Which of the following should be the PRIMARY objective of promoting a risk-aware culture within an organization?

⚫ Enabling risk-based decision making

⚪ Increasing process control efficiencies

⚪ Better understanding of the risk appetite

⚪ Improving audit results

8. Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

⚪ Risk management plan

⚪ Project charter

⚫ Risk register

⚪ Quality management plan

9. Frank is the project manager of the NHQ project for his company. Frank is working with the project team, key stakeholders, and several subject matter experts on risks dealing with the new materials in the project. Frank wants to utilize a risk analysis method that will help the team to make decisions in the presence of the current uncertainty surrounding the new materials. Which risk analysis approach can Frank use to create an approach to make decisions in the presence of uncertainty?

⚪ Monte Carlo Technique

⚪ Qualitative risk analysis process

⚫ Quantitative risk analysis process

⚪ Delphi Technique

10. Which of the following is MOST important to update when an organization's risk appetite changes?

⚫ Key risk indicators (KRIs)

⚪ Risk taxonomy

⚪ Key performance indicators (KPIs)

⚪ Risk reporting methodology

11. One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?

⚫ Acceptance

⚪ Transference

⚪ Enhance

⚪ Mitigation

12. Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team.What document is Frank and the NHH Project team creating in this scenario?

⚪ Resource management plan

⚪ Project plan

⚪ Project management plan

⚫ Risk management plan

13. Wendy has identified a risk event in her project that has an impact of $75, and a 6 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just $15, with only a ten percent chance of occurring. The proposed solution will cost $25,. Wendy agrees to the $25, solution. What type of risk response is this?

⚫ Mitigation

⚪ Avoidance

⚪ Transference

⚪ Enhancing

14. Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?

⚪ Mary will schedule when the identified risks are likely to happen and affect the project schedul

⚫ Mary will utilize the schedule controls and the nature of the schedule for the quantitative analysis of the schedul

⚪ Mary will use the schedule management plan to schedule the risk identification meetings throughout the remaining project.

⚪ Mary will utilize the schedule controls to determine how risks may be allowed to change the project schedul

15. Ben is the project manager of the CMH Project for his organization. He has identified a risk that has a low probability of happening, but the impact of the risk event could save the project and the organization with a significant amount of capital. Ben assigns Laura to the risk event and instructs her to research the time, cost, and method to improve the probability of the positive risk event. Ben then communicates the risk event and response to management. What risk response has been used here?

⚪ Sharing

⚪ Transference

⚫ Enhance

⚪ Exploit

16. During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised?

⚫ Authentication

⚪ Identification

⚪ Data validation

⚪ Data integrity

17. Which of the following is the priority of data owners when establishing risk mitigation method?

⚫ User entitlement changes

⚪ Platform security

⚪ Intrusion detection

⚪ Antivirus controls

18. Della works as a project manager for Tech Perfect Inc. She is studying the documentation of planning of a project. The documentation states that there are twenty- eight stakeholders with the project. What will be the number of communication channels for the project?

⚪ 25

⚪ 28

⚫ 378

⚪ 3

19. You have been assigned as the Project Manager for a new project that involves building of a new roadway between the city airport to a designated point within the city. However, you notice that the transportation permit issuing authority is taking longer than the planned time to issue the permit to begin construction. What would you classify this as?

⚪ Project Risk

⚪ Status Update

⚪ Risk Update

⚫ Project Issue

20. You are the project manager of the GGK project for your company. The GGK project has a budget of $1,265,1 and is currently 4 percent complete. In this project, you elected to add labor to the project to increase the likelihood of completing the project early as the project was only scheduled to be 35 percent complete at this time. This positive risk response, while keeping the project ahead of schedule, has added significant costs to the project. You have already spent$575, to reach this point in the project. Management would like to know what your cost performance index and the schedule performance index is for this project. What are these values?

⚪ The CPI is -$68,96 and the SPI is $63,255.

⚪ The CPI is .88 and the SPI is zero.

⚫ The CPI is .88 and the SPI is 1.14.

⚪ The CPI is 1.14 and the SPI is .88.

21. Which of the following characteristics of risk controls answers the aspect about the control given below: "Will it continue to function as expressed over the time and adopts as changes or new elements are introduced to the environment"

⚪ Reliability

⚫ Sustainability

⚪ Consistency

⚪ Distinct

22. Which of the following is an administrative control?

⚪ Water detection

⚪ Reasonableness check

⚫ Data loss prevention program

⚪ Session timeout

23. The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?

⚪ Trends in qualitative risk analysis

⚫ Risk probability-impact matrix

⚪ Risks grouped by categories

⚪ Watchlist of low-priority risks

24. Which of the following is the MOST important use of KRIs?

⚪ Providing a backward-looking view on risk events that have occurred

⚫ Providing an early warning signal

⚪ Providing an indication of the enterprise's risk appetite and tolerance

⚪ Enabling the documentation and analysis of trends

25. Which of the following should be of MOST concern to a risk practitioner reviewing findings from a recent audit of an organization's data center?

⚪ Ownership of an audit finding has not been assigned

⚪ The data center is not fully redundant

⚫ Audit findings were not communicated to senior management

⚪ Key risk indicators (KRIs) for the data center do not include critical components

26. Which of the following risks is the risk that happen with an important business partner and affects a large group of enterprises within an area or industry?

⚪ Contagious risk

⚪ Reporting risk

⚪ Operational risk

⚫ Systemic risk

27. Which of following is NOT used for measurement of Critical Success Factors of the project?

⚪ Productivity

⚪ Quality

⚫ Quantity

⚪ Customer service

28. You are the project manager of the NHQ Project for your company. You have completed qualitative and quantitative analysis of your identified project risks and you would now like to find an approach to increase project opportunities and to reduce threats within the project. What project management process would best help you?

⚪ Monitor and control project risks

⚪ Create a risk governance approach

⚪ Create the project risk register

⚫ Plan risk responses

29. You are the project manager for your organization to install new workstations, servers, and cabling throughout a new building, where your company will be moving into. The vendor for the project informs you that the cost of the cabling has increased due to some reason. This new cost will cause the cost of your project to increase by nearly eight percent. What change control system should the costs be entered into for review?

⚫ Cost change control system

⚪ Contract change control system

⚪ Scope change control system

⚪ Only changes to the project scope should pass through a change control system.

30. You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan?

⚪ Teaming agreements

⚪ Transference

⚫ Crashing the project

⚪ Fast tracking the project

31. You are the project manager of the GGG project. You have completed the risk identification process for the initial phases of your project. As you begin to document the risk events in the risk register what additional information can you associate with the identified risk events?

⚫ Risk potential responses

⚪ Risk schedule

⚪ Risk owner

⚪ Risk cost

32. Which of the following is described by the definition given below?"It is the expected guaranteed value of taking a risk."

⚫ Certainty equivalent value

⚪ Risk premium

⚪ Risk value guarantee

⚪ Certain value assurance

33. Which of the following would BEST help minimize the risk associated with social engineering threats?

⚪ Reviewing the organizationג€™s risk appetite

⚪ Enforcing employee sanctions

⚪ Enforcing segregation of duties

⚫ Conducting phishing exercises

34. Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project documents including the plans, assumptions lists, project files, and contracts. What key thing will help Joan to discover risks within the review of the project documents?

⚪ The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursu

⚫ Lack of consistency between the plans and the project requirements and assumptions can be the indicators of risk in the project.

⚪ Poorly written requirements will reveal inconsistencies in the project plans and documents.

⚪ Plans that have loose definitions of terms and disconnected approaches will reveal risks.

35. You are the project manager of GHT project. You have identified a risk event on your current project that could save $67, in project costs if it occurs. Your organization is considering hiring a vendor to help establish proper project management techniques in order to assure it realizes these savings. Which of the following statements is TRUE for this risk event?

⚪ This risk event should be accepted because the rewards outweigh the threat to the project.

⚪ This risk event should be mitigated to take advantage of the savings.

⚪ This risk event is an opportunity to the project and should be exploite

⚫ This is a risk event that should be shared to take full advantage of the potential savings.

36. You work as a project manager for BlueWell Inc. You are involved with the project team on the different risk issues in your project. You are using the applications of IRGC model to facilitate the understanding and managing the rising of the overall risks that have impacts on the economy and society. One of your team members wants to know that what the need to use the IRGC is. What will be your reply?

⚫ IRGC models aim at building robust, integrative inter-disciplinary governance models for emerging and existing risks.

⚪ IRGC is both a concept and a tool.

⚪ IRGC addresses the development of resilience and the capacity of organizations and people to face unavoidable risks.

⚪ IRGC addresses understanding of the secondary impacts of a risk.

⚪ Question.C, D: Risk governance addresses understanding of the secondary impacts of a risk, the development of resilience and the capacity of organizations and people to face unavoidable risks.

37. You work as the project manager for Company Inc. The project on which you are working has several risks that will affect several stakeholder requirements.Which project management plan will define who will be available to share information on the project risks?

⚪ Resource Management Plan

⚫ Communications Management Plan

⚪ Risk Management Plan

⚪ Stakeholder management strategy

38. Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?

⚪ Bias towards risk in new resources

⚪ Risk probability and impact matrixes

⚪ Risk identification

⚫ Uncertainty in values such as duration of schedule activities

39. You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

⚪ Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.

⚪ Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.

⚫ Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

⚪ Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.

40. A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

⚫ An increase in attempted distributed denial of service (DDoS) attacks

⚪ An increase in attempted website phishing attacks

⚪ A decrease in remediated web security vulnerabilities

⚪ A decrease in achievement of service level agreements (SLAs)

41. Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?

⚫ Corporate incident escalation protocols are established

⚪ The organization-wide control budget is expanded

⚪ Exposure is integrated into the organizationג€™s risk profile

⚪ Risk appetite cascades to business unit management

42. You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk Priority Number (RPN) you would give to it?

⚫ 12

⚪ 1

⚪ 15

⚪ 3

43. Which of the following is a performance measure that is used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments?

⚪ Return On Security Investment

⚪ Total Cost of Ownership

⚫ Return On Investment

⚪ Redundant Array of Inexpensive Disks

44. You are the project manager in your enterprise. You have identified occurrence of risk event in your enterprise. You have pre-planned risk responses. You have monitored the risks that had occurred. What is the immediate step after this monitoring process that has to be followed in response to risk events?

⚫ Initiate incident response

⚪ Update the risk register

⚪ Eliminate the risk completely

⚪ Communicate lessons learned from risk events

45. Tom works as a project manager for BlueWell Inc. He is determining which risks can affect the project. Which of the following inputs of the identify risks process is useful in identifying risks, and provides a quantitative assessment of the likely cost to complete the scheduled activities?

⚫ Activity cost estimates

⚪ Cost management plan

⚪ Activity duration estimates

⚪ Risk management plan

46. Which risk response is acceptable for both positive and negative risk events?

⚪ Transferring

⚫ Acceptance

⚪ Sharing

⚪ Enhancing

47. Fred is the project manager of the PKL project. He is working with his project team to complete the quantitative risk analysis process as a part of risk management planning. Fred understands that once the quantitative risk analysis process is complete, the process will need to be completed again in at least two other times in the project. When will the quantitative risk analysis process need to be repeated?

⚪ Quantitative risk analysis process will be completed again after the cost management planning and as a part of monitoring and controllin

⚪ Quantitative risk analysis process will be completed again after new risks are identified and as part of monitoring and controllin

⚫ Quantitative risk analysis process will be completed again after the risk response planning and as a part of monitoring and controllin

⚪ Quantitative risk analysis process will be completed again after the plan risk response planning and as part of procurement.

48. You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

⚫ Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

⚪ Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.

⚪ Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.

⚪ Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.

49. You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

⚪ All risks must have a valid, documented risk respons

⚪ These risks can be accepte

⚫ These risks can be added to a low priority risk watch list.

⚪ These risks can be dismisse

50. Sam is the project manager of a construction project in south Florida. This area of the United States is prone to hurricanes during certain parts of the year. As part of the project plan Sam and the project team acknowledge the possibility of hurricanes and the damage the hurricane could have on the project's deliverables, the schedule of the project, and the overall cost of the project. Once Sam and the project stakeholders acknowledge the risk of the hurricane they go on planning the project as if the risk is not likely to happen. What type of risk response is Sam using?

⚪ Active acceptance

⚫ Passive acceptance

⚪ Avoidance

⚪ Mitigation

51. Which section of the Sarbanes-Oxley Act specifies "Periodic financial reports must be certified by CEO and CFO"?

⚫ Section 32

⚪ Section 44

⚪ Section 23

⚪ Section 49

52. Which of the following BEST describes the utility of a risk?

⚪ The finance incentive behind the risk

⚪ The potential opportunity of the risk

⚪ The mechanics of how a risk works

⚫ The usefulness of the risk to individuals or groups

53. An organization has outsourced an application to a Software as a Service (SaaS) provider. The risk associated with the use of this service should be owned by the:

⚪ service providerג€™s IT manager

⚪ service providerג€™s risk manager

⚫ organizationג€™s business process manager

⚪ organizationג€™s vendor manager

54. You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?

⚪ Reduction in the frequency of a threat

⚫ Minimization of inherent risk

⚪ Reduction in the impact of a threat

⚪ Minimization of residual risk

55. Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?

⚫ Audit trails for updates and deletions

⚪ Encrypted storage of data

⚪ Links to source data

⚪ Check totals on data records and data fields

56. Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

⚪ Risk response

⚪ Quantitative analysis

⚫ Contingency reserve

⚪ Risk response plan

57. You have been assigned as the Project Manager for a new project that involves development of a new interface for your existing time management system. You have completed identifying all possible risks along with the stakeholders and team and have calculated the probability and impact of these risks. Which of the following would you need next to help you prioritize the risks?

⚪ Affinity Diagram

⚫ Risk rating rules

⚪ Project Network Diagram

⚪ Risk categories

⚪ QuestionD: Risk categories are an output of the Perform Qualitative Risk Analysis process and not a tool to complete the process.

58. Which of the following is MOST helpful to ensure effective security controls for a cloud service provider?

⚪ Internal audit reports from the vendor

⚪ A control self-assessment

⚫ A third-party security assessment report

⚪ Service level agreement monitoring

59. You are the project manager of a large construction project. Part of the project involves the wiring of the electricity in the building your project is creating. You and the project team determine the electrical work is too dangerous to perform yourself so you hire an electrician to perform the work for the project. This is an example of what type of risk response?

⚪ Acceptance

⚪ Mitigation

⚫ Transference

⚪ Avoidance

60. Which of the following is the GREATEST concern when using a generic set of IT risk scenarios for risk analysis?

⚪ Inherent risk might not be considered

⚪ Implementation costs might increase

⚫ Risk factors might not be relevant to the organization

⚪ Quantitative analysis might not be possible

61. Which of the following is the BEST defense against successful phishing attacks?

⚪ Intrusion detection system

⚪ Application hardening

⚫ End-user awareness

⚪ Spam filters

62. Who is responsible for the stakeholder expectations management in a high-profile, high-risk project?

⚪ Project risk assessment officer

⚪ Project management office

⚪ Project sponsor

⚫ Project manager

63. Joan is the project manager of the BTT project for her company. She has worked with her project to create risk responses for both positive and negative risk events within the project. As a result of this process Joan needs to update the project document updates. She has updated the assumptions log as a result of the findings and risk responses, but what other documentation will need to be updated as an output of risk response planning?

⚪ Scope statement

⚪ Lessons learned

⚪ Risk Breakdown Structure

⚫ Technical documentation

64. Which of the following processes involves choosing the alternative strategies, executing a contingency or fallback plan, taking corrective action, and modifying the project management plan?

⚫ Monitor and Control risk

⚪ Configuration Management

⚪ Integrated Change control

⚪ Scope Change control

65. You are the project manager for BlueWell Inc. You have noticed that the risk level in your project increases above the risk tolerance level of your enterprise. You have applied several risk responses. Now you have to update the risk register in accordance to risk response process. All of the following are included in the risk register except for which item?

⚪ Risk triggers

⚪ Agreed-upon response strategies

⚫ Network diagram analysis of critical path activities

⚪ Risk owners and their responsibility

66. David is the project manager of HGF project for his company. David, the project team, and several key stakeholders have completed risk identification and are ready to move into qualitative risk analysis. Tracy, a project team member, does not understand why they need to complete qualitative risk analysis. Which one of the following is the best explanation for completing qualitative risk analysis?

⚪ It is a cost-effective means of establishing probability and impact for the project risks.

⚪ Qualitative risk analysis helps segment the project risks, create a risk breakdown structure, and create fast and accurate risk responses.

⚪ All risks must pass through quantitative risk analysis before qualitative risk analysis.

⚫ It is a rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.

67. You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

⚫ Stakeholder management strategy

⚪ Assessment information of the stakeholders' major requirements, expectations, and potential influence

⚪ Identification information for each stakeholder

⚪ Stakeholder classification of their role in the project

68. You work as a project manager for TechSoft Inc. You are working with the project stakeholders on the qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?

⚪ Risk Urgency Assessment

⚫ Risk Reassessment

⚪ Risk Data Quality Assessment

⚪ Risk Categorization

69. An organization uses a vendor to destroy hard drives. Which of the following would BEST reduce the risk of data leakage?

⚪ Implement an encryption policy for the hard drives

⚪ Require the vendor to degauss the hard drives

⚪ Use an accredited vendor to dispose of the hard drives

⚫ Require confirmation of destruction from the IT manager

70. An organization is considering acquiring a new line of business and wants to develop new IT risk scenarios to guide its decisions. Which of the following would add the MOST value to the new risk scenarios?

⚪ Audit findings

⚪ Expected losses

⚪ Cost-benefit analysis

⚫ Organizational threats

71. Which of the following is the most accurate definition of a project risk?

⚪ It is an unknown event that can affect the project scop

⚪ It is an uncertain event or condition within the project execution.

⚪ It is an uncertain event that can affect the project costs.

⚫ It is an uncertain event that can affect at least one project objectiv

72. You are the project manager of the HGT project in Bluewell Inc. The project has an asset valued at $125, and is subjected to an exposure factor of 25 percent.What will be the Single Loss Expectancy of this project?

⚪ 12525

⚫ 3125

⚪ 5

⚪ 3125

73. Which of the following interpersonal skills has been identified as one of the biggest reasons for project success or failure?

⚪ Motivation

⚪ Influencing

⚫ Communication

⚪ Political and cultural awareness

74. Which of the following establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc.?

⚪ Framework

⚪ Legal requirements

⚫ Standard

⚪ Practices

75. Which of the following processes must be repeated after Plan Risk Responses, as well as part of the Monitor and Control Risks, to determine if the overall project risk has been satisfactorily decreased?

⚪ Risk Limitation

⚪ Perform Qualitative Risk Analysis

⚪ Identify Risk

⚫ Perform Quantitative Risk Analysis

76. Which of the following is the BEST way to identify changes in the risk profile of an organization?

⚪ Monitor key risk indicators (KRIs)

⚪ Monitor key performance indicators (KPIs)

⚫ Conduct a gap analysis

⚪ Interview the risk owner

77. Which of the following do NOT indirect information?

⚫ Information about the propriety of cutoff

⚪ Reports that show orders that were rejected for credit limitations.

⚪ Reports that provide information about any unusual deviations and individual product margins.

⚪ The lack of any significant differences between perpetual levels and actual levels of goods.

78. You work as a project manager for BlueWell Inc. You have declined a proposed change request because of the risk associated with the proposed change request.Where should the declined change request be documented and stored?

⚫ Change request log

⚪ Project archives

⚪ Lessons learned

⚪ Project document updates

⚪ Question. It can be placed into the project documents, but the declined changes are part of the change request log.

79. While considering entity-based risks, which dimension of the COSO ERM framework is being referred?

⚫ Organizational levels

⚪ Risk components

⚪ Strategic objectives

⚪ Risk objectives

80. Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?

⚫ Transference

⚪ Mitigation

⚪ Acceptance

⚪ Avoidance

81. You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process.Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?

⚪ Studies of similar projects by risk specialists

⚪ Risk databases that may be available from industry sources

⚫ Review of vendor contracts to examine risks in past projects

⚪ Information on prior, similar projects

82. You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take?

⚪ Apply risk response

⚪ Update risk register

⚫ No action

⚪ Prioritize risk response options

83. Which of the following BEST indicates the effectiveness of an organization's data loss prevention (DLP) program?

⚪ Reduction in financial impact associated with data loss incidents

⚪ Reduction in the number of false positives and false negatives

⚪ Reduction in the number of approved exceptions to the DLP policy

⚫ Reduction in the severity of detected data loss events

84. An organization is planning to acquire a new financial system. Which of the following stakeholders would provide the MOST relevant information for analyzing the risk associated with the new IT solution?

⚪ Process owner

⚪ Internal auditor

⚫ Risk manager

⚪ Project sponsor

85. Which of the following is the MOST important aspect to ensure that an accurate risk register is maintained?

⚫ Publish the risk register in a knowledge management platform with workflow features that periodically contacts and polls risk assessors to ensure accuracy of content

⚪ Perform regular audits by audit personnel and maintain risk register

⚪ Submit the risk register to business process owners for review and updating

⚪ Monitor key risk indicators, and record the findings in the risk register

86. Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

⚪ The number of resolved security incidents

⚪ The number of security incidents escalated to senior management

⚪ The number of newly identified security incidents

⚫ The number of recurring security incidents

87. You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve the goal of improving the project's performance through risk analysis with your project stakeholders?

⚫ Focus on the high-priority risks through qualitative risk analysis

⚪ Involve the stakeholders for risk identification only in the phases where the project directly affects them

⚪ Involve subject matter experts in the risk analysis activities

⚪ Use qualitative risk analysis to quickly assess the probability and impact of risk events

88. You are the project manager of RTF project for your organization. You are working with your project team and several key stakeholders to create a diagram that shows causal factors for an effect to be solved. What diagramming technique are you using as a part of the risk identification process?

⚫ Cause and effect diagrams

⚪ System or process flow charts

⚪ Predecessor and successor diagramming

⚪ Influence diagrams

89. An organization that has been the subject of multiple social engineering attacks is developing a risk awareness program. The PRIMARY goal of this program should be to:

⚪ communicate the consequences for violations

⚪ implement industry best practices

⚪ reduce the organizationג€™s risk appetite

⚫ reduce the risk to an acceptable level

90. Which of the following is the BEST method to identify unnecessary controls?

⚪ Evaluating existing controls against audit requirements

⚫ Reviewing system functionalities associated with business processes

⚪ Monitoring existing key risk indicators (KRIs)

⚪ Evaluating the impact of removing existing controls

91. Which of the following is the HIGHEST risk of a policy that inadequately defines data and system ownership?

⚪ User management coordination does not exist

⚪ Audit recommendations may not be implemented

⚫ Users may have unauthorized access to originate, modify or delete data

⚪ Specific user accountability cannot be established

92. You work as a project manager for BlueWell Inc. You are performing the quantitative risk analysis for your project. One of the project risks has a 5 percent probability of happening, and it will cost the project $55, if the risk happens. What will be the expected monetary value of this risk event?

⚫ Negative $27,5

⚪ Zero - the risk event has not yet occurred

⚪ Negative $26,

⚪ Negative $55,

93. Which of the following will significantly affect the standard information security governance model?

⚪ Currency with changing legislative requirements

⚪ Number of employees

⚫ Complexity of the organizational structure

⚪ Cultural differences between physical locations

94. Jane, the Director of Sales, contacts you and demands that you add a new feature to the software your project team is creating for the organization. In the meeting she tells you how important the scope change would be. You explain to her that the software is almost finished and adding a change now could cause the deliverable to be late, cost additional funds, and would probably introduce new risks to the project. Jane stands up and says to you, "I am the Director of Sales and this change will happen in the project." And then she leaves the room. What should you do with this verbal demand for a change in the project?

⚪ Include the change in the project scope immediately.

⚪ Direct your project team to include the change if they have tim

⚫ Do not implement the verbal change request.

⚪ Report Jane to your project sponsor and then include the chang

95. Which of the following is the PRIMARY consideration when establishing an organization's risk management methodology?

⚪ Risk tolerance level

⚪ Benchmarking information

⚪ Resource requirements

⚫ Business context

96. NIST SP 8-53 identifies controls in three primary classes. What are they?

⚪ Technical, Administrative, and Environmental

⚪ Preventative, Detective, and Corrective

⚫ Technical, Operational, and Management

⚪ Administrative, Technical, and Operational

97. Ted is the project manager of the HRR project for his company. Management has asked that Ted periodically reviews the contingency reserve as risk events happen, pass, or are still pending. What is the purpose of reviewing the contingency reserve?

⚫ It helps to evaluate if the remaining reserve is adequate for the risk exposur

⚪ It helps to determine how much more funds will need to be invested in the project.

⚪ It helps to evaluate secondary and residual risks related to the risk responses and their costs.

⚪ It helps to determine the probability and impact of project risks.

98. You are the project manager of GHT project. You have identified a risk event on your project that could save $1, in project costs if it occurs. Which of the following statements BEST describes this risk event?

⚪ This risk event should be mitigated to take advantage of the savings.

⚪ This is a risk event that should be accepted because the rewards outweigh the threat to the project.

⚪ This risk event should be avoided to take full advantage of the potential savings.

⚫ This risk event is an opportunity to the project and should be exploite

99. Where can a project manager find risk-rating rules?

⚪ Risk management plan

⚫ Organizational process assets

⚪ Enterprise environmental factors

⚪ Risk probability and impact matrix

100. Which of the following processes looks at the complex web of actors, rules, conventions, processes, and mechanisms concerned with how relevant risk information is collected, analyzed and communicated, and how management decisions are taken?

⚪ Risk Communication

⚪ IRGC

⚪ Risk Response Planning

⚫ Risk Governance

101. Holly is the project manager of the NHQ project for her company. Her project sponsor, Tracy, has requested that Thomas, the department manager, from the RiskManagement Department, will work with Holly to determine the effectiveness of the risk responses. Tracy and Thomas are concerned that some of the risks withinHolly's project may not be addressed to depth they would like. In this scenario, who is responsible for ensuring that risk audits are performed at an appropriate frequency throughout the project?

⚪ Thomas

⚪ Tracy

⚪ The project team

⚫ Holly

102. Which of the following is a KEY outcome of risk ownership?

⚪ Risk-related information is communicated

⚫ Risk responsibilities are addressed

⚪ Risk-oriented tasks are defined

⚪ Business process risk is analyzed

103. A systems interruption has been traced to a personal USB device plugged into the corporate network by an IT employee who bypassed internal control procedures. Of the following, who should be accountable?

⚪ Chief risk officer (CRO)

⚪ Business continuity manager (BCM)

⚪ Human resources manager (HRM)

⚫ Chief information officer (CIO)

104. Which of the following components of risk scenarios has the potential to generate internal or external threat on an enterprise?

⚪ Timing dimension

⚪ Events

⚪ Assets

⚫ Actors

105. You are the project manager of a HGT project that has recently finished the final compilation process. The project customer has signed off on the project completion and you have to do few administrative closure activities. In the project, there were several large risks that could have wrecked the project but you and your project team found some new methods to resolve the risks without affecting the project costs or project completion date. What should you do with the risk responses that you have identified during the project's monitoring and controlling process?

⚪ Include the responses in the project management plan.

⚪ Include the risk responses in the risk management plan.

⚫ Include the risk responses in the organization's lessons learned databas

⚪ Nothin The risk responses are included in the project's risk register already.

106. Which of the following is the MOST important objective of the information system control?

⚫ Business objectives are achieved and undesired risk events are detected and corrected

⚪ Ensuring effective and efficient operations

⚪ Developing business continuity and disaster recovery plans

⚪ Safeguarding assets

107. You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?

⚫ Risk register

⚪ Risk log

⚪ Risk management plan

⚪ Project management plan

108. Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?

⚪ Mary will schedule when the identified risks are likely to happen and affect the project schedul

⚫ Mary will utilize the schedule controls and the nature of the schedule for the quantitative analysis of the schedul

⚪ Mary will use the schedule management plan to schedule the risk identification meetings throughout the remaining project.

⚪ Mary will utilize the schedule controls to determine how risks may be allowed to change the project schedul

⚪ QuestionC: This is not a valid answer for this

⚪ Question throughout the project, but it is not scheduled during the quantitative risk analysis process.D: Risks may affect the project schedule, but this is not the best answer for the

109. Which among the following acts as a trigger for risk response process?

⚪ Risk level increases above risk appetite

⚫ Risk level increase above risk tolerance

⚪ Risk level equates risk appetite

⚪ Risk level equates the risk tolerance

110. Thomas is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are also known as what?

⚪ Benefits

⚫ Opportunities

⚪ Ancillary constituent components

⚪ Contingency risks

111. You are a project manager for your organization and you're working with four of your key stakeholders. One of the stakeholders is confused as to why you're not discussing the current problem in the project during the risk identification meeting. Which one of the following statements best addresses when a project risk actually happens?

⚪ Project risks are uncertain as to when they will happen.

⚪ Risks can happen at any time in the project.

⚫ Project risks are always in the futur

⚪ Risk triggers are warning signs of when the risks will happen.

112. You are the project manager of the NHQ Project for your company. You are discussing some of the project issues that need to be resolved in the project. You and the project stakeholders come to an agreement about the risk issues and how they will be resolved. Where should you document this information for issue resolution?

⚪ Project management plan for execution

⚪ Lessons learned documentation

⚫ Issue log

⚪ Risk response plan

113. Rex is the project manager of the BDF Project. This project will last for two years and has a budget of $2,345,. Management has instructed Rex that the project must not go over budget as funds are very tight in the organization. During the project planning Rex and the project team discover a positive risk event to save$75,. Rex wants to make certain that this risk event happens so which risk response method is most appropriate?

⚪ Share

⚪ Mitigation

⚫ Exploit

⚪ Enhance

114. You are the project manager of HJT project. Important confidential files of your project are stored on a computer. Keeping the unauthorized access of this computer in mind, you have placed a hidden CCTV in the room, even on having protection password. Which kind of control CCTV is?

⚪ Technical control

⚫ Physical control

⚪ Administrative control

⚪ Management control

115. You are the project manager of the KJH Project and are working with your project team to plan the risk responses. Consider that your project has a budget of$5, and is expected to last six months. Within the KJH Project you have identified a risk event that has a probability of .7 and has a cost impact of$35,. When it comes to creating a risk response for this event what is the risk exposure of the event that must be considered for the cost of the risk response?

⚫ The risk exposure of the event is $245,.

⚪ The risk exposure of the event is $5,.

⚪ The risk exposure of the event is $35,.

⚪ The risk exposure of the event is $85,.

116. Henry is the project sponsor of the JQ Project and Nancy is the project manager. Henry has asked Nancy to start the risk identification process for the project, butNancy insists that the project team be involved in the process. Why should the project team be involved in the risk identification?

⚫ So that the project team can develop a sense of ownership for the risks and associated risk responsibilities.

⚪ So that the project manager can identify the risk owners for the risks within the project and the needed risk responses.

⚪ So that the project manager isn't the only person identifying the risk events within the project.

⚪ So that the project team and the project manager can work together to assign risk ownership.

117. Marsha is the project manager of the NHQ Project. There's a risk that her project team has identified, which could cause the project to be late by more than a month. Marsha does not want this risk event to happen so she devises extra project activities to ensure that the risk event will not happen. The extra steps, however, will cost the project an additional $1,. What type of risk response is this approach?

⚪ Enhancing

⚪ Exploiting

⚫ Mitigation

⚪ Transference

118. Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization.Which of the following assessment are you doing?

⚪ IT security assessment

⚪ IT audit

⚫ Threat and vulnerability assessment

⚪ Risk assessment

119. John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

⚪ Risk Response Plan

⚪ Risk Management Plan

⚫ Communications Management Plan

⚪ Project Management Plan

120. Which of the following is the MOST effective key performance indicator (KPI) for change management?

⚫ Percentage of successful changes

⚪ Number of changes implemented

⚪ Percentage of changes with a fallback plan

⚪ Average time required to implement a change

121. Which of the following techniques examines the degree to which organizational strengths offset threats and opportunities that may serve to overcome weaknesses?

⚫ SWOT Analysis

⚪ Delphi

⚪ Brainstorming

⚪ Expert Judgment

122. You are working with a vendor on your project. A stakeholder has requested a change for the project, which will add value to the project deliverables. The vendor that you're working with on the project will be affected by the change. What system can help you introduce and execute the stakeholder change request with the vendor?

⚫ Contract change control system

⚪ Scope change control system

⚪ Cost change control system

⚪ Schedule change control system

123. You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk, the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?

⚪ Deferrals

⚪ Quick win

⚫ Business case to be made

⚪ Contagious risk

124. Which of the following is the first MOST step in the risk assessment process?

⚫ Identification of assets

⚪ Identification of threats

⚪ Identification of threat sources

⚪ Identification of vulnerabilities

125. Which of the following matrices is used to specify risk thresholds?

⚫ Risk indicator matrix

⚪ Impact matrix

⚪ Risk scenario matrix

⚪ Probability matrix

126. To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

⚫ clearly define the project scope

⚪ perform background checks on the vendor

⚪ notify network administrators before testing

⚪ require the vendor to sign a nondisclosure agreement

127. Kelly is the project manager of the NNQ Project for her company. This project will last for one year and has a budget of $35,. Kelly is working with her project team and subject matter experts to begin the risk response planning process. When the project manager begins the plan risk response process, what two inputs will she need?

⚪ Risk register and the risk response plan

⚪ Risk register and power to assign risk responses

⚫ Risk register and the risk management plan

⚪ Risk register and the results of risk analysis

128. If one says that the particular control or monitoring tool is sustainable, then it refers to what ability?

⚫ The ability to adapt as new elements are added to the environment

⚪ The ability to ensure the control remains in place when it fails

⚪ The ability to protect itself from exploitation or attack

⚪ The ability to be applied in same manner throughout the organization

129. Which of the following is MOST helpful in developing key risk indicator thresholds?

⚫ Loss expectancy information

⚪ IT service level agreements

⚪ Control performance results

⚪ Remediation activity progress

130. In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

⚪ encryption for data at rest

⚪ encryption for data in motion

⚪ two-factor authentication

⚫ continuous data backup controls

131. You are the project manager of GHT project. You are performing cost and benefit analysis of control. You come across the result that costs of specific controls exceed the benefits of mitigating a given risk. What is the BEST action would you choose in this scenario?

⚪ The enterprise may apply the appropriate control anyway.

⚪ The enterprise should adopt corrective control.

⚫ The enterprise may choose to accept the risk rather than incur the cost of mitigation.

⚪ The enterprise should exploit the risk.

132. You are working in an enterprise. Assuming that your enterprise periodically compares finished goods inventory levels to the perpetual inventories in its ERP system. What kind of information is being provided by the lack of any significant differences between perpetual levels and actual levels?

⚪ Direct information

⚫ Indirect information

⚪ Risk management plan

⚪ Risk audit information

133. When reviewing a business continuity plan (BCP), which of the following would be the MOST significant deficiency?

⚪ BCP is often tested using the walkthrough method

⚫ BCP testing is not in conjunction with the disaster recovery plan (DRP)

⚪ Each business location has separate, inconsistent BCPs

⚪ Recovery time objectives (RTOs) do not meet business requirements

134. Your organization has a project that is expected to last 2 months but the customer would really like the project completed in 18 months. You have worked on similar projects in the past and believe that you could fast track the project and reach the 18 month deadline. What increases when you fast track a project?

⚪ Resources

⚪ Costs

⚪ Communication

⚫ Risks

135. You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks :Communicating risk analysis resultsReporting risk management activities and the state of complianceInterpreting independent risk assessment findingsIdentifying business opportunitiesWhich of the following process are you performing?

⚫ Articulating risk

⚪ Mitigating risk

⚪ Tracking risk

⚪ Reporting risk

136. A risk assessment has identified that an organization may not be in compliance with industry regulations. The BEST course of action would be to:

⚫ collaborate with management to meet compliance requirements

⚪ conduct a gap analysis against compliance criteria

⚪ identify necessary controls to ensure compliance

⚪ modify internal assurance activities to include control validation

137. There are seven risk responses, a project manager can use to address risk events. Which one of the following is a risk response that is appropriate for positive or negative risk events depending on the scenario in the project?

⚪ Avoidance

⚫ Acceptance

⚪ Sharing

⚪ Transference

138. What project management plan is most likely to direct the quantitative risk analysis process for a project in a matrix environment?

⚪ Risk analysis plan

⚪ Staffing management plan

⚪ Human resource management plan

⚫ Risk management plan

139. Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of a response strategy is this?

⚪ Internal risk management strategy

⚫ Contingent response strategy

⚪ External risk response

⚪ Expert judgment

140. You are the project manager of the NHQ project for your company. You are working with your project team to complete a risk audit. A recent issue that your project team responded to, and management approved, was to increase the project schedule because there was risk surrounding the installation time of a new material. Your logic was that with the expanded schedule there would be time to complete the installation without affecting downstream project activities. What type of risk response is being audited in this scenario?

⚪ Parkinson's Law

⚪ Mitigation

⚫ Avoidance

⚪ Lag Time

141. You are the project manager of a large project that will last four years. In this project, you would like to model the risk based on its distribution, impact, and other factors. There are three modeling techniques that a project manager can use to include both event-oriented and project-oriented analysis. Which modeling technique does NOT provide event-oriented and project-oriented analysis for identified risks?

⚪ Sensitivity analysis

⚫ Jo-Hari Window

⚪ Expected monetary value

⚪ Modeling and simulation

142. Mary is a project manager in her organization. On her current project she is working with her project team and other key stakeholders to identify the risks within the project. She is currently aiming to create a comprehensive list of project risks so she is using a facilitator to help generate ideas about project risks. What risk identification method is Mary likely using?

⚫ Brainstorming

⚪ Delphi Techniques

⚪ Checklist analysis

⚪ Expert judgment

143. Which of the following aspect of monitoring tool ensures that the monitoring tool has the ability to keep up with the growth of an enterprise?

⚫ Scalability

⚪ Customizability

⚪ Sustainability

⚪ Impact on performance

144. Mark is the project manager of the BFL project for his organization. He and the project team are creating a probability and impact matrix using RAG rating. There is some confusion and disagreement among the project team as to how a certain risk is important and priority for attention should be managed. Where can Mark determine the priority of a risk given its probability and impact?

⚪ Risk management plan

⚪ Project sponsor

⚪ Risk response plan

⚫ Look-up table

145. Harold is the project manager of a large project in his organization. He has been actively communicating and working with the project stakeholders. One of the outputs of the manage stakeholder expectations process can actually create new risk events for Harold's project. Which output of the manage stakeholder expectations process can create risks?

⚪ Project document updates

⚫ Change requests

⚪ Organizational process assets updates

⚪ Project management plan updates

146. An organization has outsourced its IT security management function to an external service provider. The BEST party to own the IT security controls under this arrangement is the:

⚫ organizationג€™s risk function

⚪ service providerג€™s audit function

⚪ organizationג€™s IT management

⚪ service providerג€™s IT security function

147. Gary is the project manager for his organization. He is working with the project stakeholders on the project requirements and how risks may affect their project.One of the stakeholders is confused about what constitutes risks in the project. Which of the following is the most accurate definition of a project risk?

⚪ It is an uncertain event that can affect the project costs.

⚪ It is an uncertain event or condition within the project execution.

⚫ It is an uncertain event that can affect at least one project objectiv

⚪ It is an unknown event that can affect the project scop

148. You are working as the project manager of the ABS project. The project is for establishing a computer network in a school premises. During the project execution, the school management asks to make the campus Wi-Fi enabled. You know that this may impact the project adversely. You have discussed the change request with other stakeholders. What will be your NEXT step?

⚪ Update project management plan.

⚪ Issue a change request.

⚫ Analyze the impact.

⚪ Update risk management plan.

149. Which of the following is NOT true for risk management capability maturity level 1?

⚪ A. There is an understanding that risk is important and needs to be managed, but it is viewed as a technical issue and the business primarily considers the downside of IT risk

⚫ B. Decisions involving risk lack credible information

⚪ C. Risk appetite and tolerance are applied only during episodic risk assessments

⚪ D. Risk management skills exist on an ad hoc basis, but are not actively developed

150. An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.

⚪ A. Information security managers

⚪ B. Internal auditors

⚪ C. Incident response team members

⚫ D. Business managers

Ujian ISACA CRISC (Certified in Risk and Information Systems Control)

Ujian CRISC dari ISACA merupakan sertifikasi yang dirancang untuk profesional TI dan bisnis yang berfokus pada pengelolaan risiko TI dan kontrol informasi. Sertifikasi ini menyoroti kemampuan untuk memahami dan mengimplementasikan program manajemen risiko yang efektif, serta mengidentifikasi dan mengelola risiko TI yang dapat membahayakan organisasi.

Manfaat Sertifikasi CRISC

Pengakuan Profesional: Sertifikasi CRISC memberikan pengakuan internasional atas keahlian dalam manajemen risiko TI.

Pengembangan Karir: Meningkatkan peluang karir, khususnya di bidang yang berkaitan dengan risiko dan kontrol TI.

Kredibilitas dan Kepercayaan: Menambah kredibilitas profesional dan memperkuat kepercayaan dari pihak manajemen dan pemangku kepentingan.

Pengembangan Keterampilan: Memperkuat keterampilan dalam mengidentifikasi, mengevaluasi, dan mengelola risiko TI.

Domain Ujian CRISC

Ujian CRISC mencakup empat domain utama:

IT Risk Identification: Mengidentifikasi risiko TI yang dapat memengaruhi organisasi.

IT Risk Assessment: Menilai risiko untuk menentukan dampak bisnis dan kemungkinan terjadinya.

Risk Response and Mitigation: Menentukan respons terbaik terhadap risiko dan cara menguranginya.

Risk and Control Monitoring and Reporting: Pemantauan dan pelaporan tentang efektivitas kontrol risiko.

Cara Mengambil Ujian

Pendaftaran Online: Mendaftar untuk ujian CRISC melalui situs web ISACA.

Pilih Jadwal dan Lokasi Ujian: Ujian biasanya diadakan di pusat pengujian terakreditasi atau dapat diambil secara online.

Biaya Ujian

Biaya ujian CRISC bervariasi berdasarkan keanggotaan ISACA dan lokasi geografis. Informasi terbaru tentang biaya dapat ditemukan di situs web ISACA.

Persyaratan Ujian

Pengalaman Kerja: Pengalaman kerja di bidang manajemen risiko TI diperlukan.

Pendidikan: Tidak ada persyaratan pendidikan khusus, tetapi pengetahuan di bidang risiko TI sangat dianjurkan.

Jumlah Soal dan Durasi Ujian

Ujian CRISC terdiri dari 150 pertanyaan pilihan ganda, dengan durasi 4 jam.

Manfaat Latihan Soal Ujian

Melakukan latihan soal ujian membantu memahami format dan jenis soal, serta memperkuat pemahaman tentang domain-domain yang diujikan. Ini juga membantu meningkatkan kepercayaan diri saat menghadapi ujian.

Profil Trainer Bapak Hery Purnama sebagai Trainer CRISC Berpengalaman

Mengenai profil Bapak Hery Purnama sebagai trainer CRISC berpengalaman, saya tidak memiliki informasi spesifik tentang individu tersebut. Namun, secara umum, seorang trainer CRISC yang berkualitas biasanya memiliki:

Sertifikasi CRISC: Bersertifikasi CRISC dan memiliki pemahaman mendalam tentang domain-domain ujian.

Pengalaman Praktis: Pengalaman nyata dalam manajemen risiko TI dan implementasi kontrol.

Kemampuan Mengajar: Keterampilan mengajar yang efektif, dapat menyampaikan konsep-konsep kompleks dengan jelas.

Materi Pelatihan yang Relevan: Menyediakan materi pelatihan yang sesuai dengan standar ISACA dan kebutuhan ujian.

Latihan Soal: Memberikan latihan soal dan simulasi ujian untuk mempersiapkan peserta secara efektif.

Seorang trainer seperti Bapak Hery Purnama, jika memang memiliki kualifikasi tersebut, akan sangat berharga dalam membantu calon peserta ujian CRISC mempersiapkan diri dengan baik

TRAINER ITIL | COBIT | POWER BI | ISO 27001 CISA | COGNOS | MS PROJECT | CISM | CISSP | CRISC

Saturday, December 9, 2023