CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CRISC—Certified in Risk and Information Systems Control Certification Questions and answer - Part 27
1. In which of the following risk management capability maturity levels risk appetite and tolerance are applied only during episodic risk assessments?
A) Level 3
B) Level 2
C) Level 4
D) Level 1
2. A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?
A) Add the identified risk to a quality control management chart.
B) Add the identified risk to the issues log.
C) Add the identified risk to the risk register.
D) Add the identified risk to the low-level risk watch-list.
3. A teaming agreement is an example of what type of risk response?
A) Acceptance
B) Mitigation
C) Transfer
D) Share
4. You are the project manager of HJT project. Important confidential files of your project are stored on a computer. Keeping the unauthorized access of this computer in mind, you have placed a hidden CCTV in the room, even on having protection password. Which kind of control CCTV is?
A) Technical control
B) Physical control
C) Administrative control
D) Management control
5. You are preparing to complete the quantitative risk analysis process with your project team and several subject matter experts. You gather the necessary inputs including the project's cost management plan. Why is it necessary to include the project's cost management plan in the preparation for the quantitative risk analysis process?
A) The project's cost management plan provides control that may help determine the structure for quantitative analysis of the budget.
B) The project's cost management plan can help you to determine what the total cost of the project is allowed to be.
C) The project's cost management plan provides direction on how costs may be changed due to identified risks.
D) The project's cost management plan is not an input to the quantitative risk analysis process.
A) Level 3
B) Level 2
C) Level 4
D) Level 1
2. A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?
A) Add the identified risk to a quality control management chart.
B) Add the identified risk to the issues log.
C) Add the identified risk to the risk register.
D) Add the identified risk to the low-level risk watch-list.
3. A teaming agreement is an example of what type of risk response?
A) Acceptance
B) Mitigation
C) Transfer
D) Share
4. You are the project manager of HJT project. Important confidential files of your project are stored on a computer. Keeping the unauthorized access of this computer in mind, you have placed a hidden CCTV in the room, even on having protection password. Which kind of control CCTV is?
A) Technical control
B) Physical control
C) Administrative control
D) Management control
5. You are preparing to complete the quantitative risk analysis process with your project team and several subject matter experts. You gather the necessary inputs including the project's cost management plan. Why is it necessary to include the project's cost management plan in the preparation for the quantitative risk analysis process?
A) The project's cost management plan provides control that may help determine the structure for quantitative analysis of the budget.
B) The project's cost management plan can help you to determine what the total cost of the project is allowed to be.
C) The project's cost management plan provides direction on how costs may be changed due to identified risks.
D) The project's cost management plan is not an input to the quantitative risk analysis process.
1. Right Answer: D
Explanation: An enterprise's risk management capability maturity level is 1 when: There is an understanding that risk is important and needs to be managed, but it is viewed as a technical issue and the business primarily considers the downside of IT risk. Any risk identification criteria vary widely across the enterprise. Risk appetite and tolerance are applied only during episodic risk assessments. Enterprise risk policies and standards are incomplete and/or reflect only external requirements and lack defensible rationale and enforcement mechanisms. Risk management skills exist on an ad hoc basis, but are not actively developed. Ad hoc inventories of controls that are unrelated to risk are dispersed across desktop applications.Incorrect Answers:A: In level 3 of risk management capability maturity model, local tolerances drive the enterprise risk tolerance.B: In level 2 of risk management capability maturity model, risk tolerance is set locally and may be difficult to aggregate.C: In level 4 of risk management capability maturity model, business risk tolerance is reflected by enterprise policies and standards reflect.
2. Right Answer: C
Explanation: All identified risks, their characteristics, responses, and their status should be added and monitored as part of the risk register. A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains: A description of the risk The impact should this event actually occur The probability of its occurrence Risk Score (the multiplication of Probability and Impact) A summary of the planned response should the event occur A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event) Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.Incorrect Answers:A: Control management charts are not the place where risk events are recorded.B: This is a risk event and should be recorded in the risk register.D: Risks that have a low probability and a low impact may go on the low-level risk watch-list.
3. Right Answer: D
Explanation: Teaming agreements are often comes under sharing risk response, as they involves joint ventures to realize an opportunity that an organization would not be able to seize otherwise.Sharing response is where two or more entities share a positive risk. Teaming agreements are good example of sharing the reward that comes from the risk of the opportunity.Incorrect Answers:A: Acceptance is a risk response that is appropriate for positive or negative risk events. It does not pursue the risk, but documents the event and allows the risk to happen. Often acceptance is used for low probability and low impact risk events.B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together.C: Transference is a negative risk response where the project manager hires a third party to own the risk event.
4. Right Answer: B
Explanation: CCTV is a physical control.Physical controls protect the physical environment. They include basics such as locks to protect access to secure areas. They also include environmental controls.This section presents the following examples of physical controls: Locked doors, guards, access logs, and closed-circuit television Fire detection and suppression Temperature and humidity detectionElectrical grounding and circuit breakers Water detectionIncorrect Answers:A, C, D CCTV is a physical control.
5. Right Answer: A
Explanation: The cost management plan is an input to the quantitative risk analysis process because of the cost management control it provides.The cost management plan sets how the costs on a project are managed during the project's life cycle. It defines the format and principles by which the project costs are measured, reported, and controlled. The cost management plan identifies the person responsible for managing costs, those who have the authority to approve changes to the project or its budget, and how cost performance is quantitatively calculated and reported upon.Incorrect Answers:B: The cost management plan defines the estimating, budgeting, and control of the project's cost.C: While the cost management plan does define the cost change control system, this is not the best answer for thisD: This is not a valid statement. The cost management plan is an input to the quantitative risk analysis process.
Explanation: An enterprise's risk management capability maturity level is 1 when: There is an understanding that risk is important and needs to be managed, but it is viewed as a technical issue and the business primarily considers the downside of IT risk. Any risk identification criteria vary widely across the enterprise. Risk appetite and tolerance are applied only during episodic risk assessments. Enterprise risk policies and standards are incomplete and/or reflect only external requirements and lack defensible rationale and enforcement mechanisms. Risk management skills exist on an ad hoc basis, but are not actively developed. Ad hoc inventories of controls that are unrelated to risk are dispersed across desktop applications.Incorrect Answers:A: In level 3 of risk management capability maturity model, local tolerances drive the enterprise risk tolerance.B: In level 2 of risk management capability maturity model, risk tolerance is set locally and may be difficult to aggregate.C: In level 4 of risk management capability maturity model, business risk tolerance is reflected by enterprise policies and standards reflect.
2. Right Answer: C
Explanation: All identified risks, their characteristics, responses, and their status should be added and monitored as part of the risk register. A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains: A description of the risk The impact should this event actually occur The probability of its occurrence Risk Score (the multiplication of Probability and Impact) A summary of the planned response should the event occur A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event) Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.Incorrect Answers:A: Control management charts are not the place where risk events are recorded.B: This is a risk event and should be recorded in the risk register.D: Risks that have a low probability and a low impact may go on the low-level risk watch-list.
3. Right Answer: D
Explanation: Teaming agreements are often comes under sharing risk response, as they involves joint ventures to realize an opportunity that an organization would not be able to seize otherwise.Sharing response is where two or more entities share a positive risk. Teaming agreements are good example of sharing the reward that comes from the risk of the opportunity.Incorrect Answers:A: Acceptance is a risk response that is appropriate for positive or negative risk events. It does not pursue the risk, but documents the event and allows the risk to happen. Often acceptance is used for low probability and low impact risk events.B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together.C: Transference is a negative risk response where the project manager hires a third party to own the risk event.
4. Right Answer: B
Explanation: CCTV is a physical control.Physical controls protect the physical environment. They include basics such as locks to protect access to secure areas. They also include environmental controls.This section presents the following examples of physical controls: Locked doors, guards, access logs, and closed-circuit television Fire detection and suppression Temperature and humidity detectionElectrical grounding and circuit breakers Water detectionIncorrect Answers:A, C, D CCTV is a physical control.
5. Right Answer: A
Explanation: The cost management plan is an input to the quantitative risk analysis process because of the cost management control it provides.The cost management plan sets how the costs on a project are managed during the project's life cycle. It defines the format and principles by which the project costs are measured, reported, and controlled. The cost management plan identifies the person responsible for managing costs, those who have the authority to approve changes to the project or its budget, and how cost performance is quantitatively calculated and reported upon.Incorrect Answers:B: The cost management plan defines the estimating, budgeting, and control of the project's cost.C: While the cost management plan does define the cost change control system, this is not the best answer for thisD: This is not a valid statement. The cost management plan is an input to the quantitative risk analysis process.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment