CONTOH BANK SOAL LATIHAN EXAM CRISC - QUESTIONS AND ANSWER PRACTICE

CRISC EXAM PRACTICE



Ujian CRISC (Certified in Risk and Information Systems Control) dari ISACA adalah ujian sertifikasi yang penting bagi para profesional TI yang ingin mengukur dan mengembangkan keahlian mereka dalam manajemen risiko informasi. Pentingnya latihan soal dan bimbingan dari trainer terakreditasi tidak dapat diabaikan.

1. Kompleksitas Materi Ujian:

  • Ujian CRISC mencakup berbagai aspek dalam manajemen risiko informasi, termasuk identifikasi, penilaian, dan pengelolaan risiko. Latihan soal membantu kandidat untuk terbiasa dengan format dan kerumitan pertanyaan, sementara bimbingan dari trainer membimbing dalam pemahaman konsep-konsep kunci.

2. Mengetahui Format Ujian:

  • Latihan soal menghadirkan kandidat dengan format pertanyaan yang sebenarnya, membantu mereka mengembangkan strategi ujian yang efektif. Bimbingan dari trainer memberikan wawasan tentang cara menjawab pertanyaan dengan benar dan efisien.

3. Evaluasi Tingkat Pemahaman:

  • Latihan soal memberikan kesempatan untuk mengevaluasi tingkat pemahaman terhadap materi ujian. Hasil dari latihan ini membantu kandidat dan trainer untuk menentukan area-area yang perlu diperkuat.

4. Kesiapan Psikologis:

  • Ujian CRISC dapat menimbulkan tekanan psikologis. Melalui latihan soal, kandidat dapat membangun kepercayaan diri dan mengelola tingkat kecemasan. Bimbingan dari trainer dapat memberikan dukungan moral dan strategi pengelolaan stres.

5. Petunjuk Persiapan yang Spesifik:

  • Latihan soal dapat memberikan petunjuk persiapan yang spesifik, membantu kandidat untuk fokus pada topik-topik yang mungkin muncul dalam ujian. Bimbingan dari trainer terakreditasi memastikan bahwa persiapan sesuai dengan standar dan kebutuhan ujian.

6. Kepatuhan Terhadap Standar ISACA:

  • Latihan soal dan bimbingan dari trainer terakreditasi oleh ISACA memastikan bahwa persiapan kandidat sesuai dengan standar etika dan kebijakan ujian. Hal ini menjamin integritas dan keabsahan sertifikasi CRISC.

Kesimpulan: Pentingnya latihan soal dan bimbingan dari trainer terakreditasi dalam persiapan ujian CRISC tidak hanya meningkatkan peluang kesuksesan dalam ujian, tetapi juga memastikan bahwa para profesional TI memiliki pemahaman yang mendalam tentang manajemen risiko informasi sesuai dengan standar industri. Ini adalah investasi yang krusial untuk karir yang berkelanjutan dalam bidang keamanan informasi dan manajemen risiko.


CRISC EXAM PRACTICE 50 QUESTIONS AND ANSWER

 

1. Which of the following would present the GREATEST challenge when assigning accountability for control ownership?

      Unclear reporting relationships

      Weak governance structures

      Senior management scrutiny

      Complex regulatory environment


2. You are working in an enterprise. Your enterprise is willing to accept a certain amount of risk. What is this risk called?

      Hedging

      Aversion

      Appetite

      Tolerance


3. Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

      Gather scenarios from senior management

      Derive scenarios from IT risk policies and standards

      Benchmark scenarios against industry peers

      Map scenarios to a recognized risk management framework


4. You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission referring to?

      Probabilities

      Threats

      Vulnerabilities

      Impacts


5. Out of several risk responses, which of the following risk responses is used for negative risk events?

      Share

      Enhance

      Exploit

      Accept


6. For which of the following risk management capability maturity levels do the statement given below is true? "Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"

      Level 3

      Level

      Level 5

      Level 2


7. Which of the following should be the PRIMARY objective of promoting a risk-aware culture within an organization?

      Enabling risk-based decision making

      Increasing process control efficiencies

      Better understanding of the risk appetite

      Improving audit results


8. Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

      Risk management plan

      Project charter

      Risk register

      Quality management plan


9. Frank is the project manager of the NHQ project for his company. Frank is working with the project team, key stakeholders, and several subject matter experts on risks dealing with the new materials in the project. Frank wants to utilize a risk analysis method that will help the team to make decisions in the presence of the current uncertainty surrounding the new materials. Which risk analysis approach can Frank use to create an approach to make decisions in the presence of uncertainty?

      Monte Carlo Technique

      Qualitative risk analysis process

      Quantitative risk analysis process

      Delphi Technique


10. Which of the following is MOST important to update when an organization's risk appetite changes?

      Key risk indicators (KRIs)

      Risk taxonomy

      Key performance indicators (KPIs)

      Risk reporting methodology


11. One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?

      Acceptance

      Transference

      Enhance

      Mitigation


12. Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team.What document is Frank and the NHH Project team creating in this scenario?

      Resource management plan

      Project plan

      Project management plan

      Risk management plan


13. Wendy has identified a risk event in her project that has an impact of $75, and a 6 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just $15, with only a ten percent chance of occurring. The proposed solution will cost $25,. Wendy agrees to the $25, solution. What type of risk response is this?

      Mitigation

      Avoidance

      Transference

      Enhancing


14. Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?

      Mary will schedule when the identified risks are likely to happen and affect the project schedul

      Mary will utilize the schedule controls and the nature of the schedule for the quantitative analysis of the schedul

      Mary will use the schedule management plan to schedule the risk identification meetings throughout the remaining project.

      Mary will utilize the schedule controls to determine how risks may be allowed to change the project schedul


15. Ben is the project manager of the CMH Project for his organization. He has identified a risk that has a low probability of happening, but the impact of the risk event could save the project and the organization with a significant amount of capital. Ben assigns Laura to the risk event and instructs her to research the time, cost, and method to improve the probability of the positive risk event. Ben then communicates the risk event and response to management. What risk response has been used here?

      Sharing

      Transference

      Enhance

      Exploit


16. During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised?

      Authentication

      Identification

      Data validation

      Data integrity


17. Which of the following is the priority of data owners when establishing risk mitigation method?

      User entitlement changes

      Platform security

      Intrusion detection

      Antivirus controls


18. Della works as a project manager for Tech Perfect Inc. She is studying the documentation of planning of a project. The documentation states that there are twenty- eight stakeholders with the project. What will be the number of communication channels for the project?

      25

      28

      378

      3


19. You have been assigned as the Project Manager for a new project that involves building of a new roadway between the city airport to a designated point within the city. However, you notice that the transportation permit issuing authority is taking longer than the planned time to issue the permit to begin construction. What would you classify this as?

      Project Risk

      Status Update

      Risk Update

      Project Issue


20. You are the project manager of the GGK project for your company. The GGK project has a budget of $1,265,1 and is currently 4 percent complete. In this project, you elected to add labor to the project to increase the likelihood of completing the project early as the project was only scheduled to be 35 percent complete at this time. This positive risk response, while keeping the project ahead of schedule, has added significant costs to the project. You have already spent$575, to reach this point in the project. Management would like to know what your cost performance index and the schedule performance index is for this project. What are these values?

      The CPI is -$68,96 and the SPI is $63,255.

      The CPI is .88 and the SPI is zero.

      The CPI is .88 and the SPI is 1.14.

      The CPI is 1.14 and the SPI is .88.


21. Which of the following characteristics of risk controls answers the aspect about the control given below: "Will it continue to function as expressed over the time and adopts as changes or new elements are introduced to the environment"

      Reliability

      Sustainability

      Consistency

      Distinct


22. Which of the following is an administrative control?

      Water detection

      Reasonableness check

      Data loss prevention program

      Session timeout


23. The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?

      Trends in qualitative risk analysis

      Risk probability-impact matrix

      Risks grouped by categories

      Watchlist of low-priority risks


24. Which of the following is the MOST important use of KRIs?

      Providing a backward-looking view on risk events that have occurred

      Providing an early warning signal

      Providing an indication of the enterprise's risk appetite and tolerance

      Enabling the documentation and analysis of trends


25. Which of the following should be of MOST concern to a risk practitioner reviewing findings from a recent audit of an organization's data center?

      Ownership of an audit finding has not been assigned

      The data center is not fully redundant

      Audit findings were not communicated to senior management

      Key risk indicators (KRIs) for the data center do not include critical components


26. Which of the following risks is the risk that happen with an important business partner and affects a large group of enterprises within an area or industry?

      Contagious risk

      Reporting risk

      Operational risk

      Systemic risk


27. Which of following is NOT used for measurement of Critical Success Factors of the project?

      Productivity

      Quality

      Quantity

      Customer service


28. You are the project manager of the NHQ Project for your company. You have completed qualitative and quantitative analysis of your identified project risks and you would now like to find an approach to increase project opportunities and to reduce threats within the project. What project management process would best help you?

      Monitor and control project risks

      Create a risk governance approach

      Create the project risk register

      Plan risk responses


29. You are the project manager for your organization to install new workstations, servers, and cabling throughout a new building, where your company will be moving into. The vendor for the project informs you that the cost of the cabling has increased due to some reason. This new cost will cause the cost of your project to increase by nearly eight percent. What change control system should the costs be entered into for review?

      Cost change control system

      Contract change control system

      Scope change control system

      Only changes to the project scope should pass through a change control system.


30. You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan?

      Teaming agreements

      Transference

      Crashing the project

      Fast tracking the project


31. You are the project manager of the GGG project. You have completed the risk identification process for the initial phases of your project. As you begin to document the risk events in the risk register what additional information can you associate with the identified risk events?

      Risk potential responses

      Risk schedule

      Risk owner

      Risk cost


32. Which of the following is described by the definition given below?"It is the expected guaranteed value of taking a risk."

      Certainty equivalent value

      Risk premium

      Risk value guarantee

      Certain value assurance


33. Which of the following would BEST help minimize the risk associated with social engineering threats?

      Reviewing the organizationג€™s risk appetite

      Enforcing employee sanctions

      Enforcing segregation of duties

      Conducting phishing exercises


34. Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project documents including the plans, assumptions lists, project files, and contracts. What key thing will help Joan to discover risks within the review of the project documents?

      The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursu

      Lack of consistency between the plans and the project requirements and assumptions can be the indicators of risk in the project.

      Poorly written requirements will reveal inconsistencies in the project plans and documents.

      Plans that have loose definitions of terms and disconnected approaches will reveal risks.


35. You are the project manager of GHT project. You have identified a risk event on your current project that could save $67, in project costs if it occurs. Your organization is considering hiring a vendor to help establish proper project management techniques in order to assure it realizes these savings. Which of the following statements is TRUE for this risk event?

      This risk event should be accepted because the rewards outweigh the threat to the project.

      This risk event should be mitigated to take advantage of the savings.

      This risk event is an opportunity to the project and should be exploite

      This is a risk event that should be shared to take full advantage of the potential savings.


36. You work as a project manager for BlueWell Inc. You are involved with the project team on the different risk issues in your project. You are using the applications of IRGC model to facilitate the understanding and managing the rising of the overall risks that have impacts on the economy and society. One of your team members wants to know that what the need to use the IRGC is. What will be your reply?

      IRGC models aim at building robust, integrative inter-disciplinary governance models for emerging and existing risks.

      IRGC is both a concept and a tool.

      IRGC addresses the development of resilience and the capacity of organizations and people to face unavoidable risks.

      IRGC addresses understanding of the secondary impacts of a risk.

      Question.C, D: Risk governance addresses understanding of the secondary impacts of a risk, the development of resilience and the capacity of organizations and people to face unavoidable risks.


37. You work as the project manager for Company Inc. The project on which you are working has several risks that will affect several stakeholder requirements.Which project management plan will define who will be available to share information on the project risks?

      Resource Management Plan

      Communications Management Plan

      Risk Management Plan

      Stakeholder management strategy


38. Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?

      Bias towards risk in new resources

      Risk probability and impact matrixes

      Risk identification

      Uncertainty in values such as duration of schedule activities


39. You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

      Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.

      Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.

      Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

      Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.


40. A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

      An increase in attempted distributed denial of service (DDoS) attacks

      An increase in attempted website phishing attacks

      A decrease in remediated web security vulnerabilities

      A decrease in achievement of service level agreements (SLAs)


41. Which of the following is the GREATEST benefit of incorporating IT risk scenarios into the corporate risk register?

      Corporate incident escalation protocols are established

      The organization-wide control budget is expanded

      Exposure is integrated into the organizationג€™s risk profile

      Risk appetite cascades to business unit management


42. You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk Priority Number (RPN) you would give to it?

      12

      1

      15

      3


43. Which of the following is a performance measure that is used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments?

      Return On Security Investment

      Total Cost of Ownership

      Return On Investment

      Redundant Array of Inexpensive Disks


44. You are the project manager in your enterprise. You have identified occurrence of risk event in your enterprise. You have pre-planned risk responses. You have monitored the risks that had occurred. What is the immediate step after this monitoring process that has to be followed in response to risk events?

      Initiate incident response

      Update the risk register

      Eliminate the risk completely

      Communicate lessons learned from risk events


45. Tom works as a project manager for BlueWell Inc. He is determining which risks can affect the project. Which of the following inputs of the identify risks process is useful in identifying risks, and provides a quantitative assessment of the likely cost to complete the scheduled activities?

      Activity cost estimates

      Cost management plan

      Activity duration estimates

      Risk management plan


46. Which risk response is acceptable for both positive and negative risk events?

      Transferring

      Acceptance

      Sharing

      Enhancing


47. Fred is the project manager of the PKL project. He is working with his project team to complete the quantitative risk analysis process as a part of risk management planning. Fred understands that once the quantitative risk analysis process is complete, the process will need to be completed again in at least two other times in the project. When will the quantitative risk analysis process need to be repeated?

      Quantitative risk analysis process will be completed again after the cost management planning and as a part of monitoring and controllin

      Quantitative risk analysis process will be completed again after new risks are identified and as part of monitoring and controllin

      Quantitative risk analysis process will be completed again after the risk response planning and as a part of monitoring and controllin

      Quantitative risk analysis process will be completed again after the plan risk response planning and as part of procurement.


48. You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

      Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

      Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.

      Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.

      Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.


49. You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

      All risks must have a valid, documented risk respons

      These risks can be accepte

      These risks can be added to a low priority risk watch list.

      These risks can be dismisse


50. Sam is the project manager of a construction project in south Florida. This area of the United States is prone to hurricanes during certain parts of the year. As part of the project plan Sam and the project team acknowledge the possibility of hurricanes and the damage the hurricane could have on the project's deliverables, the schedule of the project, and the overall cost of the project. Once Sam and the project stakeholders acknowledge the risk of the hurricane they go on planning the project as if the risk is not likely to happen. What type of risk response is Sam using?

      Active acceptance

      Passive acceptance

      Avoidance

      Mitigation



Dapatkan bimbingan persiapan ujian CRISC oleh :
Hery Purnama, SE.,MM.
MCP, PMP, ITILF, CISA, CISM, CRISC, CDPSE, CGEIT, COBIT, TOGAF, CDMP, CTFL, CBAP, CISSP,
ISO 31000, ISO 27001, ISO 20000-1

Kontak: 081-223344-506

Posting Komentar

0 Komentar