Free Access ISACA.CRISC.v2022-05-05.q821 Practice Test (Page 60)

Question 291

Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?

A.Stakeholder identification

B.Vendor selection process

C.Quality baseline

D.Process improvement plan

Question 292

Whether the results of risk analysis should be presented in quantitative or qualitative terms should be based PRIMARILY on the:

A.specific risk analysis framework being used.

B.results of the risk assessment.

C.requirements of management.

D.organizational risk tolerance.

Question 293

What are the MOST important criteria to consider when developing a data classification scheme to facilitate risk assessment and the prioritization of risk mitigation activities?

A.Volume and scope of data generated daily

B.Mitigation and control value

C.Recovery point objective (RPO) and recovery time objective (RTO)

D.Business criticality and sensitivity

Question 294

Which of the following approaches BEST identifies information systems control deficiencies?

A.Best practice assessment

B.Gap analysis

C.Countermeasures analysis

D.Risk assessment

Question 295

A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross- site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?

A.Require the software vendor to remediate the vulnerabilities.

B.Approve exception to allow the software to continue operating.

C.Monitor the databases for abnormal activity.

D.Accept the risk and let the vendor run the software as is.

Other Version: 3507ISACA.CRISC.v2025-07-19.q999; 6572ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 12586ISACA.CRISC.v2022-08-23.q834; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 108Oracle.1z0-1196-25.v2025-09-12.q18; 109NetworkAppliance.NS0-162.v2025-09-12.q86; 149OCEG.GRCP.v2025-09-11.q211; 109HP.HPE0-V27.v2025-09-11.q78; 125Oracle.1Z0-1057-23.v2025-09-10.q47; 159Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 139SAP.C-S4EWM-2023.v2025-09-08.q83; 183TheSecOpsGroup.CNSP.v2025-09-08.q20; 267CFAInstitute.ESG-Investing.v2025-09-08.q173; 257PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 291

Question 292

Question 293

Question 294

Question 295

Download PDF File