Free Access ISACA.CRISC.v2022-08-23.q834 Practice Test (Page 54)

Question 261

An organization's HR department has implemented a policy requiring staff members to take a minimum of five consecutive days leave per year to mitigate the risk of malicious insider activities. Which of the following is the BEST key performance indicator (KPI) of the effectiveness of this policy?

A.Percentage of staff members taking leave according to the policy

B.Percentage of staff members seeking exception to the policy

C.Number of malicious activities occurring during staff members leave

D.Financial loss incurred due to malicious activities during staff members' leave

Question 262

Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?

A.Monitor and Control Risk

B.Plan risk response

C.Identify Risks

D.Qualitative Risk Analysis

E.Explanation:
The plan risk response project management process aims to reduce the threats to the project objectives and to increase opportunities. It follows the perform qualitative risk analysis process and perform quantitative risk analysis process. Plan risk response process includes the risk response owner to take the job for each agreed-to and funded risk response. This process addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget. The inputs to the plan risk response process are as follows: Risk register Risk management plan
Answer C
is incorrect. Identify Risks is the process of determining which risks may affect the project. It also documents risks' characteristics. The Identify Risks process is part of the Project Risk Management knowledge area. As new risks may evolve or become known as the project progresses through its life cycle, Identify Risks is an iterative process. The process should involve the project team so that they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Risk Register is the only output of this process.

Question 263

Which of the following changes would be reflected in an organization's risk profile after the failure of a critical patch implementation?

A.Inherent risk is increased.

B.Risk tolerance is decreased.

C.Risk appetite is decreased.

D.Residual risk is increased.

Question 264

An organization is considering outsourcing user administration controls for a critical system. The potential vendor has offered to perform quarterly self-audits of its controls instead of having annual independent audits.
Which of the following should be of GREATEST concern to the risk practitioner?

A.The vendor will not achieve best practices

B.The vendor will not ensure against control failure

C.The controls may not be properly tested

D.Lack of a risk-based approach to access control

Question 265

Your project team has completed the quantitative risk analysis for your project work. Based on their findings, they need to update the risk register with several pieces of information. Which one of the following components is likely to be updated in the risk register based on their analysis?

A.Listing of risk responses

B.Risk ranking matrix

C.Listing of prioritized risks

D.Qualitative analysis outcomes

E.Explanation:
The outcome of quantitative analysis can create a listing of prioritized risks that should be updated
in the risk register. The project team will create and update the risk register with fourkey
components: probabilistic analysis of the project, probability of achieving time and cost objectives,
list of quantified risks, and trends in quantitative risk analysis.

Other Version: 3458ISACA.CRISC.v2025-07-19.q999; 6542ISACA.CRISC.v2024-09-11.q999; 7512ISACA.CRISC.v2022-10-10.q527; 15392ISACA.CRISC.v2022-05-05.q821; 66ISACA.Examboosts.CRISC.v2021-09-26.by.erica.460q.pdf

Latest Upload: 100Oracle.1z0-1196-25.v2025-09-12.q18; 100NetworkAppliance.NS0-162.v2025-09-12.q86; 106OCEG.GRCP.v2025-09-11.q211; 106HP.HPE0-V27.v2025-09-11.q78; 122Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 136SAP.C-S4EWM-2023.v2025-09-08.q83; 173TheSecOpsGroup.CNSP.v2025-09-08.q20; 240CFAInstitute.ESG-Investing.v2025-09-08.q173; 236PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 261

Question 262

Question 263

Question 264

Question 265

Download PDF File