Which of the following is BEST used to aggregate data from multiple systems to identify abnormal behavior?
Correct Answer: C
Question 832
Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?
Correct Answer: D,E
A, and B are incorrect. These are wrong formulas and are not used in quantitative risk assessment.
Question 833
You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk Priority Number (RPN) you would give to it?
Correct Answer: A
Section: Volume A Explanation: Steps involving in calculating risk priority number are as follows: * Identify potential failure effects * Identify potential causes * Establish links between each identified potential cause * Identify potential failure modes * Assess severity, occurrence and detection * Perform score assessments by using a scale of 1 -10 (low to high rating) to score these assessments. * Compute the RPN for a particular failure mode as Severity multiplied by occurrence and detection. RPN = Severity * Occurrence * Detection Hence, RPN = 4 * 5 * 6 = 120 Incorrect Answers: B, C, D: These are not RPN for given values of severity, occurrence, and detection.
Question 834
Which of the following is the PRIMARY purpose of periodically reviewing an organization's risk profile?
Correct Answer: B
According to the CRISC Review Manual, the primary purpose of periodically reviewing an organization's risk profile is to enable risk-based decision making, because it helps to ensure that the risk information is current, relevant, and accurate. The risk profile is a snapshot of the organization's risk exposure at a given point in time, based on the risk identification, analysis, and evaluation processes. Periodically reviewing the risk profile allows the organization to monitor the changes in the risk environment, the effectiveness of the risk responses, and the impact of the risk events. This enables the organization to make informed decisions about the risk management strategies and priorities. The other options are not the primary purpose of periodically reviewing the risk profile, as they are related to other aspects of the risk management process. Aligning business objectives with risk appetite is the purpose of establishing the risk context, which defines the scope and boundaries of the risk management activities. Designing and implementing risk response action plans is the purpose of the risk response process, which involves selecting and executing the appropriate risk responses. Updating risk responses in the risk register is the outcome of the risk monitoring and reporting process, which involves tracking the risk performance and communicating the risk information to the stakeholders. References = CRISC Review Manual, 7th Edition, Chapter 2, Section 2.2.4, page 86.
Question 835
Which of the following is the MOST relevant input to an organization's risk profile?
