Free Access to ISACA.CRISC.v2022-04-29.q944 with Valid Practice Test (Page 131)

Question 646

You work as a Project Manager for Company Inc. You have to conduct the risk management activities for a project. Which of the following inputs will you use in the plan risk management process?
Each correct answer represents a complete solution. Choose all that apply.

A.Quality management plan
B.Schedule management plan
C.Cost management plan
D.Project scope statement

Correct Answer: B,C,D

Explanation/Reference:
Explanation:
The inputs to the plan risk management process are as follows:
Project scope statement: It provides a clear sense of the range of possibilities associated with the

project and establishes the framework for how significant the risk management effort may become.
Cost management plan: It describes how risk budgets, contingencies, and management reserves will

be reported and accessed.
Schedule management plan: It describes how the schedule contingencies will be reported and

assessed.
Communication management plan: It describes the interactions, which occurs on the project and

determines who will be available to share information on various risks and responses at different times.
Enterprise environmental factors: It include, but are not limited to, risk attitudes and tolerances that

describe the degree of risk that an organization withstand.
Organizational process assets: It includes, but are not limited to, risk categories, risk statement formats,

standard templates, roles and responsibilities, authority levels for decision-making, lessons learned, and stakeholder registers.
Incorrect Answers:
A: It is not an input for Plan risk management process.

Comment: *

Name: *

Email: *

Verification: *

Question 647

One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?

A.Acceptance
B.Transference
C.Enhance
D.Mitigation

Correct Answer: A

Explanation/Reference:
Explanation:
Force majeure describes acts of God (Natural disaster), such as tornados and fires, and are usually accepted because there's little than can be done to mitigate these risks.
Incorrect Answers:
B: Transference transfers the risk ownership to a third party, usually for a fee.
C: Enhance is used for a positive risk event, not for force majeure.
D: Mitigation isn't the best choice, as this lowers the probability and/or impact of the risk event.

Comment: *

Name: *

Email: *

Verification: *

Question 648

Which of the following is described by the definition given below?
"It is the expected guaranteed value of taking a risk."

A.Certainty equivalent value
B.Risk premium
C.Risk value guarantee
D.Certain value assurance

Correct Answer: A

Explanation/Reference:
Explanation:
The Certainty equivalent value is the expected guaranteed value of taking a risk. It is derived by the uncertainty of the situation and the potential value of the situation's outcome.
Incorrect Answers:
B: The risk premium is the difference between the larger expected value of the risk and the smaller certainty equivalent value.
C, D: These are not valid answers.

Comment: *

Name: *

Email: *

Verification: *

Question 649

Which of the following laws applies to organizations handling health care information?

A.GLBA
B.HIPAA
C.SOX
D.FISMA

Correct Answer: B

Explanation/Reference:
Explanation:
HIPAA handles health care information of an organization.
The Health Insurance Portability and Accountability Act (HIPAA) were introduced in 1996. It ensures that health information data is protected. Before HIPAA, personal medical information was often available to anyone. Security to protect the data was lax, and the data was often misused.
If your organization handles health information, HIPAA applies. HIPAA defines health information as any data that is created or received by health care providers, health plans, public health authorities, employers, life insurers, schools or universities, and health care clearinghouses.
HIPAA defines any data that is related to the health of an individual, including past/present/future health, physical/mental health, and past/present/future payments for health care.
Creating a HIPAA compliance plan involves following phases:
Assessment: An assessment helps in identifying whether organization is covered by HIPAA. If it is, then

further requirement is to identify what data is needed to protect.
Risk analysis: A risk analysis helps to identify the risks. In this phase, analyzing method of handling

data of organization is done.
Plan creation: After identifying the risks, plan is created. This plan includes methods to reduce the risk.

Plan implementation: In this plan is being implemented.

Continuous monitoring: Security in depth requires continuous monitoring. Monitor regulations for

changes. Monitor risks for changes. Monitor the plan to ensure it is still used.
Assessment: Regular reviews are conducted to ensure that the organization remains in compliance.

Incorrect Answers:
A: GLBA is not used for handling health care information.
C: SOX designed to hold executives and board members personally responsible for financial data.
D: FISMA ensures protection of data of federal agencies.

Comment: *

Name: *

Email: *

Verification: *

Question 646

Question 647

Question 648

Question 649

Question 650

Download PDF File