Free Access to ISACA.CRISC.v2022-04-29.q944 with Valid Practice Test (Page 3)

Question 6

Which of the following approaches will BEST help to ensure the effectiveness of risk awareness training?

A.Piloting courses with focus groups
B.Creating modules for targeted audiences
C.Using reputable third-party training programs
D.Reviewing content with senior management

Question 7

One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?

A.Acceptance
B.Transference
C.Enhance
D.Mitigation
E.Explanation:
Force majeure describes acts of God (Natural disaster), such as tornados and fires, and are
usually accepted because there's little than can be done to mitigate these risks.
F.is incorrect. Mitigation isn't the best choice, as this lowers the probability and/or impact
of the risk event.
G.is incorrect. Enhance is used for a positive risk event, not for force majeure.

Question 8

A deficient control has been identified which could result in great harm to an organization should a low frequency threat event occur. When communicating the associated risk to senior management, the risk practitioner should explain:

A.the current level of risk is within tolerance.
B.mitigation plans for threat events should be prepared in the current planning period.
C.an increase in threat events could cause a loss sooner than anticipated.
D.this risk scenario is equivalent to more frequent, but lower impact risk scenarios.

Question 9

Which of the following should be the PRIMARY consideration when assessing the automation of control monitoring?

A.Frequency of failure of control
B.Contingency plan for residual risk
C.Cost-benefit analysis of automation
D.Impact due to failure of control

Question 10

Which of the following is the final step in the policy development process?

A.Management approval
B.Continued awareness activities
C.Communication to employees
D.Maintenance and review

Question 6

Question 7

Question 8

Question 9

Question 10

Download PDF File