NO.1 You are the project manager of GHT project. You have identified a risk event on your project
that could save $100,000 in project costs if it occurs. Which of the following statements BEST
describes this risk event?
A. This risk event is an opportunity to the project and should be exploited.
B. This risk event should be avoided to take full advantage of the potential savings.
C. This risk event should be mitigated to take advantage of the savings.
D. This is a risk event that should be accepted because the rewards outweigh the threat to the
This risk event has the potential to save money on project costs, so it is an opportunity, and the
appropriate strategy to use in this case is the exploit strategy. The exploit response is one of the
strategies to negate risks or threats appear in a project. This strategy may be selected for risks with
positive impacts where the organization wishes to ensure that the opportunity is realized. Exploiting
a risk event provides opportunities for positive impact on a project. Assigning more talented
resources to the project to reduce the time to completion is an example of exploit response.
Answer B is incorrect. To accept risk means that no action is taken relative to a particular risk; loss is
accepted if it occurs. But as this risk event bring an opportunity, it should me exploited and not
Answer A and C are incorrect. Mitigation and avoidance risk response is used in case of negative risk
events, and not in positive risk events. Here in this scenario, as it is stated that the event could save
$100,000, hence it is a positive risk event. Therefore should not be mitigated or avoided.
NO.2 Which of the following controls is an example of non-technical controls?
A. Access control
Physical security is an example of non-technical control. It comes under the family of operational
C. Intrusion detection system
D. Physical security
A, and D are incorrect. Intrusion detection system, access control, and encryption are the safeguards
that are incorporated into computer hardware, software or firmware, hence they refer to as
NO.3 You are the project manager of a HGT project that has recently finished the final compilation
process. The project customer has signed off on the project completion and you have to do few
administrative closure activities. In the project, there were several large risks that could have
wrecked the project but you and your project team found some new methods to resolve the risks
without affecting the project costs or project completion date. What should you do with the risk
responses that you have identified during the project's monitoring and controlling process?
A. Include the risk responses in the risk management plan.
B. Include the responses in the project management plan.
C. Include the risk responses in the organization's lessons learned database.
D. Nothing. The risk responses are included in the project's risk register already.
The risk responses that do not exist up till then, should be included in the organization's lessons
learned database so other project managers can use these responses in their project if relevant.
Answer D is incorrect. If the new responses that were identified is only included in the project's risk
register then it may not be shared with project managers working on some other project. Answer A is
incorrect. The responses are not in the project management plan, but in the risk response plan during
the project and they'll be entered into the organization's lessons learned database. Answer B is
incorrect. The risk responses are included in the risk response plan, but after completing the project,
they should be entered into the organization's lessons learned database.
NO.4 Which of the following BEST describes the utility of a risk?
A. The usefulness of the risk to individuals or groups
B. The finance incentive behind the risk
C. The potential opportunity of the risk
D. The mechanics of how a risk works
The utility of the risk describes the usefulness of a particular risk to an individual. Moreover, the
same risk can be utilized by two individuals in different ways. Financial outcomes are one of the
methods for measuring potential value for taking a risk. For example, if the individual's economic
wealth increases, the potential utility of the risk will decrease.
Answer C is incorrect. It is not the valid definition.
Answer A is incorrect. Determining financial incentive is one of the method to measure the
potential value for taking a risk, but it is not the valid definition for utility of risk.
Answer B is incorrect. It is not the valid definition.
JapanCertのISACAのCRISC 関連問題資料はあなたに時間とエネルギーを節約させます。あなたが何ヶ月でやる必要があることを我々はやってさしあげましたから。あなたがするべきことは、JapanCertのISACAのCRISC 関連問題資料に受かるのです。あなた自身のために、証明書をもらいます。JapanCert はあなたに必要とした知識と経験を提供して、ISACAのCRISC 関連問題資料の目標を作ってあげました。JapanCertを利用したら、試験に合格しないことは絶対ないです。
IT業種のISACAのCRISC 関連問題資料に合格したいのなら、JapanCert ISACAのCRISC 関連問題資料を選ぶのは必要なことです。ISACAのCRISC 関連問題資料に受かったら、あなたの仕事はより良い保証を得て、将来のキャリアで、少なくともIT領域であなたの技能と知識は国際的に認知され、受け入れられるです。これも多くの人々がISACAのCRISC 関連問題資料を選ぶ理由の一つです。その理由でこの試験はますます重視されるになります。JapanCert ISACAのCRISC 関連問題資料はあなたが上記の念願を実現することを助けられるのです。JapanCert ISACAのCRISC 関連問題資料は豊富な経験を持っているIT専門家が研究したもので、問題と解答が緊密に結んでいますから、比べるものがないです。高い価格のトレーニング授業を受けることはなくて、JapanCert ISACAのCRISC 関連問題資料をショッピングカートに入れる限り、我々はあなたが気楽に試験に合格することを助けられます。
試験科目：「Certified in Risk and Information Systems Control」
JapanCertは最新の70-761問題集と高品質の1z1-338問題と回答を提供します。JapanCertの210-455 VCEテストエンジンと300-075試験ガイドはあなたが一回で試験に合格するのを助けることができます。高品質の70-767 PDFトレーニング教材は、あなたがより迅速かつ簡単に試験に合格することを100％保証します。試験に合格して認証資格を取るのはそのような簡単なことです。