Question1: Which of the following role carriers has to account for collecting data on risk and articulating risk?
Question2: Which of the following vulnerability assessment software can check for weak passwords on the network?
Question3: Which of the following is NOT true for risk governance?
Question4: What is the most important benefit of classifying information assets?
Question5: You are the project manager of GHT project. You have planned the risk response process and now you are about to implement various controls. What you should do before relying on any of the controls?
Question6: You are the project manager of GRT project. You discovered that by bringing on more qualified resources or by providing even better quality than originally planned, could result in reducing the amount of time required to complete the project. If your organization seizes this opportunity it would be an example of what risk response?
Question7: Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?
Question8: Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?
Question9: Which of the following baselines identifies the specifications required by the resource that meet the approved requirements?
Question10: Which of the following are sub-categories of threat?
Each correct answer represents a complete solution. Choose three.
Question11: In which of the following risk management capability maturity levels does the enterprise takes major business decisions considering the probability of loss and the probability of reward? Each correct answer represents a complete solution. Choose two.
Question12: What is the IMMEDIATE step after defining set of risk scenarios?
Question13: Which of the following actions assures management that the organization's objectives are protected from the occurrence of risk events?
Question14: Wendy is about to perform qualitative risk analysis on the identified risks within her project. Which one of the following will NOT help Wendy to perform this project management activity?
Question15: Which of the following should be considered to ensure that risk responses that are adopted are cost- effective and are aligned with business objectives?
Each correct answer represents a part of the solution. Choose three.
Question16: Which of the following is the PRIMARY requirement before choosing Key performance indicators of an enterprise?
Question17: What are the functions of audit and accountability control?
Each correct answer represents a complete solution. Choose all that apply.
Question18: Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?
Question19: You are the project manager of the HGT project in Bluewell Inc. The project has an asset valued at
$125,000 and is subjected to an exposure factor of 25 percent. What will be the Single Loss Expectancy of this project?
Question20: Which of the following is the way to verify control effectiveness?
Question21: Which of the following statements is NOT true regarding the risk management plan?
Question22: There are four inputs to the Monitoring and Controlling Project Risks process. Which one of the following will NOT help you, the project manager, to prepare for risk monitoring and controlling?
Question23: You are the risk professional of your enterprise. You have performed cost and benefit analysis of control that you have adopted. What are all the benefits of performing cost and benefit analysis of control? Each correct answer represents a complete solution. Choose three.
Question24: Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?
Question25: Ben is the project manager of the CMH Project for his organization. He has identified a risk that has a low probability of happening, but the impact of the risk event could save the project and the organization with a significant amount of capital. Ben assigns Laura to the risk event and instructs her to research the time, cost, and method to improve the probability of the positive risk event. Ben then communicates the risk event and response to management. What risk response has been used here?
Question26: Out of several risk responses, which of the following risk responses is used for negative risk events?
Question27: Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?
Question28: You are the project manager of project for a client. The client has promised your company a bonus, if the project is completed early. After studying the project work, you elect to crash the project in order to realize the early end date. This is an example of what type of risk response?
Question29: You are the project manager of GHT project. You have identified a risk event on your current project that could save $670,000 in project costs if it occurs. Your organization is considering hiring a vendor to help establish proper project management techniques in order to assure it realizes these savings. Which of the following statements is TRUE for this risk event?
Question30: You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?
Question31: You are the project manager of GHT project. You have initiated the project and conducted the feasibility study. What result would you get after conducting feasibility study?
Each correct answer represents a complete solution. Choose all that apply.
Question32: Which among the following is the MOST crucial part of risk management process?
Question33: You work as a project manager for Bluewell Inc. You have identified a project risk. You have then implemented the risk action plan and it turn out to be non-effective. What type of plan you should implement in such case?
Question34: You are the project manager of GHT project. You have applied certain control to prevent the unauthorized changes in your project. Which of the following control you would have applied for this purpose?
Question35: What are the two MAJOR factors to be considered while deciding risk appetite level? Each correct answer represents a part of the solution. Choose two.
Question36: Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?
Question37: You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?
Question38: A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?
Question39: Which of the following is the priority of data owners when establishing risk mitigation method?
Question40: Which among the following acts as a trigger for risk response process?
Question41: You are the project manager of GHT project. You have selected appropriate Key Risk Indicators for your project. Now, you need to maintain those Key Risk Indicators. What is the MOST important reason to maintain Key Risk Indicators?
Question42: Which of the following is the greatest risk to reporting?
Question43: You work as a project manager for BlueWell Inc. Your project is using a new material to construct a large warehouse in your city. This new material is cheaper than traditional building materials, but it takes some time to learn how to use the material properly. You have communicated to the project stakeholders that you will be able to save costs by using the new material, but you will need a few extra weeks to complete training to use the materials. This risk response of learning how to use the new materials can also be known as what term?
Question44: Which of the following are the security plans adopted by the organization?
Each correct answer represents a complete solution. Choose all that apply.
Question45: An interruption in business productivity is considered as which of the following risks?
Question46: John works as a project manager for BlueWell Inc. He is determining which risks can affect the project.
Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?
Question47: When does the Identify Risks process take place in a project?
Question48: Jane is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are referred to as?
Question49: Shelly is the project manager of the BUF project for her company. In this project Shelly needs to establish some rules to reduce the influence of risk bias during the qualitative risk analysis process. What method can Shelly take to best reduce the influence of risk bias?
Question50: Which of the following establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc?
Question51: You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register?
Each correct answer represents a complete solution. Choose two.
Question52: Kelly is the project manager of the NNQ Project for her company. This project will last for one year and has a budget of $350,000. Kelly is working with her project team and subject matter experts to begin the risk response planning process. What are the two inputs that Kelly would need to begin the plan risk response process?
Question53: You are the project manager of the GHT project. This project will last for 18 months and has a project budget of $567,000. Robert, one of your stakeholders, has introduced a scope change request that will likely have an impact on the project costs and schedule. Robert assures you that he will pay for the extra time and costs associated with the risk event. You have identified that change request may also affect other areas of the project other than just time and cost. What project management component is responsible for evaluating a change request and its impact on all of the project management knowledge areas?
Question54: Qualitative risk assessment uses which of the following terms for evaluating risk level?
Each correct answer represents a part of the solution. Choose two.
Question55: Stephen is the project manager of the GBB project. He has worked with two subject matter experts and his project team to complete the risk assessment technique. There are approximately 47 risks that have a low probability and a low impact on the project. Which of the following answers best describes what Stephen should do with these risk events?
Question56: You are working in an enterprise. Your enterprise owned various risks. Which among the following is MOST likely to own the risk to an information system that supports a critical business process?
Question57: For which of the following risk management capability maturity levels do the statement given below is true?
"Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"
Question58: Which of the following is the MOST important objective of the information system control?
Question59: You are the program manager for your organization and you are working with Alice, a project manager in her program. Alice calls you and insists you to add a change to program scope. You agree for that the change. What must Alice do to move forward with her change request?
Question60: Which of the following risk responses include feedback and guidance from well-qualified risk officials and those internal to the project?
Question61: You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here?
Question62: During which of the following processes, probability and impact matrix are prepared?
Question63: You are the project manager of the QPS project. You and your project team have identified a pure risk.
You along with the key stakeholders, decided to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?
Question64: You work as a Project Manager for Company Inc. You have to conduct the risk management activities for a project. Which of the following inputs will you use in the plan risk management process?
Each correct answer represents a complete solution. Choose all that apply.
Question65: You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. Which of the following inputs will be needed for the qualitative risk analysis process in your project?
Each correct answer represents a complete solution. Choose all that apply.
Question66: There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to quantitative risk analysis process?
Question67: Which of the following is the MOST effective inhibitor of relevant and efficient communication?
Question68: Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response?
Question69: Which of the following steps ensure effective communication of the risk analysis results to relevant stakeholders? Each correct answer represents a complete solution. Choose three.
Question70: Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level to the most mature level. Which of the following capability maturity levels shows that the enterprise does not recognize the need to consider the risk management or the business impact from IT risk?
Question71: You are working as a project manager in Bluewell Inc.. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
Question72: What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?
Question73: John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?
Question74: Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?
Question75: You are the project manager in your enterprise. You have identified occurrence of risk event in your enterprise. You have pre-planned risk responses. You have monitored the risks that had occurred. What is the immediate step after this monitoring process that has to be followed in response to risk events?
Question76: Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing.
Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?
Question77: Which of the following is the BEST defense against successful phishing attacks?
Question78: Which of the following BEST ensures that a firewall is configured in compliance with an enterprise's security policy?
Question79: Which of the following parameters would affect the prioritization of the risk responses and development of the risk response plan? Each correct answer represents a complete solution. Choose three.
Question80: You have been assigned as the Project Manager for a new project that involves building of a new roadway between the city airport to a designated point within the city. However, you notice that the transportation permit issuing authority is taking longer than the planned time to issue the permit to begin construction.
What would you classify this as?
Question81: Which section of the Sarbanes-Oxley Act specifies "Periodic financial reports must be certified by CEO and CFO"?
Question82: Which of the following documents is described in the statement below?
"It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."
Question83: FISMA requires federal agencies to protect IT systems and data. How often should compliance be audited by an external organization?
Question84: Which of the following risks is the risk that happen with an important business partner and affects a large group of enterprises within an area or industry?
Question85: You are working in an enterprise. You project deals with important files that are stored on the computer.
You have identified the risk of the failure of operations. To address this risk of failure, you have guided the system administrator sign off on the daily backup. This scenario is an example of which of the following?
Question86: You are the project manager for BlueWell Inc. You have noticed that the risk level in your project increases above the risk tolerance level of your enterprise. You have applied several risk response. Now you have to update the risk register in accordance to risk response process. All of the following are included in the risk register except for which item?
Question87: What are the functions of the auditor while analyzing risk?
Each correct answer represents a complete solution. Choose three.
Question88: You are the project manager of HFD project. You have identified several project risks. You have adopted alternatives to deal with these risks which do not attempt to reduce the probability of a risk event or its impacts. Which of the following response have you implemented?
Question89: Which of the following are true for quantitative analysis?
Each correct answer represents a complete solution. Choose three.
Question90: Natural disaster is BEST associated to which of the following types of risk?
Question91: You are the project manager of the NHQ project in Bluewell Inc. The project has an asset valued at
$200,000 and is subjected to an exposure factor of 45 percent. If the annual rate of occurrence of loss in this project is once a month, then what will be the Annual Loss Expectancy (ALE) of the project?
Question92: You are the project manager of HJT project. You want to measure the operational effectiveness of risk management capabilities. Which of the following is the BEST option to measure the operational effectiveness?
Question93: Which of the following nodes of the decision tree analysis represents the start point of decision tree?
Question94: You are the Risk Official in Bluewell Inc. You have detected much vulnerability during risk assessment process. What you should do next?
Question95: Which one of the following is the only output for the qualitative risk analysis process?
Question96: Which of the following statements is NOT true regarding the risk management plan?
Question97: Henry is the project sponsor of the JQ Project and Nancy is the project manager. Henry has asked Nancy to start the risk identification process for the project, but Nancy insists that the project team be involved in the process. Why should the project team be involved in the risk identification?
Question98: Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?
Question99: According to the Section-302 of the Sarbanes-Oxley Act of 2002, what does certification of reports implies?
Each correct answer represents a complete solution. Choose three.
Question100: Which of the following will significantly affect the standard information security governance model?
Question101: Which of the following BEST measures the operational effectiveness of risk management capabilities?
Question102: You are the project manager of GHT project. During the data extraction process you evaluated the total number of transactions per year by multiplying the monthly average by twelve. This process of evaluating total number of transactions is known as?
Question103: David is the project manager of HRC project. He concluded while HRC project is in process that if he adopts e-commerce, his project can be more fruitful. But he did not engaged in electronic commerce (e- commerce) so that he would escape from risk associated with that line of business. What type of risk response had he adopted?
Question104: You are the project manager of GHT project. You have analyzed the risk and applied appropriate controls.
In turn, you got residual risk as a result of this. Residual risk can be used to determine which of the following?
Question105: What are the PRIMARY objectives of a control?
Question106: You are the project manager of GHT project. You have identified a risk event on your project that could save $100,000 in project costs if it occurs. Which of the following statements BEST describes this risk event?
Question107: Which of the following assets are the examples of intangible assets of an enterprise?
Each correct answer represents a complete solution. Choose two.
Question108: Which of the following is the BEST way of managing risk inherent to wireless network?
Question109: Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization. Which of the following assessment are you doing?
Question110: Which of the following IS processes provide indirect information?
Each correct answer represents a complete solution. Choose three.
Question111: Which of the following is the MOST important aspect to ensure that an accurate risk register is maintained?
Question112: You work as a project manager for BlueWell Inc. You have declined a proposed change request because of the risk associated with the proposed change request. Where should the declined change request be documented and stored?
Question113: Judy has identified a risk event in her project that will have a high probability and a high impact. Based on the requirements of the project, Judy has asked to change the project scope to remove the associated requirement and the associated risk. What type of risk response is this?
Question114: You are the project manager of GHT project. A risk event has occurred in your project and you have identified it. Which of the following tasks you would do in reaction to risk event occurrence? Each correct answer represents a part of the solution. Choose three.
Question115: David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000.
What type of risk response has David adopted?
Question116: Where are all risks and risk responses documented as the project progresses?
Question117: Which of the following type of risk could result in bankruptcy?
Question118: You are the project manager of GHT project. A stakeholder of this project requested a change request in this project. What are your responsibilities as the project manager that you should do in order to approve this change request?
Each correct answer represents a complete solution. Choose two.
Question119: You are working in an enterprise. Assuming that your enterprise periodically compares finished goods inventory levels to the perpetual inventories in its ERP system. What kind of information is being provided by the lack of any significant differences between perpetual levels and actual levels?
Question120: Which of the following do NOT indirect information?
Question121: You are the project manager in your enterprise. You have identified risk that is noticeable failure threatening the success of certain goals of your enterprise. In which of the following levels do this identified risk exists?
Question122: In which of the following risk management capability maturity levels risk appetite and tolerance are applied only during episodic risk assessments?
Question123: Which of the following is NOT the method of Qualitative risk analysis?
Question124: What are the steps that are involved in articulating risks? Each correct answer represents a complete solution. Choose three.
Question125: You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?
Question126: Which of the following is BEST described by the definition below?
"They are heavy influencers of the likelihood and impact of risk scenarios and should be taken into account during every risk analysis, when likelihood and impact are assessed."
Question127: Which of the following processes is described in the statement below?
"It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."
Question128: When a risk cannot be sufficiently mitigated through manual or automatic controls, which of the following options will BEST protect the enterprise from the potential financial impact of the risk?
Question129: Which of the following items is considered as an objective of the three dimensional model within the framework described in COSO ERM?
Question130: Where are all risks and risk responses documented as the project progresses?
Question131: Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?
Question132: Which of the following is the FOREMOST root cause of project risk?
Each correct answer represents a complete solution. Choose two.
Question133: Mortality tables are based on what mathematical activity?
Each correct answer represents a complete solution. Choose three.
Question134: A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?
Question135: You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
Question136: You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?
Question137: How residual risk can be determined?
Question138: Which of the following control audit is performed to assess the efficiency of the productivity in the operations environment?
Question139: You are the project manager of GFT project. Your project involves the use of electrical motor. It was stated in its specification that if its temperature would increase to 500 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. If the machine overheats even once it will delay the project's arrival date. So to prevent this you have decided while creating response that if the temperature of the machine reach 450, the machine will be paused for at least an hour so as to normalize its temperature. This temperature of 450 degree is referred to as?
Question140: If one says that the particular control or monitoring tool is sustainable, then it refers to what ability?
Question141: Which among the following is the BEST reason for defining a risk response?
Question142: You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?
Question143: You are the risk professional of your enterprise. You need to calculate potential revenue loss if a certain risks occurs. Your enterprise has an electronic (e-commerce) web site that is producing US $1 million of revenue each day, then if a denial of service (DoS) attack occurs that lasts half a day creates how much loss?
Question144: Which of the following is a performance measure that is used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments?
Question145: Which of the following comes under phases of risk management?
Question146: Which of the following is the MOST effective inhibitor of relevant and efficient communication?
Question147: John is the project manager of the HGH Project for her company. He and his project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of response does John adopt here?
Question148: Which of the following is NOT true for risk management capability maturity level 1?
Question149: While developing obscure risk scenarios, what are the requirements of the enterprise?
Each correct answer represents a part of the solution. Choose two.
Question150: Which of the following is NOT true for effective risk communication?
Question151: You are the project manager for BlueWell Inc. Your current project is a high priority and high profile project within your organization. You want to identify the project stakeholders that will have the most power in relation to their interest on your project. This will help you plan for project risks, stakeholder management, and ongoing communication with the key stakeholders in your project. In this process of stakeholder analysis, what type of a grid or model should you create based on these conditions?
Question152: You work as a project manager for BlueWell Inc. You are preparing for the risk identification process. You will need to involve several of the project's key stakeholders to help you identify and communicate the identified risk events. You will also need several documents to help you and the stakeholders identify the risk events. Which one of the following is NOT a document that will help you identify and communicate risks within the project?
Question153: You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. Choose all that apply.
Question154: Which of the following is the BEST method for discovering high-impact risk types?
Question155: You are the risk official of your enterprise. Your enterprise takes important decisions without considering risk credential information and is also unaware of external requirements for risk management and integration with enterprise risk management. In which of the following risk management capability maturity levels does your enterprise exists?
Question156: Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes. What is the primary advantage to group risks by common causes during qualitative risk analysis?
Question157: What is the MAIN purpose of designing risk management programs?
Question158: Which of the following is NOT true for Key Risk Indicators?
Question159: While considering entity-based risks, which dimension of the COSO ERM framework is being referred?
Question160: Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just
$15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?
Question161: You are working as the project manager of the ABS project. The project is for establishing a computer network in a school premises. During the project execution, the school management asks to make the campus Wi-Fi enabled. You know that this may impact the project adversely. You have discussed the change request with other stakeholders. What will be your NEXT step?
Question162: To which level the risk should be reduced to accomplish the objective of risk management?
Question163: Which of the following is the MOST important use of KRIs?
Question164: You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?
Question165: You are the risk professional of your enterprise. Your enterprise has introduced new systems in many departments. The business requirements that were to be addressed by the new system are still unfulfilled, and the process has been a waste of resources. Even if the system is implemented, it will most likely be underutilized and not maintained making it obsolete in a short period of time. What kind of risk is it?
Question166: Which of the following controls is an example of non-technical controls?
Question167: Jane, the Director of Sales, contacts you and demands that you add a new feature to the software your project team is creating for the organization. In the meeting she tells you how important the scope change would be. You explain to her that the software is almost finished and adding a change now could cause the deliverable to be late, cost additional funds, and would probably introduce new risks to the project. Jane stands up and says to you, "I am the Director of Sales and this change will happen in the project." And then she leaves the room. What should you do with this verbal demand for a change in the project?
Question168: What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?
Question169: You are an experienced Project Manager that has been entrusted with a project to develop a machine which produces auto components. You have scheduled meetings with the project team and the key stakeholders to identify the risks for your project. Which of the following is a key output of this process?
Question170: Which of the following components ensures that risks are examined for all new proposed change requests in the change control system?
Question171: Which of the following statements BEST describes policy?
Question172: You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?
Question173: Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.
Question174: Fred is the project manager of a large project in his organization. Fred needs to begin planning the risk management plan with the project team and key stakeholders. Which plan risk management process tool and technique should Fred use to plan risk management?
Question175: Which of the following are the principles of risk management?
Each correct answer represents a complete solution. Choose three.
Question176: What are the requirements of effectively communicating risk analysis results to the relevant stakeholders?
Each correct answer represents a part of the solution. Choose three.
Question177: What is the process for selecting and implementing measures to impact risk called?
Question178: What is the value of exposure factor if the asset is lost completely?
Question179: You are working in Bluewell Inc. which make advertisement Websites. Someone had made unauthorized changes to a your Website. Which of the following terms refers to this type of loss?
Question180: You are the project manager of a HGT project that has recently finished the final compilation process. The project customer has signed off on the project completion and you have to do few administrative closure activities. In the project, there were several large risks that could have wrecked the project but you and your project team found some new methods to resolve the risks without affecting the project costs or project completion date. What should you do with the risk responses that you have identified during the project's monitoring and controlling process?
Question181: Jeff works as a Project Manager for www.company.com Inc. He and his team members are involved in the identify risk process. Which of the following tools & techniques will Jeff use in the identify risk process?
Each correct answer represents a complete solution. Choose all that apply.
Question182: You are the IT manager in Bluewell Inc. You identify a new regulation for safeguarding the information processed by a specific type of transaction. What would be the FIRST action you will take?
Question183: Which of the following is the MOST important reason to maintain key risk indicators (KRIs)?
Question184: Which of the following is the best reason for performing risk assessment?
Question185: What is the FIRST phase of IS monitoring and maintenance process?
Question186: You are the project manager of the KJH Project and are working with your project team to plan the risk responses. Consider that your project has a budget of $500,000 and is expected to last six months. Within the KJH Project you have identified a risk event that has a probability of .70 and has a cost impact of
$350,000. When it comes to creating a risk response for this event what is the risk exposure of the event that must be considered for the cost of the risk response?
Question187: A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?
Question188: You work as a Project Manager for www.company.com Inc. You have to measure the probability, impact, and risk exposure. Then, you have to measure how the selected risk response can affect the probability and impact of the selected risk event. Which of the following tools will help you to accomplish the task?
Question189: Which of the following methods involves the use of predictive or diagnostic analytical tool for exposing risk factors?
Question190: Which of the following is a technique that provides a systematic description of the combination of unwanted occurrences in a system?
Question191: You are the project manager of the AFD project for your company. You are working with the project team to reassess existing risk events and to identify risk events that have not happened and whose relevancy to the project has passed. What should you do with these events that have not happened and would not happen now in the project?
Question192: Which of the following considerations should be taken into account while selecting risk indicators that ensures greater buy-in and ownership?
Question193: Which among the following acts as a trigger for risk response process?
Question194: Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?
Question195: You are the risk official in Bluewell Inc. You are supposed to prioritize several risks. A risk has a rating for occurrence, severity, and detection as 4, 5, and 6, respectively. What Risk Priority Number (RPN) you would give to it?
Question196: You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take?
Question197: Risks to an organization's image are referred to as what kind of risk?
Question198: In the project initiation phase of System Development Life Cycle, there is information on project initiated by which of the following role carriers?
Question199: You are the project manager of HJT project. Important confidential files of your project are stored on a computer. Keeping the unauthorized access of this computer in mind, you have placed a hidden CCTV in the room, even on having protection password. Which kind of control CCTV is?
Question200: Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?
Question201: You are the project manager of the PFO project. You are working with your project team members and two subject matter experts to assess the identified risk events in the project. Which of the following approaches is the best to assess the risk events in the project?
Question202: Tom works as a project manager for BlueWell Inc. He is determining which risks can affect the project.
Which of the following inputs of the identify risks process is useful in identifying risks, and provides a quantitative assessment of the likely cost to complete the scheduled activities?
Question203: Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?
Question204: Out of several risk responses, which of the following risk responses is used for negative risk events?
Question205: You are the project manager of GHT project. Your hardware vendor left you a voicemail saying that the delivery of the equipment you have ordered would not arrive on time. She wanted to give you a heads-up and asked that you return the call. Which of the following statements is TRUE?
Question206: You are the project manager of a SGT project. You have been actively communicating and working with the project stakeholders. One of the outputs of the "manage stakeholder expectations" process can actually create new risk events for your project. Which output of the manage stakeholder expectations process can create risks?
Question207: Which of the following statements are true for enterprise's risk management capability maturity level 3?
Question208: Which of the following is the MOST critical security consideration when an enterprise outsource its major part of IT department to a third party whose servers are in foreign company?
Question209: Which of the following statements are true for risk communication? Each correct answer represents a complete solution. Choose three.
Question210: Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly. What type of risk response had been used by him?
Question211: The Identify Risk process determines the risks that affect the project and document their characteristics.
Why should the project team members be involved in the Identify Risk process?
Question212: You and your project team have identified a few risk events in the project and recorded the events in the risk register. Part of the recording of the events includes the identification of a risk owner. Who is a risk owner?
Question213: Which of the following risks is associated with not receiving the right information to the right people at the right time to allow the right action to be taken?
Question214: You are the project manager of the GHT project. You are accessing data for further analysis. You have chosen such a data extraction method in which management monitors its own controls. Which of the following data extraction methods you are using here?
Question215: Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes?
Question216: You work as the project manager for Company Inc. The project on which you are working has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
Question217: You are the project manager of GHT project. You want to perform post-project review of your project. What is the BEST time to perform post-project review by you and your project development team to access the effectiveness of the project?
Question218: Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition.
Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?
Question219: Who is at the BEST authority to develop the priorities and identify what risks and impacts would occur if there were loss of the organization's private information?
Question220: Your project spans the entire organization. You would like to assess the risk of your project but worried about that some of the managers involved in the project could affect the outcome of any risk identification meeting. Your consideration is based on the fact that some employees would not want to publicly identify risk events that could declare their supervision as poor. You would like a method that would allow participants to anonymously identify risk events. What risk identification method could you use?
Question221: Which of the following laws applies to organizations handling health care information?
Question222: Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?
Question223: Which of the following techniques examines the degree to which organizational strengths offset threats and opportunities that may serve to overcome weaknesses?
Question224: What is the PRIMARY need for effectively assessing controls?
Question225: Which of the following is the first MOST step in the risk assessment process?
Question226: Which of the following are true for threats?
Each correct answer represents a complete solution. Choose three.
Question227: Which of the following is true for risk management frameworks, standards and practices?
Each correct answer represents a part of the solution. Choose three.
Question228: Which of the following statements is true for risk analysis?
Question229: When it appears that a project risk is going to happen, what is this term called?
Question230: You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?
Question231: Which of the following controls focuses on operational efficiency in a functional area sticking to management policies?
Question232: Which of the following BEST ensures that a firewall is configured in compliance with an enterprise's security policy?
Question233: You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project?
Question234: Which of the following characteristics of risk controls can be defined as under?
"The separation of controls in the production environment rather than the separation in the design and implementation of the risk"
Question235: You are the project manager for GHT project. You need to perform the Qualitative risk analysis process.
When you have completed this process, you will produce all of the following as part of the risk register update output except which one?
Question236: Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise's information security policy?
Question237: An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.
Question238: During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
Question239: What activity should be done for effective post-implementation reviews during the project?
Question240: John works as a project manager for BlueWell Inc. He is determining which risks can affect the project.
Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?
Question241: You have been assigned as the Project Manager for a new project that involves development of a new interface for your existing time management system. You have completed identifying all possible risks along with the stakeholders and team and have calculated the probability and impact of these risks. Which of the following would you need next to help you prioritize the risks?
Question242: Which of the following are the responsibilities of Enterprise risk committee?
Each correct answer represents a complete solution. Choose three.
Question243: What are the functions of audit and accountability control?
Each correct answer represents a complete solution. Choose all that apply.
Question244: Which of the following is an acceptable method for handling positive project risk?
Question245: Which of the following should be PRIMARILY considered while designing information systems controls?
Question246: Which of the following is true for Cost Performance Index (CPI)?
Question247: You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document do you and your team is creating in this scenario?
Question248: Billy is the project manager of the HAR Project and is in month six of the project. The project is scheduled to last for 18 months.
Management asks Billy how often the project team is participating in risk reassessment in this project.
What should Billy tell management if he's following the best practices for risk management?
Question249: Which of the following matrices is used to specify risk thresholds?
Question250: You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
Question251: You are completing the qualitative risk analysis process with your project team and are relying on the risk management plan to help you determine the budget, schedule for risk management, and risk categories.
You discover that the risk categories have not been created. When the risk categories should have been created?
Question252: Which of the following aspect of monitoring tool ensures that the monitoring tool has the ability to keep up with the growth of an enterprise?
Question253: You are the project manager of your project. You have to analyze various project risks. You have opted for quantitative analysis instead of qualitative risk analysis. What is the MOST significant drawback of using quantitative analysis over qualitative risk analysis?
Question254: You are the project manager of your enterprise. You have identified several risks. Which of the following responses to risk is considered the MOST appropriate?
Question255: Which of the following is the HIGHEST risk of a policy that inadequately defines data and system ownership?
Question256: You work as a project manager for BlueWell Inc. You have declined a proposed change request because of the risk associated with the proposed change request. Where should the declined change request be documented and stored?
Question257: You are the project manager of a large construction project. This project will last for 18 months and will cost $750,000 to complete. You are working with your project team, experts, and stakeholders to identify risks within the project before the project work begins. Management wants to know why you have scheduled so many risk identification meetings throughout the project rather than just initially during the project planning. What is the best reason for the duplicate risk identification sessions?
Question258: You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission refers to?
Question259: You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?
Question260: Which of the following control detects problem before it can occur?
Question261: How are the potential choices of risk based decisions are represented in decision tree analysis?
Question262: Which of the following business requirements MOST relates to the need for resilient business and information systems processes?
Question263: You are the project manager of GHT project. You identified a risk of noncompliance with regulations due to missing of a number of relatively simple procedures.
The response requires creating the missing procedures and implementing them. In which of the following risk response prioritization should this case be categorized?
Question264: You are working in an enterprise. You enterprise is willing to accept a certain amount of risk. What is this risk called?
Question265: You are elected as the project manager of GHT project. You are in project initialization phase and are busy in defining requirements for your project. While defining requirements you are describing how users will interact with a system. Which of the following requirements are you defining here?
Question266: You are the project manager of GHT project. Your hardware vendor left you a voicemail saying that the delivery of the equipment you have ordered would not arrive on time. You identified a risk response strategy for this risk and have arranged for a local company to lease you the needed equipment until yours arrives. This is an example of which risk response strategy?
Question267: You work as a project manager for BlueWell Inc. You are involved with the project team on the different risk issues in your project. You are using the applications of IRGC model to facilitate the understanding and managing the rising of the overall risks that have impacts on the economy and society. One of your team members wants to know that what the need to use the IRGC is. What will be your reply?
Question268: You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?
Question269: Which of the following is MOST appropriate method to evaluate the potential impact of legal, regulatory, and contractual requirements on business objectives?
Question270: Which of the following should be PRIMARILY considered while designing information systems controls?
Question271: You are preparing to complete the quantitative risk analysis process with your project team and several subject matter experts. You gather the necessary inputs including the project's cost management plan.
Why is it necessary to include the project's cost management plan in the preparation for the quantitative risk analysis process?
Question272: You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a server. For this assessment you need to calculate monetary value of the server. On which of the following bases do you calculate monetary value?
Question273: What are the requirements for creating risk scenarios? Each correct answer represents a part of the solution. Choose three.
Question274: Which of the following decision tree nodes have probability attached to their branches?
Question275: Suppose you are working in Techmart Inc. which sells various products through its website. Due to some recent losses, you are trying to identify the most important risks to the Website. Based on feedback from several experts, you have come up with a list. You now want to prioritize these risks. Now in which category you would put the risk concerning the modification of the Website by unauthorized parties.
Question276: Which of the following is the most accurate definition of a project risk?
Question277: What are the three PRIMARY steps to be taken to initialize the project?
Each correct answer represents a complete solution. Choose all that apply.
Question278: Which of the following is the MOST effective method for indicating that the risk level is approaching a high or unacceptable level of risk?
Question279: You work as a Project Manager for Company Inc. You are incorporating a risk response owner to take the job for each agreed-to and funded risk response. On which of the following processes are you working?
Question280: Which of the following is the process of numerically analyzing the effects of identified risks on the overall enterprise's objectives?
Question281: A teaming agreement is an example of what type of risk response?
Question282: What are the PRIMARY requirements for developing risk scenarios?
Each correct answer represents a part of the solution. Choose two.
Question283: Which of the following serve as the authorization for a project to begin?
Question284: What are the responsibilities of the CRO?
Each correct answer represents a complete solution. Choose three.
Question285: You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission refers to?
Question286: You are the product manager in your enterprise. You have identified that new technologies, products and services are introduced in your enterprise time-to-time. What should be done to prevent the efficiency and effectiveness of controls due to these changes?
Question287: Which of the following processes is described in the statement below?
"It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."
Question288: Which of the following is the final step in the policy development process?
Question289: Which of the following processes is described in the statement below?
"It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."
Question290: Which of the following controls do NOT come under technical class of control?
Question291: You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?
Question292: Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response?
Question293: You are a project manager for your organization and you're working with four of your key stakeholders.
One of the stakeholders is confused as to why you're not discussing the current problem in the project during the risk identification meeting. Which one of the following statements best addresses when a project risk actually happens?
Question294: Which of the following phases is involved in the Data Extraction, Validation, Aggregation and Analysis?
Question295: Which of the following are the common mistakes while implementing KRIs?
Each correct answer represents a complete solution. Choose three.
Question296: Which of the following come under the management class of controls?
Each correct answer represents a complete solution. Choose all that apply.
Question297: Mary is a project manager in her organization. On her current project she is working with her project team and other key stakeholders to identify the risks within the project. She is currently aiming to create a comprehensive list of project risks so she is using a facilitator to help generate ideas about project risks.
What risk identification method is Mary likely using?
Question298: Which of the following test is BEST to map for confirming the effectiveness of the system access management process?
Question299: Mike is the project manager of the NNP Project for his organization. He is working with his project team to plan the risk responses for the NNP Project. Mike would like the project team to work together on establishing risk thresholds in the project. What is the purpose of establishing risk threshold?
Question300: Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events?
Question301: Which of the following characteristics of risk controls answers the aspect about the control given below:
"Will it continue to function as expressed over the time and adopts as changes or new elements are introduced to the environment"
Question302: Which of the following process ensures that extracted data are ready for analysis?
Question303: You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?
Question304: You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?
Question305: Your project team has completed the quantitative risk analysis for your project work. Based on their findings, they need to update the risk register with several pieces of information. Which one of the following components is likely to be updated in the risk register based on their analysis?
Question306: Which of the following terms is described in the statement below?
"They are the prime monitoring indicators of the enterprise, and are highly relevant and possess a high probability of predicting or indicating important risk."
Question307: Which of following is NOT used for measurement of Critical Success Factors of the project?
Question308: Which of the following role carriers are responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk-aware business decisions, and setting the enterprise's risk culture?
Each correct answer represents a complete solution. Choose two.
Question309: You are the project manager of a large networking project. During the execution phase the customer requests for a change in the existing project plan. What will be your immediate action?
Question310: Which of the following aspects are included in the Internal Environment Framework of COSO ERM?
Each correct answer represents a complete solution. Choose three.
Question311: Which of the following role carriers will decide the Key Risk Indicator of the enterprise?
Each correct answer represents a part of the solution. Choose two.
Question312: Which of the following control is used to ensure that users have the rights and permissions they need to perform their jobs, and no more?
Question313: Risks with low ratings of probability and impact are included for future monitoring in which of the following?
Question314: You are the project manager of your enterprise. While performing risk management, you are given a task to identify where your enterprise stand in certain practice and also to suggest the priorities for improvements. Which of the following models would you use to accomplish this task?
Question315: What are the responsibilities of the CRO?
Each correct answer represents a complete solution. Choose three.
Question316: You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document do you and your team is creating in this scenario?
Question317: Which of the following is an output of risk assessment process?
Question318: What are the various outputs of risk response?
Question319: You are the project manager of GHT project. You have implemented an automated tool to analyze and report on access control logs based on severity. This tool generates excessively large amounts of results.
You perform a risk assessment and decide to configure the monitoring tool to report only when the alerts are marked "critical". What you should do in order to fulfill that?
Question320: The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?
Question321: Which of the following is the priority of data owners when establishing risk mitigation method?
Question322: Which of the following process ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule?
Question323: You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?
Question324: You are working with a vendor on your project. A stakeholder has requested a change for the project, which will add value to the project deliverables. The vendor that you're working with on the project will be affected by the change. What system can help you introduce and execute the stakeholder change request with the vendor?
Question325: You are the project manager for your organization to install new workstations, servers, and cabling throughout a new building, where your company will be moving into. The vendor for the project informs you that the cost of the cabling has increased due to the some reason. This new cost will cause the cost of your project to increase by nearly eight percent. What change control system should the costs be entered into for review?
Question326: Which of the following are risk components of the COSO ERM framework?
Each correct answer represents a complete solution. Choose three.
Question327: What are the key control activities to be done to ensure business alignment?
Each correct answer represents a part of the solution. Choose two.
Question328: Which of the following interpersonal skills has been identified as one of the biggest reasons for project success or failure?
Question329: Which negative risk response usually has a contractual agreement?
Question330: Which of the following is an administrative control?
Question331: You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a network connectivity for 1 day. Which of the following factors would you include?
Question332: Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?
Question333: Marie has identified a risk event in her project that needs a mitigation response. Her response actually creates a new risk event that must now be analyzed and planned for. What term is given to this newly created risk event?
Question334: Which of the following represents lack of adequate controls?
Question335: Which of the following come under the phases of risk identification and evaluation?
Each correct answer represents a complete solution. Choose three.
Question336: Della works as a project manager for Tech Perfect Inc. She is studying the documentation of planning of a project. The documentation states that there are twenty-eight stakeholders with the project. What will be the number of communication channels for the project?
Question337: You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
Question338: You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?
Question339: You work as a project manager for TechSoft Inc. You are working with the project stakeholders on the qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?
Question340: Which of the following individuals is responsible for identifying process requirements, approving process design and managing process performance?
Question341: You are the project manager of the NNN Project. Stakeholders in the two-year project have requested to send status reports to them via. email every week. You have agreed and send reports every Thursday.
After six months of the project, the stakeholders are pleased with the project progress and they would like you to reduce the status reports to every two weeks. What process will examine the change to this project process and implement it in the project?
Question342: You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?
Question343: Which of the following is true for risk evaluation?
Question344: Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?
Question345: Which of the following are external risk factors?
Each correct answer represents a complete solution. Choose three.
Question346: Using which of the following one can produce comprehensive result while performing qualitative risk analysis?
Question347: Which of the following risks refer to probability that an actual return on an investment will be lower than the investor's expectations?
Question348: You are the risk professional in Bluewell Inc. A risk is identified and enterprise wants to quickly implement control by applying technical solution that deviates from the company's policies. What you should do?
Question349: Malicious code protection is which type control?
Question350: You are the project manager of HGT project. You have identified project risks and applied appropriate response for its mitigation. You noticed a risk generated as a result of applying response. What this resulting risk is known as?
Question351: Ben works as a project manager for the MJH Project. In this project, Ben is preparing to identify stakeholders so he can communicate project requirements, status, and risks. Ben has elected to use a salience model as part of his stakeholder identification process. Which of the following activities best describes a salience model?
Question352: Which of the following operational risks ensures that the provision of a quality product is not overshadowed by the production costs of that product?
Question353: You are the risk official at Bluewell Inc. There are some risks that are posing threat on your enterprise. You are measuring exposure of those risk factors, which has the highest potential, by examining the extent to which the uncertainty of each element affects the object under consideration when all other uncertain elements are held at their baseline values. Which type of analysis you are performing?
Question354: Your project has several risks that may cause serious financial impact if they occur. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?
Question355: What is the PRIMARY objective difference between an internal and an external risk management assessment reviewer?
Question356: Which of the following parameters are considered for the selection of risk indicators?
Each correct answer represents a part of the solution. Choose three.
Question357: You are the project manager for your organization. You are preparing for the quantitative risk analysis.
Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?
Question358: One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?
Question359: Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?
Question360: You are the project manager for Bluewell Inc. You are studying the documentation of project plan. The documentation states that there are twenty-five stakeholders with the project. What will be the number of communication channel s for the project?
Question361: Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise's information security policy?
Question362: You are the project manager of HWD project. It requires installation of some electrical machines. You and the project team decided to hire an electrician as electrical work can be too dangerous to perform. What type of risk response are you following?
Question363: Which is the MOST important parameter while selecting appropriate risk response?
Question364: Which of the following BEST describes the utility of a risk?
Question365: In which of the following conditions business units tend to point the finger at IT when projects are not delivered on time?
Question366: You are the project manager for the NHH project. You are working with your project team to examine the project from four different defined perspectives to increase the breadth of identified risks by including internally generated risks. What risk identification approach are you using in this example?
Question367: Which of the following is a key component of strong internal control environment?
Question368: Which of the following statements are true for enterprise's risk management capability maturity level 3?
Question369: Which of the following are the principles of access controls?
Each correct answer represents a complete solution. Choose three.
Question370: Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just
$15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?
Question371: You are the project manager of GHT project. You are performing cost and benefit analysis of control. You come across the result that costs of specific controls exceed the benefits of mitigating a given risk. What is the BEST action would you choose in this scenario?
Question372: Which of the following components of risk scenarios has the potential to generate internal or external threat on an enterprise?
Question373: NIST SP 800-53 identifies controls in three primary classes. What are they?
Question374: What are the requirements of monitoring risk?
Each correct answer represents a part of the solution. Choose three.
Question375: What is the value of exposure factor if the asset is lost completely?
Question376: You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?