EMT Practice Test

1. Question Content...


Question List

Question1: You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission referring to?

Question2: Kelly is the project manager of the NNQ Project for her company. This project will last for one year and has a budget of $350,000. Kelly is working with her project team and subject matter experts to begin the risk response planning process. What are the two inputs that Kelly would need to begin the plan risk response process?

Question3: Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?

Question4: Out of several risk responses, which of the following risk responses is used for negative risk events?

Question5: Henry is the project sponsor of the JQ Project and Nancy is the project manager. Henry has asked Nancy to start the risk identification process for the project, but Nancy insists that the project team be involved in the process. Why should the project team be involved in the risk identification?

Question6: Which of the following are true for threats?
Each correct answer represents a complete solution. Choose three.

Question7: You are the project manager of GRT project. You discovered that by bringing on more qualified resources or by providing even better quality than originally planned, could result in reducing the amount of time required to complete the project. If your organization seizes this opportunity it would be an example of what risk response?

Question8: Jeff works as a Project Manager for www.company.com Inc. He and his team members are involved in the identify risk process. Which of the following tools & techniques will Jeff use in the identify risk process?
Each correct answer represents a complete solution. (Choose three.)

Question9: Which of the following is NOT true for risk governance?

Question10: Risks with low ratings of probability and impact are included for future monitoring in which of the following?

Question11: Which of the following control detects problem before it can occur?

Question12: Wendy is about to perform qualitative risk analysis on the identified risks within her project. Which one of the following will NOT help Wendy to perform this project management activity?

Question13: What is the FIRST phase of IS monitoring and maintenance process?

Question14: You are the project manager of a large networking project. During the execution phase the customer requests for a change in the existing project plan. What will be your immediate action?

Question15: Which of the following interpersonal skills has been identified as one of the biggest reasons for project success or failure?

Question16: What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?

Question17: You work as the project manager for Company Inc. The project on which you are working has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

Question18: You are working in an enterprise. You project deals with important files that are stored on the computer.
You have identified the risk of the failure of operations. To address this risk of failure, you have guided the system administrator sign off on the daily backup. This scenario is an example of which of the following?

Question19: You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?

Question20: Which of following is NOT used for measurement of Critical Success Factors of the project?

Question21: Which of the following is the FOREMOST root cause of project risk?
Each correct answer represents a complete solution. Choose two.

Question22: Which of the following is MOST appropriate method to evaluate the potential impact of legal, regulatory, and contractual requirements on business objectives?

Question23: You are working as the project manager of the ABS project. The project is for establishing a computer network in a school premises. During the project execution, the school management asks to make the campus Wi-Fi enabled. You know that this may impact the project adversely. You have discussed the change request with other stakeholders. What will be your NEXT step?

Question24: You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?

Question25: You are the IT manager in Bluewell Inc. You identify a new regulation for safeguarding the information processed by a specific type of transaction. What would be the FIRST action you will take?

Question26: Which of the following statements is NOT true regarding the risk management plan?

Question27: Which of the following statements is NOT true regarding the risk management plan?

Question28: You are the project manager of your project. You have to analyze various project risks. You have opted for quantitative analysis instead of qualitative risk analysis. What is the MOST significant drawback of using quantitative analysis over qualitative risk analysis?

Question29: What is the MAIN purpose of designing risk management programs?

Question30: You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a server. For this assessment you need to calculate monetary value of the server. On which of the following bases do you calculate monetary value?

Question31: Which of the following type of risk could result in bankruptcy?

Question32: Tom works as a project manager for BlueWell Inc. He is determining which risks can affect the project.
Which of the following inputs of the identify risks process is useful in identifying risks, and provides a quantitative assessment of the likely cost to complete the scheduled activities?

Question33: You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?

Question34: You are the project manager of the AFD project for your company. You are working with the project team to reassess existing risk events and to identify risk events that have not happened and whose relevancy to the project has passed. What should you do with these events that have not happened and would not happen now in the project?

Question35: What is the PRIMARY objective difference between an internal and an external risk management assessment reviewer?

Question36: Which of the following is the BEST defense against successful phishing attacks?

Question37: You are the project manager of the QPS project. You and your project team have identified a pure risk.
You along with the key stakeholders, decided to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?

Question38: In which of the following risk management capability maturity levels does the enterprise takes major business decisions considering the probability of loss and the probability of reward? Each correct answer represents a complete solution. Choose two.

Question39: Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise's information security policy?

Question40: You are the risk professional in Bluewell Inc. You have identified a risk and want to implement a specific risk mitigation activity. What you should PRIMARILY utilize?

Question41: Which of the following control is used to ensure that users have the rights and permissions they need to perform their jobs, and no more?

Question42: You work as a project manager for BlueWell Inc. Your project is using a new material to construct a large warehouse in your city. This new material is cheaper than traditional building materials, but it takes some time to learn how to use the material properly. You have communicated to the project stakeholders that you will be able to save costs by using the new material, but you will need a few extra weeks to complete training to use the materials. This risk response of learning how to use the new materials can also be known as what term?

Question43: Which of the following is the most accurate definition of a project risk?

Question44: You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take?

Question45: You and your project team have identified a few risk events in the project and recorded the events in the risk register. Part of the recording of the events includes the identification of a risk owner. Who is a risk owner?

Question46: You are the project manager of GHT project. You identified a risk of noncompliance with regulations due to missing of a number of relatively simple procedures.
The response requires creating the missing procedures and implementing them. In which of the following risk response prioritization should this case be categorized?

Question47: Which of the following is the process of numerically analyzing the effects of identified risks on the overall enterprise's objectives?

Question48: Which of the following characteristics of risk controls answers the aspect about the control given below:
"Will it continue to function as expressed over the time and adopts as changes or new elements are introduced to the environment"

Question49: You are the project manager for BlueWell Inc. You have noticed that the risk level in your project increases above the risk tolerance level of your enterprise. You have applied several risk responses. Now you have to update the risk register in accordance to risk response process. All of the following are included in the risk register except for which item?

Question50: Which of the following are the principles of risk management?
Each correct answer represents a complete solution. Choose three.

Question51: Which of the following process ensures that extracted data are ready for analysis?

Question52: Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response?

Question53: Which of the following characteristics of risk controls can be defined as under?
"The separation of controls in the production environment rather than the separation in the design and implementation of the risk"

Question54: Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?

Question55: Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?

Question56: You are the project manager of GFT project. Your project involves the use of electrical motor. It was stated in its specification that if its temperature would increase to 500 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. If the machine overheats even once it will delay the project's arrival date. So to prevent this you have decided while creating response that if the temperature of the machine reach 450, the machine will be paused for at least an hour so as to normalize its temperature. This temperature of 450 degrees is referred to as?

Question57: You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?

Question58: Which of the following operational risks ensures that the provision of a quality product is not overshadowed by the production costs of that product?

Question59: Which of the following is the HIGHEST risk of a policy that inadequately defines data and system ownership?

Question60: One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?

Question61: Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization. Which of the following assessment are you doing?

Question62: Which of the following baselines identifies the specifications required by the resource that meet the approved requirements?

Question63: What are the requirements of monitoring risk?
Each correct answer represents a part of the solution. Choose three.

Question64: You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

Question65: FISMA requires federal agencies to protect IT systems and data. How often should compliance be audited by an external organization?

Question66: Which of the following is the BEST method for discovering high-impact risk types?

Question67: Which of the following is the MOST critical security consideration when an enterprise outsource is major part of IT department to a third party whose servers are in foreign company?

Question68: You are the Risk Official in Bluewell Inc. You have detected much vulnerability during risk assessment process. What you should do next?

Question69: You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?

Question70: John works as a project manager for BlueWell Inc. He is determining which risks can affect the project.
Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?

Question71: What are the functions of audit and accountability control?
Each correct answer represents a complete solution. (Choose three.)

Question72: Which of the following role carriers are responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk-aware business decisions, and setting the enterprise's risk culture?
Each correct answer represents a complete solution. Choose two.

Question73: Which of the following decision tree nodes have probability attached to their branches?

Question74: Which of the following is the priority of data owners when establishing risk mitigation method?

Question75: Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

Question76: Which of the following statements are true for risk communication? Each correct answer represents a complete solution. Choose three.

Question77: You are the project manager of a SGT project. You have been actively communicating and working with the project stakeholders. One of the outputs of the "manage stakeholder expectations" process can actually create new risk events for your project. Which output of the manage stakeholder expectations process can create risks?

Question78: Which of the following risks is the risk that happen with an important business partner and affects a large group of enterprises within an area or industry?

Question79: You work as a Project Manager for www.company.com Inc. You have to measure the probability, impact, and risk exposure. Then, you have to measure how the selected risk response can affect the probability and impact of the selected risk event. Which of the following tools will help you to accomplish the task?

Question80: Which of the following is an output of risk assessment process?

Question81: Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response?

Question82: Ben is the project manager of the CMH Project for his organization. He has identified a risk that has a low probability of happening, but the impact of the risk event could save the project and the organization with a significant amount of capital. Ben assigns Laura to the risk event and instructs her to research the time, cost, and method to improve the probability of the positive risk event. Ben then communicates the risk event and response to management. What risk response has been used here?

Question83: Which of the following actions assures management that the organization's objectives are protected from the occurrence of risk events?

Question84: Which of the following processes is described in the statement below?
"It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."

Question85: Which of the following techniques examines the degree to which organizational strengths offset threats and opportunities that may serve to overcome weaknesses?

Question86: Which of the following is true for risk evaluation?

Question87: Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

Question88: You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. Which of the following inputs will be needed for the qualitative risk analysis process in your project?
Each correct answer represents a complete solution. (Choose three.)

Question89: Which of the following statements are true for enterprise's risk management capability maturity level 3?

Question90: You are the project manager of GHT project. You have analyzed the risk and applied appropriate controls.
In turn, you got residual risk as a result of this. Residual risk can be used to determine which of the following?

Question91: You are the project manager for the NHH project. You are working with your project team to examine the project from four different defined perspectives to increase the breadth of identified risks by including internally generated risks. What risk identification approach are you using in this example?

Question92: Which of the following are sub-categories of threat?
Each correct answer represents a complete solution. Choose three.

Question93: Stephen is the project manager of the GBB project. He has worked with two subject matter experts and his project team to complete the risk assessment technique. There are approximately 47 risks that have a low probability and a low impact on the project. Which of the following answers best describes what Stephen should do with these risk events?

Question94: You are the project manager of GHT project. You have applied certain control to prevent the unauthorized changes in your project. Which of the following control you would have applied for this purpose?

Question95: You work as a project manager for BlueWell Inc. You have declined a proposed change request because of the risk associated with the proposed change request. Where should the declined change request be documented and stored?

Question96: How are the potential choices of risk based decisions are represented in decision tree analysis?

Question97: Which of the following role carriers has to account for collecting data on risk and articulating risk?

Question98: Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?

Question99: Which among the following acts as a trigger for risk response process?

Question100: What are the responsibilities of the CRO?
Each correct answer represents a complete solution. Choose three.

Question101: You are the project manager of GHT project. You and your team have developed risk responses for those risks with the highest threat to or best opportunity for the project objectives. What are the immediate steps you should follow, after planning for risk response process? Each correct answer represents a complete solution. Choose three.

Question102: Which one of the following is the only output for the qualitative risk analysis process?

Question103: You are the project manager for your organization. You are preparing for the quantitative risk analysis.
Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

Question104: You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks :
Communicating risk analysis results
Reporting risk management activities and the state of compliance
Interpreting independent risk assessment findings
Identifying business opportunities
Which of the following process are you performing?

Question105: Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just
$15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?

Question106: You work as a Project Manager for Company Inc. You have to conduct the risk management activities for a project. Which of the following inputs will you use in the plan risk management process?
Each correct answer represents a complete solution. (Choose three.)

Question107: You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?

Question108: Which among the following acts as a trigger for risk response process?

Question109: You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?

Question110: What is the value of exposure factor if the asset is lost completely?

Question111: Which of the following terms is described in the statement below?
"They are the prime monitoring indicators of the enterprise, and are highly relevant and possess a high probability of predicting or indicating important risk."

Question112: When it appears that a project risk is going to happen, what is this term called?

Question113: Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing.
Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?

Question114: Which of the following are risk components of the COSO ERM framework?
Each correct answer represents a complete solution. Choose three.

Question115: Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?

Question116: What is the IMMEDIATE step after defining set of risk scenarios?

Question117: You work as a project manager for Bluewell Inc. You have identified a project risk. You have then implemented the risk action plan and it turn out to be non-effective. What type of plan you should implement in such case?

Question118: Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

Question119: Which of the following documents is described in the statement below?
"It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

Question120: You are the project manager of HWD project. It requires installation of some electrical machines. You and the project team decided to hire an electrician as electrical work can be too dangerous to perform. What type of risk response are you following?

Question121: During which of the following processes, probability and impact matrix are prepared?

Question122: Which of the following risks is associated with not receiving the right information to the right people at the right time to allow the right action to be taken?

Question123: Which of the following establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc?

Question124: Which of the following nodes of the decision tree analysis represents the start point of decision tree?

Question125: Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?

Question126: The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?

Question127: What are the various outputs of risk response?

Question128: An interruption in business productivity is considered as which of the following risks?

Question129: Which of the following is the MOST effective method for indicating that the risk level is approaching a high or unacceptable level of risk?

Question130: You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document do you and your team is creating in this scenario?

Question131: There are four inputs to the Monitoring and Controlling Project Risks process. Which one of the following will NOT help you, the project manager, to prepare for risk monitoring and controlling?

Question132: Which of the following risks refer to probability that an actual return on an investment will be lower than the investor's expectations?

Question133: You are working as a project manager in Bluewell Inc.. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

Question134: Your project spans the entire organization. You would like to assess the risk of your project but worried about that some of the managers involved in the project could affect the outcome of any risk identification meeting. Your consideration is based on the fact that some employees would not want to publicly identify risk events that could declare their supervision as poor. You would like a method that would allow participants to anonymously identify risk events. What risk identification method could you use?

Question135: What is the value of exposure factor if the asset is lost completely?

Question136: You are working in an enterprise. Your enterprise owned various risks. Which among the following is MOST likely to own the risk to an information system that supports a critical business process?

Question137: Which of the following vulnerability assessment software can check for weak passwords on the network?

Question138: You are the project manager of GHT project. You have identified a risk event on your current project that could save $670,000 in project costs if it occurs. Your organization is considering hiring a vendor to help establish proper project management techniques in order to assure it realizes these savings. Which of the following statements is TRUE for this risk event?

Question139: Which of the following components ensures that risks are examined for all new proposed change requests in the change control system?

Question140: Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?

Question141: Which of the following processes is described in the statement below?
"It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

Question142: You are the project manager of GHT project. You have initiated the project and conducted the feasibility study. What result would you get after conducting feasibility study?
Each correct answer represents a complete solution. (Choose two.)

Question143: Which of the following represents lack of adequate controls?

Question144: You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

Question145: Suppose you are working in Techmart Inc. which sells various products through its website. Due to some recent losses, you are trying to identify the most important risks to the Website. Based on feedback from several experts, you have come up with a list. You now want to prioritize these risks. Now in which category you would put the risk concerning the modification of the Website by unauthorized parties.

Question146: You are the project manager of GHT project. You have planned the risk response process and now you are about to implement various controls. What you should do before relying on any of the controls?

Question147: You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information?

Question148: Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Question149: You are the project manager of GHT project. You are performing cost and benefit analysis of control. You come across the result that costs of specific controls exceed the benefits of mitigating a given risk. What is the BEST action would you choose in this scenario?

Question150: Which of the following is described by the definition given below?
"It is the expected guaranteed value of taking a risk."

Question151: Which of the following is an acceptable method for handling positive project risk?

Question152: What are the functions of audit and accountability control?
Each correct answer represents a complete solution. (Choose three.)

Question153: John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

Question154: You are working in an enterprise. Assuming that your enterprise periodically compares finished goods inventory levels to the perpetual inventories in its ERP system. What kind of information is being provided by the lack of any significant differences between perpetual levels and actual levels?

Question155: Mike is the project manager of the NNP Project for his organization. He is working with his project team to plan the risk responses for the NNP Project. Mike would like the project team to work together on establishing risk thresholds in the project. What is the purpose of establishing risk threshold?

Question156: You are the project manager of GHT project. Your hardware vendor left you a voicemail saying that the delivery of the equipment you have ordered would not arrive on time. She wanted to give you a heads-up and asked that you return the call. Which of the following statements is TRUE?

Question157: The Identify Risk process determines the risks that affect the project and document their characteristics.
Why should the project team members be involved in the Identify Risk process?

Question158: Which of the following considerations should be taken into account while selecting risk indicators that ensures greater buy-in and ownership?

Question159: Risks to an organization's image are referred to as what kind of risk?

Question160: You are the risk professional of your enterprise. You need to calculate potential revenue loss if a certain risks occurs. Your enterprise has an electronic (e-commerce) web site that is producing US $1 million of revenue each day, then if a denial of service (DoS) attack occurs that lasts half a day creates how much loss?

Question161: Which of the following laws applies to organizations handling health care information?

Question162: Which of the following are parts of SWOT Analysis?
Each correct answer represents a complete solution. (Choose four.)

Question163: Which of the following is the best reason for performing risk assessment?

Question164: According to the Section-302 of the Sarbanes-Oxley Act of 2002, what does certification of reports implies?
Each correct answer represents a complete solution. Choose three.

Question165: What should be considered while developing obscure risk scenarios?
Each correct answer represents a part of the solution. Choose two.

Question166: Which of the following will significantly affect the standard information security governance model?

Question167: What are the requirements for creating risk scenarios? Each correct answer represents a part of the solution. Choose three.

Question168: A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

Question169: Which of the following is BEST described by the definition below?
"They are heavy influencers of the likelihood and impact of risk scenarios and should be taken into account during every risk analysis, when likelihood and impact are assessed."

Question170: What are the PRIMARY objectives of a control?

Question171: You are completing the qualitative risk analysis process with your project team and are relying on the risk management plan to help you determine the budget, schedule for risk management, and risk categories.
You discover that the risk categories have not been created. When the risk categories should have been created?

Question172: Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level to the most mature level. Which of the following capability maturity levels shows that the enterprise does not recognize the need to consider the risk management or the business impact from IT risk?

Question173: Which of the following is the BEST way of managing risk inherent to wireless network?

Question174: You are working with a vendor on your project. A stakeholder has requested a change for the project, which will add value to the project deliverables. The vendor that you're working with on the project will be affected by the change. What system can help you introduce and execute the stakeholder change request with the vendor?

Question175: What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?

Question176: Shelly is the project manager of the BUF project for her company. In this project Shelly needs to establish some rules to reduce the influence of risk bias during the qualitative risk analysis process. What method can Shelly take to best reduce the influence of risk bias?

Question177: Which of the following is NOT true for effective risk communication?

Question178: You are the project manager of your enterprise. While performing risk management, you are given a task to identify where your enterprise stands in certain practice and also to suggest the priorities for improvements. Which of the following models would you use to accomplish this task?

Question179: Which among the following is the BEST reason for defining a risk response?

Question180: You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

Question181: There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to quantitative risk analysis process?

Question182: You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

Question183: Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes?

Question184: Which of following is NOT used for measurement of Critical Success Factors of the project?

Question185: You are the project manager of GHT project. You have implemented an automated tool to analyze and report on access control logs based on severity. This tool generates excessively large amounts of results.
You perform a risk assessment and decide to configure the monitoring tool to report only when the alerts are marked "critical". What you should do in order to fulfill that?

Question186: Which of the following is true for risk management frameworks, standards and practices?
Each correct answer represents a part of the solution. Choose three.

Question187: Which of the following role carriers will decide the Key Risk Indicator of the enterprise?
Each correct answer represents a part of the solution. Choose two.

Question188: Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

Question189: Where are all risks and risk responses documented as the project progresses?

Question190: You are a project manager for your organization and you're working with four of your key stakeholders.
One of the stakeholders is confused as to why you're not discussing the current problem in the project during the risk identification meeting. Which one of the following statements best addresses when a project risk actually happens?

Question191: Which of the following assets are the examples of intangible assets of an enterprise?
Each correct answer represents a complete solution. Choose two.

Question192: Which of the following should be PRIMARILY considered while designing information systems controls?

Question193: Which of the following is the MOST effective inhibitor of relevant and efficient communication?

Question194: You are the product manager in your enterprise. You have identified that new technologies, products and services are introduced in your enterprise time-to-time. What should be done to prevent the efficiency and effectiveness of controls due to these changes?

Question195: Which of the following BEST ensures that a firewall is configured in compliance with an enterprise's security policy?

Question196: You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission refers to?

Question197: Which of the following process ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule?

Question198: Which of the following are the principles of access controls?
Each correct answer represents a complete solution. Choose three.

Question199: Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly. What type of risk response had been used by him?

Question200: Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events?

Question201: Which of the following statements BEST describes policy?

Question202: You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?

Question203: Which of the following IS processes provide indirect information?
Each correct answer represents a complete solution. Choose three.

Question204: What are the two MAJOR factors to be considered while deciding risk appetite level? Each correct answer represents a part of the solution. Choose two.

Question205: What activity should be done for effective post-implementation reviews during the project?

Question206: What are the PRIMARY requirements for developing risk scenarios?
Each correct answer represents a part of the solution. Choose two.

Question207: Which of the following guidelines should be followed for effective risk management?
Each correct answer represents a complete solution. Choose three.

Question208: You are the project manager of the GHY project for your company. This project has a budget of $543,000 and is expected to last 18 months. In this project, you have identified several risk events and created risk response plans. In what project management process group will you implement risk response plans?

Question209: You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve this goal of improving the project's performance through risk analysis with your project stakeholders?

Question210: Fred is the project manager of a large project in his organization. Fred needs to begin planning the risk management plan with the project team and key stakeholders. Which plan risk management process tool and technique should Fred use to plan risk management?

Question211: Which of the following are external risk factors?
Each correct answer represents a complete solution. Choose three.

Question212: Marie has identified a risk event in her project that needs a mitigation response. Her response actually creates a new risk event that must now be analyzed and planned for. What term is given to this newly created risk event?

Question213: Which of the following statements are true for enterprise's risk management capability maturity level 3?

Question214: Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise's information security policy?

Question215: Mortality tables are based on what mathematical activity?
Each correct answer represents a complete solution. Choose three.

Question216: You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?

Question217: You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?

Question218: Which of the following processes addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget?

Question219: You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. (Choose three.)

Question220: Wendy has identified a risk event in her project that has an impact of $75,000 and a 60 percent chance of happening. Through research, her project team learns that the risk impact can actually be reduced to just
$15,000 with only a ten percent chance of occurring. The proposed solution will cost $25,000. Wendy agrees to the $25,000 solution. What type of risk response is this?

Question221: Using which of the following one can produce comprehensive result while performing qualitative risk analysis?

Question222: You are the project manager of HGT project. You have identified project risks and applied appropriate response for its mitigation. You noticed a risk generated as a result of applying response. What this resulting risk is known as?

Question223: You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project?

Question224: Which of the following BEST measures the operational effectiveness of risk management capabilities?

Question225: Your project has several risks that may cause serious financial impact if they occur. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

Question226: Your project team has completed the quantitative risk analysis for your project work. Based on their findings, they need to update the risk register with several pieces of information. Which one of the following components is likely to be updated in the risk register based on their analysis?

Question227: You have been assigned as the Project Manager for a new project that involves development of a new interface for your existing time management system. You have completed identifying all possible risks along with the stakeholders and team and have calculated the probability and impact of these risks. Which of the following would you need next to help you prioritize the risks?

Question228: Which of the following steps ensure effective communication of the risk analysis results to relevant stakeholders? Each correct answer represents a complete solution. Choose three.

Question229: Which of the following BEST ensures that a firewall is configured in compliance with an enterprise's security policy?

Question230: You are the risk official of your enterprise. Your enterprise takes important decisions without considering risk credential information and is also unaware of external requirements for risk management and integration with enterprise risk management. In which of the following risk management capability maturity levels does your enterprise exists?

Question231: You are the project manager of the PFO project. You are working with your project team members and two subject matter experts to assess the identified risk events in the project. Which of the following approaches is the best to assess the risk events in the project?

Question232: Which of the following aspects are included in the Internal Environment Framework of COSO ERM?
Each correct answer represents a complete solution. Choose three.

Question233: Out of several risk responses, which of the following risk responses is used for negative risk events?