EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following baselines identifies the specifications required by the resource that meet the approved requirements?

Question2: You are using Information system. You have chosen a poor password and also sometimes transmits data over unprotected communication lines. What is this poor quality of password and unsafe transmission referring to?

Question3: Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly. What type of risk response had been used by him?

Question4: You are the project manager of project for a client. The client has promised your company a bonus, if the project is completed early. After studying the project work, you elect to crash the project in order to realize the early end date. This is an example of what type of risk response?

Question5: There are four inputs to the Monitoring and Controlling Project Risks process. Which one of the following will NOT help you, the project manager, to prepare for risk monitoring and controlling?

Question6: Which among the following acts as a trigger for risk response process?

Question7: You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

Question8: Which of the following is MOST important to the effectiveness of key performance indicators (KPIs)?

Question9: Which of the following process ensures that the risk response strategy remains active and that proposed controls are implemented according to schedule?

Question10: Kelly is the project manager of the NNQ Project for her company. This project will last for one year and has a budget of $350,000. Kelly is working with her project team and subject matter experts to begin the risk response planning process. What are the two inputs that Kelly would need to begin the plan risk response process?

Question11: The PRIMARY benefit associated with key risk indicators (KRIs) is that they:

Question12: What are the various outputs of risk response?

Question13: Which of the following is the BEST method for discovering high-impact risk types?

Question14: What is the PRIMARY objective difference between an internal and an external risk management assessment reviewer?

Question15: Which of the following would be the BEST way to help ensure the effectiveness of a data loss prevention (DLP) control that has been implemented to prevent the loss of credit card data?

Question16: Marie has identified a risk event in her project that needs a mitigation response. Her response actually creates a new risk event that must now be analyzed and planned for. What term is given to this newly created risk event?

Question17: Which of following is NOT used for measurement of Critical Success Factors of the project?

Question18: Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?

Question19: Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profit. If your organization seizes this opportunity it would be an example of what risk response?

Question20: Which one of the following is the only output for the qualitative risk analysis process?

Question21: What are the steps that are involved in articulating risks? Each correct answer represents a complete solution. Choose three.

Question22: Which of the following is NOT true for risk governance?

Question23: Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?

Question24: Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing.
Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?

Question25: Which of the following steps ensure effective communication of the risk analysis results to relevant stakeholders? Each correct answer represents a complete solution. Choose three.

Question26: The number of tickets to rework application code has significantly exceeded the established threshold.
Which of the following would be the risk practitioner's BEST recommendation?

Question27: Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?

Question28: An organization maintains independent departmental risk registers that are not automatically aggregated.
Which of the following is the GREATEST concern?

Question29: Fred is the project manager of a large project in his organization. Fred needs to begin planning the risk management plan with the project team and key stakeholders. Which plan risk management process tool and technique should Fred use to plan risk management?

Question30: Which of the following BEST measures the operational effectiveness of risk management capabilities?

Question31: Which of the following should be PRIMARILY considered while designing information systems controls?

Question32: An organization has been notified that a dis grunted, terminated IT administrator has tried to break into the corporate network. Which of the following discoveries should be of GREATEST concern to the organization?

Question33: Jane, the Director of Sales, contacts you and demands that you add a new feature to the software your project team is creating for the organization. In the meeting she tells you how important the scope change would be. You explain to her that the software is almost finished and adding a change now could cause the deliverable to be late, cost additional funds, and would probably introduce new risks to the project. Jane stands up and says to you, "I am the Director of Sales and this change will happen in the project." And then she leaves the room. What should you do with this verbal demand for a change in the project?

Question34: The BEST control to mitigate the risk associated with project scope creep is to:

Question35: You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?

Question36: When developing a business continuity plan (BCP), it is MOST important to:

Question37: John works as a project manager for BlueWell Inc. He is determining which risks can affect the project.
Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?

Question38: What are the requirements of effectively communicating risk analysis results to the relevant stakeholders?
Each correct answer represents a part of the solution. Choose three.

Question39: You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?

Question40: Which of the following is NOT the method of Qualitative risk analysis?

Question41: Which of the following are the MOST important risk components that must be communicated among all the stakeholders?
Each correct answer represents a part of the solution. Choose three.

Question42: Your project change control board has approved several scope changes that will drastically alter your project plan. You and the project team set about updating the project scope, the WBS, the WBS dictionary, the activity list, and the project network diagram. There are also some changes caused to the project risks, communication, and vendors. What also should the project manager update based on these scope changes?

Question43: Which of the following are sub-categories of threat?
Each correct answer represents a complete solution. Choose three.

Question44: Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified. What should Jenny do with these risk events?

Question45: Which of the following is true for risk evaluation?

Question46: You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here?

Question47: Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

Question48: An organization is considering outsourcing user administration controls for a critical system. The potential vendor has offered to perform quarterly self-audits of its controls instead of having annual independent audits. Which of the following should be of GREATEST concern to the risk practitioner?

Question49: You are the product manager in your enterprise. You have identified that new technologies, products and services are introduced in your enterprise time-to-time. What should be done to prevent the efficiency and effectiveness of controls due to these changes?

Question50: Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level to the most mature level. Which of the following capability maturity levels shows that the enterprise does not recognize the need to consider the risk management or the business impact from IT risk?

Question51: Using which of the following one can produce comprehensive result while performing qualitative risk analysis?

Question52: Which of the following is the GREATEST benefit to an organization when updates to the risk register are made promptly after the completion of a risk assessment?

Question53: Which of the following are the principles of risk management?
Each correct answer represents a complete solution. Choose three.

Question54: You are the project manager of HWD project. It requires installation of some electrical machines. You and the project team decided to hire an electrician as electrical work can be too dangerous to perform. What type of risk response are you following?

Question55: What is the value of exposure factor if the asset is lost completely?

Question56: You are the project manager of GFT project. Your project involves the use of electrical motor. It was stated in its specification that if its temperature would increase to 500 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. If the machine overheats even once it will delay the project's arrival date. So to prevent this you have decided while creating response that if the temperature of the machine reach 450, the machine will be paused for at least an hour so as to normalize its temperature. This temperature of 450 degrees is referred to as?

Question57: Ben is the project manager of the CMH Project for his organization. He has identified a risk that has a low probability of happening, but the impact of the risk event could save the project and the organization with a significant amount of capital. Ben assigns Laura to the risk event and instructs her to research the time, cost, and method to improve the probability of the positive risk event. Ben then communicates the risk event and response to management. What risk response has been used here?

Question58: What is the most important benefit of classifying information assets?

Question59: To help ensure all applicable risk scenarios are incorporated into the risk register, it is MOST important to review the:

Question60: Which of the following nodes of the decision tree analysis represents the start point of decision tree?

Question61: Which of the following operational risks ensures that the provision of a quality product is not overshadowed by the production costs of that product?

Question62: An interruption in business productivity is considered as which of the following risks?

Question63: Which of the following characteristics of risk controls can be defined as under?
"The separation of controls in the production environment rather than the separation in the design and implementation of the risk"

Question64: Which negative risk response usually has a contractual agreement?

Question65: When determining which control deficiencies are most significant, which of the following would provide the MOST useful information?

Question66: Which of the following would BEST help to ensure that suspicious network activity is identified?

Question67: When developing IT risk scenarios, it is CRITICAL to involve:

Question68: You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming year. Management has asked you to identify the risk events and communicate the event's probability and impact as early as possible in the project. Management wants to avoid risk events and needs to analyze the cost-benefits of each risk event in this project. What term is assigned to the low-level of stakeholder tolerance in this project?

Question69: Which of the following individuals is responsible for identifying process requirements, approving process design and managing process performance?

Question70: You work as a project manager for BlueWell Inc. You have declined a proposed change request because of the risk associated with the proposed change request. Where should the declined change request be documented and stored?

Question71: You are the project manager of your project. You have to analyze various project risks. You have opted for quantitative analysis instead of qualitative risk analysis. What is the MOST significant drawback of using quantitative analysis over qualitative risk analysis?

Question72: You are the project manager of the QPS project. You and your project team have identified a pure risk.
You along with the key stakeholders, decided to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?

Question73: While considering entity-based risks, which dimension of the COSO ERM framework is being referred?

Question74: You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?

Question75: Jeff works as a Project Manager for www.company.com Inc. He and his team members are involved in the identify risk process. Which of the following tools & techniques will Jeff use in the identify risk process?
Each correct answer represents a complete solution. (Choose three.)

Question76: The BEST reason to classify IT assets during a risk assessment is to determine the:

Question77: You are the project manager of GHT project. You have implemented an automated tool to analyze and report on access control logs based on severity. This tool generates excessively large amounts of results.
You perform a risk assessment and decide to configure the monitoring tool to report only when the alerts are marked "critical". What you should do in order to fulfill that?

Question78: Which of the following is MOST appropriate method to evaluate the potential impact of legal, regulatory, and contractual requirements on business objectives?

Question79: If one says that the particular control or monitoring tool is sustainable, then it refers to what ability?

Question80: Which of the following is MOST important when developing key performance indicators (KPIs)?

Question81: Judy has identified a risk event in her project that will have a high probability and a high impact. Based on the requirements of the project, Judy has asked to change the project scope to remove the associated requirement and the associated risk. What type of risk response is this?

Question82: What are the functions of audit and accountability control?
Each correct answer represents a complete solution. (Choose three.)

Question83: You are elected as the project manager of GHT project. You are in project initialization phase and are busy in defining requirements for your project. While defining requirements you are describing how users will interact with a system. Which of the following requirements are you defining here?

Question84: David is the project manager of HRC project. He concluded while HRC project is in process that if he adopts e-commerce, his project can be more fruitful. But he did not engage in electronic commerce (e- commerce) so that he would escape from risk associated with that line of business. What type of risk response had he adopted?

Question85: You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?

Question86: You are the project manager for BlueWell Inc. You have noticed that the risk level in your project increases above the risk tolerance level of your enterprise. You have applied several risk responses. Now you have to update the risk register in accordance to risk response process. All of the following are included in the risk register except for which item?

Question87: Which of the following decision tree nodes have probability attached to their branches?

Question88: You are completing the qualitative risk analysis process with your project team and are relying on the risk management plan to help you determine the budget, schedule for risk management, and risk categories.
You discover that the risk categories have not been created. When the risk categories should have been created?

Question89: Which of the following is true for risk management frameworks, standards and practices?
Each correct answer represents a part of the solution. Choose three.

Question90: Which of the following should be considered to ensure that risk responses that are adopted are cost- effective and are aligned with business objectives?
Each correct answer represents a part of the solution. Choose three.

Question91: A program manager has completed an unsuccessful disaster recovery test. Which of the following should the risk practitioner recommend as the NEXT course of action?

Question92: You are working in an enterprise. You project deals with important files that are stored on the computer.
You have identified the risk of the failure of operations. To address this risk of failure, you have guided the system administrator sign off on the daily backup. This scenario is an example of which of the following?

Question93: You are the project manager for your organization. You are preparing for the quantitative risk analysis.
Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

Question94: As part of an overall IT risk management plan, an IT risk register BEST helps management:

Question95: Which of the following is the MOST effective inhibitor of relevant and efficient communication?

Question96: To help ensure the success of a major IT project, it is MOST important to:

Question97: In which of the following conditions business units tend to point the finger at IT when projects are not delivered on time?

Question98: Della works as a project manager for Tech Perfect Inc. She is studying the documentation of planning of a project. The documentation states that there are twenty-eight stakeholders with the project. What will be the number of communication channels for the project?

Question99: A risk practitioner is developing a set of bottom-up IT risk scenarios. The MOST important time to involve business stakeholders is when:

Question100: Which of the following techniques examines the degree to which organizational strengths offset threats and opportunities that may serve to overcome weaknesses?

Question101: Mike is the project manager of the NNP Project for his organization. He is working with his project team to plan the risk responses for the NNP Project. Mike would like the project team to work together on establishing risk thresholds in the project. What is the purpose of establishing risk threshold?

Question102: Which of the following phases is involved in the Data Extraction, Validation, Aggregation and Analysis?

Question103: Risks to an organization's image are referred to as what kind of risk?

Question104: A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:

Question105: What should be considered while developing obscure risk scenarios?
Each correct answer represents a part of the solution. Choose two.

Question106: Which of the following is the BEST indicator of the effectiveness of a control action plan's implementation?

Question107: Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?

Question108: Which of the following items is considered as an objective of the three dimensional model within the framework described in COSO ERM?

Question109: Which of the following processes is described in the statement below?
"It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."

Question110: A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

Question111: Which of the following events refer to loss of integrity?
Each correct answer represents a complete solution. Choose three.

Question112: Which of the following considerations should be taken into account while selecting risk indicators that ensures greater buy-in and ownership?

Question113: Which of the following would be an IT business owner's BEST course of action following an unexpected increase in emergency changes?

Question114: Where are all risks and risk responses documented as the project progresses?

Question115: When preparing a risk status report for periodic review by senior management, it is MOST important to ensure the report includes:

Question116: Which of the following is the way to verify control effectiveness?

Question117: You are the project manager for Bluewell Inc. You are studying the documentation of project plan. The documentation states that there are twenty-five stakeholders with the project. What will be the number of communication channel s for the project?

Question118: A PRIMARY advantage of involving business management in evaluating and managing risk is that management:

Question119: Which of the following business requirements MOST relates to the need for resilient business and information systems processes?

Question120: Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

Question121: What is the IMMEDIATE step after defining set of risk scenarios?

Question122: Which of the following statements are true for enterprise's risk management capability maturity level 3?

Question123: Which of the following control audit is performed to assess the efficiency of the productivity in the operations environment?

Question124: When reviewing management's IT control self-assessments, a risk practitioner noted an ineffective control that links to several low residual risk scenarios. What should be the NEXT course of action?

Question125: You are the project manager of HGT project. You are in the first phase of the risk response process and are doing following tasks :
Communicating risk analysis results
Reporting risk management activities and the state of compliance
Interpreting independent risk assessment findings
Identifying business opportunities
Which of the following process are you performing?

Question126: Which of the following statements is NOT true regarding the risk management plan?

Question127: You are the program manager for your organization and you are working with Alice, a project manager in her program. Alice calls you and insists you to add a change to program scope. You agree for that the change. What must Alice do to move forward with her change request?

Question128: Which of the following are the common mistakes while implementing KRIs?
Each correct answer represents a complete solution. Choose three.

Question129: Which of the following role carriers are responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk-aware business decisions, and setting the enterprise's risk culture?
Each correct answer represents a complete solution. Choose two.

Question130: In the project initiation phase of System Development Life Cycle, there is information on project initiated by which of the following role carriers?

Question131: Which of the following are the responsibilities of Enterprise risk committee?
Each correct answer represents a complete solution. Choose three.

Question132: You are the risk professional of your enterprise. You have performed cost and benefit analysis of control that you have adopted. What are all the benefits of performing cost and benefit analysis of control? Each correct answer represents a complete solution. Choose three.

Question133: For a large software development project, risk assessments are MOST effective when performed:

Question134: Which of the following vulnerability assessment software can check for weak passwords on the network?

Question135: You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?

Question136: Which of the following test is BEST to map for confirming the effectiveness of the system access management process?

Question137: Which of the following is MOST important to understand when determining an appropriate risk assessment approach?

Question138: Which of the following would require updates to an organization's IT risk register?

Question139: The BEST way to determine the likelihood of a system availability risk scenario is by assessing the:

Question140: You are the project manager of GHT project. Your hardware vendor left you a voicemail saying that the delivery of the equipment you have ordered would not arrive on time. You identified a risk response strategy for this risk and have arranged for a local company to lease you the needed equipment until yours arrives. This is an example of which risk response strategy?

Question141: You are the risk professional in Bluewell Inc. A risk is identified and enterprise wants to quickly implement control by applying technical solution that deviates from the company's policies. What you should do?

Question142: You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?

Question143: An organization has raised the risk appetite for technology risk. The MOST likely result would be:

Question144: You are the project manager of GHT project. A risk event has occurred in your project and you have identified it. Which of the following tasks you would do in reaction to risk event occurrence? Each correct answer represents a part of the solution. Choose three.

Question145: Which among the following is the BEST reason for defining a risk response?

Question146: You are the risk official of your enterprise. You have just completed risk analysis process. You noticed that the risk level associated with your project is less than risk tolerance level of your enterprise. Which of following is the MOST likely action you should take?

Question147: Which of the following provides an organization with the MOST insight with regard to operational readiness associated with risk?

Question148: NIST SP 800-53 identifies controls in three primary classes. What are they?

Question149: Which of the following is the process of numerically analyzing the effects of identified risks on the overall enterprise's objectives?

Question150: Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise's information security policy?

Question151: Which of the following is the MOST important consideration for a risk practitioner when making a system implementation go-live recommendation?

Question152: You are the project manager of GHT project. You have applied certain control to prevent the unauthorized changes in your project. Which of the following control you would have applied for this purpose?

Question153: Which of the following is true for Single loss expectancy (SLE), Annual rate of occurrence (ARO), and Annual loss expectancy (ALE)?

Question154: Which of the following is the MOST important aspect to ensure that an accurate risk register is maintained?

Question155: You are the project manager of GHT project. You want to perform post-project review of your project. What is the BEST time to perform post-project review by you and your project development team to access the effectiveness of the project?

Question156: You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register?
Each correct answer represents a complete solution. (Choose two.)

Question157: You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

Question158: To which level the risk should be reduced to accomplish the objective of risk management?

Question159: You work as a Project Manager for Company Inc. You are incorporating a risk response owner to take the job for each agreed-to and funded risk response. On which of the following processes are you working?

Question160: Which of the following are true for quantitative analysis?
Each correct answer represents a complete solution. Choose three.

Question161: You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?

Question162: An IT department has organized training sessions to improve user awareness of organizational information security policies. Which of the following is the BEST key performance indicator (KPI) to reflect effectiveness of the training?

Question163: FISMA requires federal agencies to protect IT systems and data. How often should compliance be audited by an external organization?

Question164: Which of the following is a performance measure that is used to evaluate the efficiency of an investment or to compare the efficiency of a number of different investments?

Question165: Which of the following aspects are included in the Internal Environment Framework of COSO ERM?
Each correct answer represents a complete solution. Choose three.

Question166: You are working as a project manager in Bluewell Inc.. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

Question167: Which of the following is the HIGHEST risk of a policy that inadequately defines data and system ownership?

Question168: Which of the following methods involves the use of predictive or diagnostic analytical tool for exposing risk factors?

Question169: You are the project manager of GHT project. During the data extraction process you evaluated the total number of transactions per year by multiplying the monthly average by twelve. This process of evaluating total number of transactions is known as?

Question170: Which of the following is an acceptable method for handling positive project risk?

Question171: Which of the following serve as the authorization for a project to begin?

Question172: Which of the following process ensures that extracted data are ready for analysis?

Question173: Risks with low ratings of probability and impact are included for future monitoring in which of the following?

Question174: A change management process has recently been updated with new testing procedures. The NEXT course of action is to:

Question175: According to the Section-302 of the Sarbanes-Oxley Act of 2002, what does certification of reports implies?
Each correct answer represents a complete solution. Choose three.

Question176: You work as a Project Manager for www.company.com Inc. You have to measure the probability, impact, and risk exposure. Then, you have to measure how the selected risk response can affect the probability and impact of the selected risk event. Which of the following tools will help you to accomplish the task?

Question177: After a high-profile systems breach at an organization's key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:

Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

Question178: You are the IT manager in Bluewell Inc. You identify a new regulation for safeguarding the information processed by a specific type of transaction. What would be the FIRST action you will take?

Question179: Which of the following are risk components of the COSO ERM framework?
Each correct answer represents a complete solution. Choose three.

Question180: Which of the following control detects problem before it can occur?

Question181: Which of the following is the FOREMOST root cause of project risk?
Each correct answer represents a complete solution. Choose two.

Question182: Before implementing instant messaging within an organization using a public solution, which of the following should be in place to mitigate data leakage risk?

Question183: Wendy is about to perform qualitative risk analysis on the identified risks within her project. Which one of the following will NOT help Wendy to perform this project management activity?

Question184: Which of the following approaches would BEST help to identify relevant risk scenarios?

Question185: The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?

Question186: What are the three PRIMARY steps to be taken to initialize the project?
Each correct answer represents a complete solution. (Choose three.)

Question187: You work as a project manager for BlueWell Inc. Your project is using a new material to construct a large warehouse in your city. This new material is cheaper than traditional building materials, but it takes some time to learn how to use the material properly. You have communicated to the project stakeholders that you will be able to save costs by using the new material, but you will need a few extra weeks to complete training to use the materials. This risk response of learning how to use the new materials can also be known as what term?

Question188: Which of the following guidelines should be followed for effective risk management?
Each correct answer represents a complete solution. Choose three.

Question189: Which of the following is a key component of strong internal control environment?

Question190: Which of the following is the final step in the policy development process?

Question191: You are the project manager of the KJH Project and are working with your project team to plan the risk responses. Consider that your project has a budget of $500,000 and is expected to last six months. Within the KJH Project you have identified a risk event that has a probability of .70 and has a cost impact of
$350,000. When it comes to creating a risk response for this event what is the risk exposure of the event that must be considered for the cost of the risk response?

Question192: Shelly is the project manager of the BUF project for her company. In this project Shelly needs to establish some rules to reduce the influence of risk bias during the qualitative risk analysis process. What method can Shelly take to best reduce the influence of risk bias?

Question193: How residual risk can be determined?

Question194: What should be PRIMARILY responsible for establishing an organization's IT risk culture?

Question195: Which of the following provides the BEST measurement of an organization's risk management maturity level?

Question196: Jane is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are referred to as?

Question197: Which of the following BEST ensures that a firewall is configured in compliance with an enterprise's security policy?

Question198: You are working as the project manager of the ABS project. The project is for establishing a computer network in a school premises. During the project execution, the school management asks to make the campus Wi-Fi enabled. You know that this may impact the project adversely. You have discussed the change request with other stakeholders. What will be your NEXT step?

Question199: IT stakeholders have asked a risk practitioner for IT risk profile reports associated with specific departments to allocate resources for risk mitigation. The BEST way to address this request would be to use?

Question200: You are the risk professional of your enterprise. You need to calculate potential revenue loss if a certain risks occurs. Your enterprise has an electronic (e-commerce) web site that is producing US $1 million of revenue each day, then if a denial of service (DoS) attack occurs that lasts half a day creates how much loss?

Question201: When updating the risk register after a risk assessment, which of the following is MOST important to include?

Question202: Which of the following are external risk factors?
Each correct answer represents a complete solution. Choose three.

Question203: You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. (Choose three.)

Question204: You are the project manager of the GHT project. This project will last for 18 months and has a project budget of $567,000. Robert, one of your stakeholders, has introduced a scope change request that will likely have an impact on the project costs and schedule. Robert assures you that he will pay for the extra time and costs associated with the risk event. You have identified that change request may also affect other areas of the project other than just time and cost. What project management component is responsible for evaluating a change request and its impact on all of the project management knowledge areas?

Question205: Which of the following is an output of risk assessment process?

Question206: Which of the following risks is associated with not receiving the right information to the right people at the right time to allow the right action to be taken?

Question207: Which of the following characteristics of risk controls answers the aspect about the control given below:
"Will it continue to function as expressed over the time and adopts as changes or new elements are introduced to the environment"

Question208: Which of the following is the MOST important factor affecting risk management in an organization?

Question209: While developing obscure risk scenarios, what are the requirements of the enterprise?
Each correct answer represents a part of the solution. Choose two.

Question210: You are the project manager of GHT project. You have initiated the project and conducted the feasibility study. What result would you get after conducting feasibility study?
Each correct answer represents a complete solution. (Choose two.)

Question211: During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised?

Question212: Which of the following actions assures management that the organization's objectives are protected from the occurrence of risk events?

Question213: Which among the following is the MOST crucial part of risk management process?

Question214: While defining the risk management strategies, what are the major parts to be determined first? Each correct answer represents a part of the solution. Choose two.

Question215: Which of the following is the MOST important consideration when selecting key risk indicators (KRIs) to monitor risk trends over time?

Question216: Which of the following statements are true for risk communication? Each correct answer represents a complete solution. Choose three.

Question217: Suppose you are working in Techmart Inc. which sells various products through its website. Due to some recent losses, you are trying to identify the most important risks to the Website. Based on feedback from several experts, you have come up with a list. You now want to prioritize these risks. Now in which category you would put the risk concerning the modification of the Website by unauthorized parties.

Question218: Which of the following should be the MOST important consideration when determining controls necessary for a highly critical information system?

Question219: You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document do you and your team is creating in this scenario?

Question220: Which of the following parameters are considered for the selection of risk indicators?
Each correct answer represents a part of the solution. Choose three.

Question221: Which of the following is the BEST defense against successful phishing attacks?

Question222: Which of the following is the PRIMARY requirement before choosing Key performance indicators of an enterprise?

Question223: You are the risk official in Techmart Inc. You are asked to perform risk assessment on the impact of losing a network connectivity for 1 day. Which of the following factors would you include?

Question224: Who is at the BEST authority to develop the priorities and identify what risks and impacts would occur if there were loss of the organization's private information?

Question225: Which of the following data would be used when performing a business impact analysis (BIA)?

Question226: When does the Identify Risks process take place in a project?

Question227: Which of the following parameters would affect the prioritization of the risk responses and development of the risk response plan? Each correct answer represents a complete solution. Choose three.

Question228: Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

Question229: Which of the following come under the management class of controls?
Each correct answer represents a complete solution. (Choose two.)

Question230: You are the project manager of a SGT project. You have been actively communicating and working with the project stakeholders. One of the outputs of the "manage stakeholder expectations" process can actually create new risk events for your project. Which output of the manage stakeholder expectations process can create risks?

Question231: Which of the following type of risk could result in bankruptcy?

Question232: One of the risk events you've identified is classified as force majeure. What risk response is likely to be used?

Question233: Tom works as a project manager for BlueWell Inc. He is determining which risks can affect the project.
Which of the following inputs of the identify risks process is useful in identifying risks, and provides a quantitative assessment of the likely cost to complete the scheduled activities?

Question234: Billy is the project manager of the HAR Project and is in month six of the project. The project is scheduled to last for 18 months.
Management asks Billy how often the project team is participating in risk reassessment in this project.
What should Billy tell management if he's following the best practices for risk management?

Question235: When defining thresholds for control key performance indicators (KPIs), it is MOST helpful to align:

Question236: Malicious code protection is which type control?

Question237: Your project team has completed the quantitative risk analysis for your project work. Based on their findings, they need to update the risk register with several pieces of information. Which one of the following components is likely to be updated in the risk register based on their analysis?

Question238: Which of the following activities would BEST facilitate effective risk management throughout the organization?

Question239: Which of the following IS processes provide indirect information?
Each correct answer represents a complete solution. Choose three.

Question240: You work as a project manager for BlueWell Inc. You are involved with the project team on the different risk issues in your project. You are using the applications of IRGC model to facilitate the understanding and managing the rising of the overall risks that have impacts on the economy and society. One of your team members wants to know that what the need to use the IRGC is. What will be your reply?

Question241: Which of the following are the security plans adopted by the organization?
Each correct answer represents a complete solution. (Choose three.)

Question242: You are the project manager of HGT project. You have identified project risks and applied appropriate response for its mitigation. You noticed a risk generated as a result of applying response. What this resulting risk is known as?

Question243: Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition.
Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

Question244: You are the project manager of the NHQ project in Bluewell Inc. The project has an asset valued at
$200,000 and is subjected to an exposure factor of 45 percent. If the annual rate of occurrence of loss in this project is once a month, then what will be the Annual Loss Expectancy (ALE) of the project?

Question245: Which of the following is a PRIMARY benefit of engaging the risk owner during the risk assessment process?

Question246: All business units within an organization have the same risk response plan for creating local disaster recovery plans. In an effort to achieve cost effectiveness., the BEST course of action would be to:

Question247: You work as a project manager for Bluewell Inc. You have identified a project risk. You have then implemented the risk action plan and it turn out to be non-effective. What type of plan you should implement in such case?

Question248: During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?

Question249: Which of the following is the most accurate definition of a project risk?

Question250: You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?

Question251: When an organization's disaster recovery plan has a reciprocal agreement, which of the following risk treatment options is being applied?

Question252: Which of the following laws applies to organizations handling health care information?