Which of the following is NOT the method of Qualitative risk analysis? A. Scorecards B. Attribute analysis C. Likelihood-impact matrix D. Business process modeling (BPM) and simulation
Correct Answer: D
Explanation:
Explanation:
Business process modeling (BPM) and simulation is a method of Quantitative risk analysis and not Qualitative risk analysis.
The BPM and simulation discipline is an effective method of identifying and quantifying the operational risk in enterprise business processes. It improves business process efficiency and effectiveness.
Incorrect Answers: A, B, C: These three are the methods of Qualitative risk analysis.
You work as a Project Manager for Company Inc. You are incorporating a risk response owner to take the job for each agreed-to and funded risk response. On which of the following processes are you working? A. Quantitative Risk Analysis B. Identify Risks C. Plan risk response D. Qualitative Risk Analysis
Correct Answer: C
Explanation:
Explanation: The plan risk response project management process aims to reduce the threats to the project objectives and to increase opportunities. It follows the perform qualitative risk analysis process and perform quantitative risk analysis process. Plan risk response process includes the risk response owner to take the job for each agreed-to and funded risk response. This process addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget. The inputs to the plan risk response process are as follows:
Risk register
Risk management plan
[/*]
Incorrect Answers:
A: Quantitative analysis is the use of numerical and statistical techniques rather than the analysis of verbal material for analyzing risks. Some of the quantitative methods of risk analysis are:
[*]
Internal loss method
External data analysis
Business process modeling (BPM) and simulation
Statistical process control (SPC)
[/*]
B: Identify Risks is the process of determining which risks may affect the project. It also documents risks’ characteristics. The Identify Risks process is part of the Project Risk Management knowledge area. As new risks may evolve or become known as the project progresses through its life cycle, Identify Risks is an iterative process. The process should involve the project team so that they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Risk Register is the only output of this process.
D: Qualitative analysis is the definition of risk factors in terms of high/medium/low or a numeric scale (1 to 10). Hence it determines the nature of risk on a relative scale.
Some of the qualitative methods of risk analysis are:
[*]
Scenario analysis- This is a forward-looking process that can reflect risk for a given point in time.
Risk Control Self -assessment (RCSA) – RCSA is used by enterprises (like banks) for the identification and evaluation of operational risk exposure. It is a logical first step and assumes that business owners and managers are closest to the issues and have the most expertise as to the source of the risk. RCSA is a constructive process in compelling business owners to contemplate, and then explain, the issues at hand with the added benefit of increasing their accountability.
If one says that the particular control or monitoring tool is sustainable, then it refers to what ability? A. The ability to adapt as new elements are added to the environment B. The ability to ensure the control remains in place when it fails C. The ability to protect itself from exploitation or attack D. The ability to be applied in same manner throughout the organization
Correct Answer: A
Explanation:
Explanation: Sustainability of the controls or monitoring tools refers to its ability to function as expected over time or when changes are made to the environment.
Incorrect Answers:
B: Sustainability ensures that controls changes with the conditions, so as not to fail in any circumstances. Hence this in not a valid answer.
C: This is not a valid answer.
D: This is not a valid definition for defining sustainability of a tool.
Malicious code protection is which type control? A. Configuration management control B. System and information integrity control C. Media protection control D. Personal security control
Correct Answer: B
Explanation:
Explanation:
Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. As malicious code protection lists steps to protect against malware, it preserves the information integrity of the enterprise. Hence Malicious code protection is System and information integrity control. This family of controls provides information to maintain the integrity of systems and data.
Incorrect Answers:
A: Malicious code protection is not a Configuration management control. Configuration management control is the family of controls that addresses both configuration management and change management. Change control practices prevent unauthorized changes.
C: Malicious code protection is not a Media protection control. Media Protection includes removable digital media such as tapes, external hard drives, and USB flash drives. It also includes non-digital media such as paper and film. This family of controls covers the access, marking, storage, transport, and sanitization of media.
D: Malicious code protection is not a Personal security control. The Personal security control is a family of controls including aspects of personnel security. It includes personnel screening, termination, and transfer.
Which of the following are the responsibilities of Enterprise risk committee? Each correct answer represents a complete solution. Choose three. A. React to risk events B. Analyze risk C. Risk aware decision D. Articulate risk
Correct Answer: BCD
Explanation:
Explanation:
Risk aware decision, analyzing risk, and articulating risk are the responsibilities of Enterprise risk committee. They are the executives who are accountable for the enterprise level collaboration and consensus required to support enterprise risk management (ERM) activities and decisions. An IT risk council may be established to consider IT risk in more detail and advise the enterprise risk committee. ERC ensure that these activities are completed successfully.
Incorrect Answers:
A: ERM is not responsible for reaction over risk events. Business process owners are accounted for this task.
In the project initiation phase of System Development Life Cycle, there is information on project initiated by which of the following role carriers? A. CRO B. Sponsor C. Business management D. CIO
Correct Answer: B
Explanation:
Explanation:
Project initiation section of SDLC contains information on projects initiated by sponsors who gather the information required to gain approval for the project to be created.
When does the Identify Risks process take place in a project? A. At the Planning stage. B. At the Executing stage. C. At the Initiating stage. D. Throughout the project life-cycle.
Correct Answer: D
Explanation:
Explanation:
Identify Risks is the process of determining which risks may affect the project. It also documents risks’ characteristics. The Identify Risks process is part of the Project Risk Management knowledge area. As new risks may evolve or become known as the project progresses through its life cycle, Identify Risks is an iterative process. The process should involve the project team so that they can develop and maintain a sense of ownership and responsibility for the risks and associated risk response actions. Risk Register is the only output of this process.
Incorrect Answers: A, B, C: Identify Risks process takes place at all the stages of a project, because risk changes over time.
You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here? A. Of risk indicator B. Of risk identification C. Of risk trigger D. Of risk response
Correct Answer: A
Explanation:
Explanation:
Here in this scenario alarm indicates the potential risk that the rising temperature of machine can cause, hence it is enacting as a risk indicator.
Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks.
Incorrect Answers:
B: The first thing we must do in risk management is to identify the areas of the project where the risks can occur. This is termed as risk identification. Listing all the possible risks is proved to be very productive for the enterprise as we can cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry some level of risk with them.
C: The temperature 430 degrees in scenario is the risk trigger. A risk trigger is a warning sign or condition that a risk event is about to happen. As in this scenario the 430-degree temperature is the indication of upcoming risks, hence 430 degree temperature is a risk trigger.
D: Risk response is the action taken to reduce the risk event occurrence. Hence here risk response is shutting off of machine.
Which of the following is the final step in the policy development process? A. Management approval B. Continued awareness activities C. Communication to employees D. Maintenance and review
Correct Answer: D
Explanation:
Explanation:
Organizations should create a structured ISG document development process. A formal process gives many areas the opportunity to comment on a policy. This is very important for high-level policies that apply to the whole organization. A formal process also makes sure that final policies are communicated to employees. It also provides organizations with a way to make sure that policies are reviewed regularly.
In general, a policy development process should include the following steps: 1. Development
2. Stakeholder review
3. Management approval
4. Communication to employees
5. Documentation of compliance or exceptions
6. Continued awareness activities
7. Maintenance and review
Incorrect Answers: A, B, C: These are the earlier phases in policy development process.
David is the project manager of HRC project. He concluded while HRC project is in process that if he adopts e-commerce, his project can be more fruitful. But he did not engage in electronic commerce (e-commerce) so that he would escape from risk associated with that line of business. What type of risk response had he adopted? A. Acceptance B. Avoidance C. Exploit D. Enhance
Correct Answer: B
Explanation:
Explanation:
As David did not engage in e-commerce in order to avoid risk, hence he is following risk avoidance strategy.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.