You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process? A. Quality management plan B. Stakeholder register C. Cost management plan D. Procurement management plan
Correct Answer: D
Explanation:
Explanation:
The procurement management plan is not one of the eleven inputs for the risk identification process. The eleven inputs to this process are:
Which of the following interpersonal skills has been identified as one of the biggest reasons for project success or failure? A. Motivation B. Influencing C. Communication D. Political and cultural awareness
Correct Answer: C
Explanation:
Explanation:
Communication has been identified as one of the biggest reasons for why projects succeeds or fails. Effective communication is essential for good project management.
Communication is a process in which information is passed from one person to another. A manager asks his subordinates to accomplish the task assigned to them. He should successfully pass the information to his subordinates. It is a means of motivating and guiding the employees of an enterprise.
Incorrect Answers:
A: While motivation is one of the important interpersonal skill, but it is not the best answer.
B: Influencing the project stakeholders is a needed interpersonal skill, but it is not the best answer.
D: Political and cultural awareness is an important part of every project, but it is not the best answer for this question
Which of the following is NOT true for effective risk communication? A. Risk information must be known and understood by all stakeholders. B. Use of technical terms of risk C. Any communication on risk must be relevant D. For each risk, critical moments exist between its origination and its potential business consequence
Correct Answer: B
Explanation:
Explanation:
For effective communication, information communicated should not inundate the recipients. All ground rules of good communication apply to communication on risk. This includes the avoidance of jargon and technical terms regarding risk because the intended audiences are generally not deeply technologically skilled. Hence use of technical terms is avoided for effective communication
Incorrect Answers: A, C, D: These all are true for effective risk communication. For effective risk communication the risk information should be clear, concise, useful and timely. Risk information must be known and understood by all the stakeholders. Information or communication should not overwhelm the recipients. This includes the avoidance of technical terms regarding risk because the intended audiences are generally not much technologically skilled.
Any communication on risk must be relevant. Technical information that is too detailed or is sent to inappropriate parties will hinder, rather than enable, a clear view of risk. For each risk, critical moments exist between its origination and its potential business consequence.
Information should also be aimed at the correct target audience and available on need-to-know basis. Hence for effective risk communication risk information should be:
Which of the following role carriers has to account for collecting data on risk and articulating risk? A. Enterprise risk committee B. Business process owner C. Chief information officer (CIO) D. Chief risk officer (CRO)
Correct Answer: D
Explanation:
Explanation:
CRO is the individual who oversees all aspects of risk management across the enterprise. Chief risk officer has the main accountability for collecting data and articulating risk. If there is any fault in these processes, then CRO should be answerable.
Incorrect Answers:
A: Enterprise risk committee are the executives who are accountable for the enterprise level collaboration and consensus required to support enterprise risk management (ERM). They are to some extent responsible for articulating risk but are not accounted for it. They are neither responsible nor accounted for collecting data on risk.
B: Business process owner is an individual responsible for identifying process requirements, approving process design and managing process performance. He/she is responsible for collecting data and articulating risk but is not accounted for them.
C: CIO is the most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources. CIO has some responsibility towards collecting data and articulating risk but is not accounted for them.
You are the project manager of GHT project. You have identified a risk event on your current project that could save $670,000 in project costs if it occurs. Your organization is considering hiring a vendor to help establish proper project management techniques in order to assure it realizes these savings. Which of the following statements is TRUE for this risk event? A. This risk event should be accepted because the rewards outweigh the threat to the project. B. This risk event should be mitigated to take advantage of the savings. C. This risk event is an opportunity to the project and should be exploited. D. This is a risk event that should be shared to take full advantage of the potential savings.
Correct Answer: D
Explanation:
Explanation: This risk event has the potential to save money on project costs and organization is hiring a vendor to assure that all these saving are being realized. Hence this risk event involves sharing with a third party to help assure that the opportunity take place.
Incorrect Answers:
A: This risk event is not accepted as this event has potential to save money as well as it is shared with a vendor so that all these savings are being realized.
B: The risk event is mitigated when it has negative impacts. But here it is positive consequences (i.e., saving), therefore it is not mitigated.
C: This risk event can be exploited but as here in this scenario, it is stated that organization is hiring vendor, therefore event is being shared not exploited.
You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information? A. Monitoring and recording unsuccessful logon attempts B. Forcing periodic password changes C. Using a challenge response system D. Providing access on a need-to-know basis
Correct Answer: D
Explanation:
Explanation: Physical or logical system access should be assigned on a need-to-know basis, where there is a legitimate business requirement based on least privilege and segregation of duties. This is done by user authentication.
Incorrect Answers:
A: Monitoring and recording unsuccessful logon attempts does not address the risk of appropriate access rights. In other words, it does not prevent unauthorized access.
B: Forcing users to change their passwords does not ensure that access control is appropriately assigned.
C: Challenge response system is used to verify the user’s identification but does not completely address the issue of access risk if access was not appropriately designed in the first place.
Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses? A. Project scope statement B. Project charter C. Risk low-level watch list D. Risk register
Correct Answer: D
Explanation:
Explanation:
A risk register is an inventory of risks and exposure associated with those risks. Risks are commonly found in project management practices, and provide information to identify, analyze, and manage risks. Typically a risk register contains:
A description of the risk
The impact should this event actually occur
The probability of its occurrence
Risk Score (the multiplication of Probability and Impact)
A summary of the planned response should the event occur
A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
Ranking of risks by Risk Score so as to highlight the highest priority risks to all involved.
It records the initial risks, the potential responses, and tracks the status of each identified risk in the project.
Incorrect Answers:
A: The project scope statement does document initially defined risks but it is not a place that will record risks responses and status of risks.
B: The project charter does not define risks.
C: The risk low-level watch list is for identified risks that have low impact and low probability in the project.
John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders? A. Risk Response Plan B. Communications Management Plan C. Project Management Plan D. Risk Management Plan
Correct Answer: B
Explanation:
Explanation: The Communications Management Plan will direct John on the information to be communicated, when to communicate, and how to communicate with external stakeholders. The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. The Communications Management Plan sets the communication structure for the project. This structure provides guidance for communication throughout the project’s life and is updated as communication needs change. The Communication Managements Plan identifies and defines the roles of persons concerned with the project. It includes a matrix known as the communication matrix to map the communication requirements of the project.
Incorrect Answers:
A: The Risk Response Plan identifies how risks will be responded to.
C: The Project Management Plan is the parent of all subsidiary management plans and it is not the most accurate choice for this question
D: The Risk Management Plan defines how risks will be identified, analyzed, responded to, and controlled throughout the project.
You are elected as the project manager of GHT project. You have to initiate the project. Your Project request document has been approved, and now you have to start working on the project. What is the FIRST step you should take to initialize the project? A. Conduct a feasibility study B. Acquire software C. Define requirements of project D. Plan project management
Correct Answer: A
Explanation:
Explanation: Conducting a feasibility study begins once initial approval has been given to move forward with a project. It includes an analysis to clearly define the need and to identify alternatives for addressing the need.
Incorrect Answers:
B: Acquiring software involves building new or modifying existing hardware or software after final approval by the stakeholder, which is not a phase in the standard SDLC process. If a decision was reached to acquire rather than develop software, this task should occur after feasibility study and defining requirements.
C: Requirements of the project is being defined after conducting feasibility study.
D: This is latter phase in project development process.
Which of the following is the BEST way of managing risk inherent to wireless network? A. Enabling auditing on every host that connects to a wireless network B. Require private, key-based encryption to connect to the wireless network C. Require that every host that connect to this network have a well-tested recovery plan D. Enable auditing on every connection to the wireless network
Correct Answer: B
Explanation:
Explanation: As preventive control and prevention is preferred over detection and recovery, therefore, private and key-based encryption should be adopted for managing risks.
Incorrect Answers:
A, C, D: As explained in above section preventive control and prevention is preferred over detection and recovery, hence these are less preferred way.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.