Explanation:
Exploit response is one of the strategies to negate risks or threats that appear in a project. This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. Exploiting a risk event provides opportunities for positive impact on a project. Assigning more talented resources to the project to reduce the time to completion is an example of exploit response.
Incorrect Answers:
A: The enhance strategy closely watches the probability or impact of the risk event to assure that the organization realizes the benefits. The primary point of this strategy is to attempt to increase the probability and/or impact of positive
C: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted if it occurs.
D: The share strategy is similar as transfer because in this a portion of the risk is shared with an external organization or another internal entity.

Explanation:
The probability and impact matrix is a technique to prioritize identified risks of the project on their risk rating, and are being prepared while performing qualitative risk analysis. Evaluation of each risk’s importance and, hence, priority for attention, is typically conducted using a look-up table or a probability and impact matrix. This matrix specifies combinations of probability and impact that lead to rating the risks as low, moderate, or high priority.
Incorrect Answers: A, B: These processes are part of Risk Management. The probability and impact matrix is prepared during the qualitative risk analysis for further quantitative analysis and response based on their risk rating.
C: SLE, ARO and ALE are used in quantitative risk assessment.

Explanation:
The monitor and control project risk process resides in the monitoring and controlling project management process group. This process is responsible for implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness through the project.
Incorrect Answers:
B: Risk response plans are implemented as part of the monitoring and controlling process group.
C: Risk response plans are not implemented as part of project planning.
D: Risk response plans are not implemented as part of project execution.

Explanation:
Assets are the economic resources owned by business or company. Anything tangible or intangible that one possesses, usually considered as applicable to the payment of one’s debts, is considered an asset. An asset can also be defined as a resource, process, product, computing infrastructure, and so forth that an organization has determined must be protected. Tangible asset: Tangible are those assets that has physical attributes and can be detected with the senses, e.g., people, infrastructure, and finances. Intangible asset: Intangible are those assets that has no physical attributes and cannot be detected with the senses, e.g., information, reputation and customer trust.

Explanation: The Communications Management Plan defines, in regard to risk management, who will be available to share information on risks and responses throughout the project. The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. The Communications Management Plan sets the communication structure for the project. This structure provides guidance for communication throughout the project’s life and is updated as communication needs change. The Communication Managements Plan identifies and defines the roles of persons concerned with the project. It includes a matrix known as the communication matrix to map the communication requirements of the project.
Incorrect Answers:
A: The Resource Management Plan does not define risk communications.
C: The Risk Management Plan deals with risk identification, analysis, response, and monitoring.
D: The stakeholder management strategy does not address risk communications.

Explanation:
Controls are the policies, procedures, practices and guidelines designed to provide appropriate assurance that business objectives are achieved and undesired events are detected, prevented, and corrected. Controls, or countermeasures, will reduce or neutralize threats or vulnerabilities.
Controls have three primary objectives:

• Prevent
• Recover
• Detect

Incorrect Answers: A, B, C: One or more objectives stated in these choices is not correct objective of control.

Explanation: This is categorized as a “quick win” because the allocation of existing resources or a minor resource investment provides measurable benefits. Quick win is very effective and efficient response that addresses medium to high risk.
Incorrect Answers:
A: “Business case to be made” requires careful analysis and management decisions on investments that are more expensive or difficult risk responses to medium to high risk. Here in this scenario, there is only minor investment that is why, it is not “business case to be made”.
C: Risk avoidance is a type of risk response and not risk response prioritization option.
D: Deferral addresses costly risk response to a low risk, and hence in this specified scenario it is not used.

Explanation:
Risk assessment is a process of analyzing the identified risk, both quantitatively and qualitatively. Quantitative risk assessment requires calculations of two components of risk, the magnitude of the potential loss, and the probability that the loss will occur. While qualitatively risk assessment checks the severity of risk. Hence risk assessment helps in determining the present state of the risk.
Incorrect Answers:
B: Analyzing the effect of risk on an enterprise is the part of the process while performing risk assessment, but is not the reason for doing it.
C: Performing risk assessment may satisfy the regulatory requirements, but is not the reason to perform risk assessment.
D: Budgeting appropriately is one the results of risk assessment but is not the reason for performing the risk assessment.

Explanation: For effective post-implementation review the business measurements up front is established during the project.
Incorrect Answers:
B: Executing sufficient number of business cycles in the new system is done after the completion of the project. C, D: Identifying the information to be reviewed and information collected during each stage of project is done in pre-project phase and not during project for effective post-implementation review.