Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

A. Business continuity plan
B. Continuity of Operations Plan
C. Disaster recovery plan
D. Contingency plan

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

A. NIST SP 800-53A
B. NIST SP 800-26
C. NIST SP 800-53
D. NIST SP 800-59
E. NIST SP 800-60
F. NIST SP 800-37

The Identify Risk process determines the risks that affect the project and document their characteristics. Why should the project team members be involved in the Identify Risk process?

A. They are the individuals that will have the best responses for identified risks events within the project.
B. They are the individuals that are most affected by the risk events.
C. They are the individuals that will need a sense of ownership and responsibility for the risk e vents.
D. They are the individuals that will most likely cause and respond to the risk events.

David is the project manager of HGF project for his company. David, the project team, and several key stakeholders have completed risk identification and are ready to move into qualitative risk analysis. Tracy, a project team member, does not understand why they need to complete qualitative risk analysis. Which one of the following is the best explanation for completing qualitative risk analysis?

A. It is a rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.
B. It is a cost-effective means of establishing probability and impact for the project risks.
C. Qualitative risk analysis helps segment the project risks, create a risk breakdown structure, and create fast and accurate risk responses.
D. All risks must pass through quantitative risk analysis before qualitative risk analysis.

Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created?

A. The level of detail is set by historical information.
B. The level of detail must define exactly the risk response for each identified risk.
C. The level of detail is set of project risk governance.
D. The level of detail should correspond with the priority ranking

You work as a project manager for TechSoft Inc. You, the project team, and the key project stakeholders have completed a round of quantitative risk analysis. You now need to update the risk register with your findings so that you can communicate the risk results to the project stakeholders -including management. You will need to update all of the following information except for which one?

A. Probability of achieving cost and time objectives
B. Risk distributions within the project schedule
C. Probabilistic analysis of the project
D. Trends in quantitative risk analysis

You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?

A. Quantitative risk analysis and modeling techniques
B. Data gathering and representation techniques
C. Expert judgment
D. Organizational process assets

Diana is the project manager of the QPS project for her company. In this project Diana and the project team have identified a pure risk. Diana and the project team decided, along with the key stakeholders, to remove the pure risk from the project by changing the project plan altogether. What is a pure risk?

A. It is a risk event that only has a negative side, such as loss of life or limb.
B. It is a risk event that cannot be avoided because of the order of the work.
C. It is a risk event that is created by a risk response.
D. It is a risk event that is generated due to errors or omission in the project work.

Tracy is the project manager of the NLT Project for her company. The NLT Project is scheduled to last 14 months and has a budget at completion of $4,555,000. Tracy's organization will receive a bonus of $80,000 per day that the project is completed early up to $800,000. Tracy realizes that there are several opportunities within the project to save on time by crashing the project work. Crashing the project is what type of risk response?

A. Mitigation
B. Exploit
C. Enhance
D. Transference

You are the project manager for your organization. You have determined that an activity is too dangerous to complete internally so you hire licensed contractor to complete the work. The contractor, however, may not complete the assigned work on time which could cause delays in subsequent work beginning. This is an example of what type of risk event?

A. Secondary risk
B. Transference
C. Internal
D. Pure risk