How residual risk can be determined?

• A.By determining remaining vulnerabilities after countermeasures are in place.
• B.By transferring all risks.
• C.By threat analysis
• D.By risk assessment

Comment: *

Name: *

Email: *

Verification: *

Which of the following parameters are considered for the selection of risk indicators?
Each correct answer represents a part of the solution. Choose three.

• A.Size and complexity of the enterprise
• B.Type of market in which the enterprise operates
• C.Risk appetite and risk tolerance
• D.Strategy focus of the enterprise
• E.Explanation:
  Risk indicators are placed at control points within the enterprise and are used to collect data. These collected data are used to measure the risk levels at that point. They also track events or incidents that may indicate a potentially harmful situation. Risk indicators can be in form of logs, alarms and reports. Risk indicators are selected depending on a number of parameters in the internal and external environment, such as: Size and complexity of the enterprise Type of market in which the enterprise operates Strategy focus of the enterprise

Comment: *

Name: *

Email: *

Verification: *

An organization discovers significant vulnerabilities in a recently purchased commercial off-the-shelf software product which will not be corrected until the next release. Which of the following is the risk manager's BEST course of action?

• A.Require the vendor to correct significant vulnerabilities prior to installation.
• B.Review the risk of implementing versus postponing with stakeholders.
• C.Run vulnerability testing tools to independently verify the vulnerabilities.
• D.Review software license to determine the vendor's responsibility regarding vulnerabilities.

Comment: *

Name: *

Email: *

Verification: *

You are working on a project in an enterprise. Some part of your project requires e-commerce, but your enterprise choose not to engage in e-commerce. This scenario is demonstrating which of the following form?

• A.risk avoidance
• B.risk treatment
• C.risk acceptance
• D.risk transfer
• E.Explanation:
  Each business process involves inherent risk. Not engaging in any activity avoids the inherent risk associated with the activity. Hence this demonstrates risk avoidance.

Comment: *

Name: *

Email: *

Verification: *

You are the program manager for your organization and you are working with Alice, a project manager in her program. Alice calls you and insists you to add a change to program scope. You agree for that the change. What must Alice do to move forward with her change request?

• A.Add the change to the program scope herself, as she is a project manager
• B.Create a change request charter justifying the change request
• C.Document the change request in a change request form.
• D.Add the change request to the scope and complete integrated change control

Comment: *

Name: *

Email: *

Verification: *