A risk manager has determined there is excessive risk with a particular technology. Who is the BEST person to own the unmitigated risk of the technology?

• A.Business process owner
• B.Chief financial officer
• C.Chief risk officer
• D.IT system owner

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST concern when an organization uses a managed security service provider as a firewall administrator?

• A.Lack of agreed-upon standards
• B.Lack of governance
• C.Exposure of log data
• D.Increased number of firewall rules

Comment: *

Name: *

Email: *

Verification: *

When it appears that a project risk is going to happen, what is this term called?

• A.Issue
• B.Contingency response
• C.Trigger
• D.Threshold
• E.Explanation:
  A trigger is a warning sign or a condition that a risk event is likely to occur within the project.
• F.is incorrect. A contingency response is a pre-planned response for a risk event, such as
  a rollback plan.
• G.is incorrect. Issues are events that come about as a result of risk events. Risks become
  issues only after they have actually occurred.

Comment: *

Name: *

Email: *

Verification: *

You are the risk official of your enterprise. Your enterprise takes important decisions without considering risk credential information and is also unaware of external requirements for risk management and integration with enterprise risk management. In which of the following risk management capability maturity levels does your enterprise exists?

• A.Level 1
• B.Level 0
• C.Level 5
• D.Level 4

Correct Answer: B

Explanation/Reference:
Explanation:
0 nonexistent: An enterprise's risk management capability maturity level is 0 when:
The enterprise does not recognize the need to consider the risk management or the business impact

from IT risk.
Decisions involving risk lack credible information.

Awareness of external requirements for risk management and integration with enterprise risk

management (ERM) do not exists.
Incorrect Answers:
A, C, D: These all are much higher levels of the risk management capability maturity model and in all these enterprise do take decisions considering the risk credential information. Moreover, in these levels enterprise is aware of external requirements for risk management and integrate with ERM.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST approach to use when creating a comprehensive set of IT risk scenarios?

• A.Gather scenarios from senior management
• B.Derive scenarios from IT risk policies and standards
• C.Benchmark scenarios against industry peers
• D.Map scenarios to a recognized risk management framework

Comment: *

Name: *

Email: *

Verification: *