You are the project manager of a project in Bluewell Inc. You and your project team have identified several project risks, completed risk analysis, and are planning to apply most appropriate risk responses. Which of the following tools would you use to choose the appropriate risk response?
Correct Answer: C
Section: Volume A Explanation: Decision tree analysis is a risk analysis tool that can help the project manager in determining the best risk response. The tool can be used to measure probability, impact, and risk exposure and how the selected risk response can affect the probability and/or impact of the selected risk event. It helps to form a balanced image of the risks and opportunities connected with each possible course of action. This makes them mostly useful for choosing between different strategies, projects, or investment opportunities particularly when the resources are limited. A decision tree is a decision support tool that uses a tree-like graph or model of decisions and their possible consequences, including chance event outcomes, resource costs, and utility. Incorrect Answers: A: Project network diagrams help the project manager and stakeholders visualize the flow of the project work, but they are not used as a part of risk response planning. B: Cause-and-effect analysis is used for exposing risk factors and not an effective one in risk response planning. This analysis involves the use of predictive or diagnostic analytical tool for exploring the root causes or factors that contribute to positive or negative effects or outcomes. D: Delphi technique is used for risk analysis, i.e., for identifying the most probable risks. Delphi is a group of experts who used to rate independently the business risk of an organization. Each expert analyzes the risk independently and then prioritizes the risk, and the result is combined into a consensus.
Question 652
A risk practitioner is summarizing the results of a high-profile risk assessment sponsored by senior management. The BEST way to support risk-based decisions by senior management would be to:
Correct Answer: D
Section: Volume D
Question 653
Which of the following are the security plans adopted by the organization? Each correct answer represents a complete solution. (Choose three.)
Correct Answer: A,B,C
Explanation/Reference: Explanation: Organizations create different security plans to address different scenarios. Many of the security plans are common to most organizations. Most used security plans found in many organizations are: Business continuity plan Disaster recovery plan Backup plan Incident response plan Incorrect Answers: D: Project management plan is not a security plan, but a plan which describes the implementation of the project.
Question 654
Which of the following process ensures that extracted data are ready for analysis?
Correct Answer: B
Explanation/Reference: Explanation: Data validation ensures that extracted data are ready for analysis. One objective is to perform data quality tests to ensure data are valid complete and free of errors. This may also involve making data from different sources suitable for comparative analysis. Incorrect Answers: A: Analysis of data involves simple set of steps or complex combination of commands and other functionality. Data analysis is designed in such a way to achieve the stated objectives from the project plan. Although this may be applicable to any monitoring activity, it would be beneficial to consider transferability and scalability. This may include robust documentation, use of software development standards and naming conventions. C: Data gathering is the process of collecting data on risk to be monitored, prepare a detailed plan and define the project's scope. In the case of a monitoring project, this step should involve process owners, data owners, system custodians and other process stakeholders. D: In the data access process, management identifies which data are available and how they can be acquired in a format that can be used for analysis. There are two options for data extraction: Extracting data directly from the source systems after system owner approval Receiving data extracts from the system custodian (IT) after system owner approval
Question 655
When formulating a social media policy lo address information leakage, which of the following is the MOST important concern to address?
