Numerous media reports indicate a recently discovered technical vulnerability is being actively exploited.
Which of the following would be the BEST response to this scenario?

• A.Conduct a vulnerability assessment.
• B.Assess the vulnerability management process.
• C.Reassess the inherent risk of the target.
• D.Conduct a control serf-assessment.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of a large construction project. This project will last for 18 months and will cost $750,000 to complete. You are working with your project team, experts, and stakeholders to identify risks within the project before the project work begins. Management wants to know why you have scheduled so many risk identification meetings throughout the project rather than just initially during the project planning. What is the best reason for the duplicate risk identification sessions?

• A.The iterative meetings allow all stakeholders to participate in the risk identification processes throughout the project phases.
• B.The iterative meetings allow the project manager to discuss the risk events which have passed the project and which did not happen.
• C.The iterative meetings allow the project manager and the risk identification participants to identify newly discovered risk events throughout the project.
• D.The iterative meetings allow the project manager to communicate pending risks events during project execution.

Comment: *

Name: *

Email: *

Verification: *

When developing a new risk register, a risk practitioner should focus on which of the following risk management activities?

• A.Risk management strategy planning
• B.Risk identification
• C.Risk response planning
• D.Risk monitoring and control

Comment: *

Name: *

Email: *

Verification: *

Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization. Which of the following assessment are you doing?

• A.IT security assessment
• B.IT audit
• C.Threat and vulnerability assessment
• D.Risk assessment
• E.Explanation:
  Threat and vulnerability assessment consider the full spectrum of risks. It identifies the likelihood of occurrence of risks and impact of the significant risks on the organization using the risk scenarios. For example: Natural threats can be evaluated by using historical data concerning frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, etc.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is true for risk management frameworks, standards and practices?
Each correct answer represents a part of the solution. Choose three.

• A.They act as a guide to focus efforts of variant teams.
• B.They result in increase in cost of training, operation and performance improvement.
• C.They provide a systematic view of "things to be considered" that could harm clients or an enterprise.
• D.They assist in achieving business objectives quickly and easily.

Correct Answer: A,C,D

Explanation/Reference:
Explanation:
Frameworks, standards and practices are necessary as:
They provide a systematic view of "things to be considered" that could harm clients or an enterprise.

They act as a guide to focus efforts of variant teams.

They save time and revenue, such as training costs, operational costs and performance improvement

costs.
They assist in achieving business objectives quickly and easily.

Comment: *

Name: *

Email: *

Verification: *