Which of the following would MOST effectively enable a business operations manager to identify events exceeding risk thresholds?

• A.Transaction logging
• B.Benchmarking against peers
• C.A control self-assessment
• D.Continuous monitoring

Comment: *

Name: *

Email: *

Verification: *

The only output of qualitative risk analysis is risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?

• A.Trends in qualitative risk analysis
• B.Risk probability-impact matrix
• C.Risks grouped by categories
• D.Watchlist of low-priority risks
• E.Explanation:
  The risk matrix is not included as part of the risk register updates. There are seven things that can
  be updated in the risk register as a result of qualitative risk analysis: relating ranking of project
  risks, risks grouped by categories, causes of risks, list of near-term risks, risks requiring additional
  analysis, watchlist of low-priority risks, trends in qualitative risk analysis.
• F.is incorrect. Risks grouped by categories are part of the risk register updates.
• G.is incorrect. Watchlist of low-priority risks is part of the risk register updates.

Comment: *

Name: *

Email: *

Verification: *

An application runs a scheduled job that compiles financial data from multiple business systems and updates the financial reporting system. If this job runs too long, it can delay financial reporting. Which of the following is the risk practitioner's BEST recommendation?

• A.Implement database activity and capacity monitoring.
• B.Consider providing additional system resource to this job.
• C.Ensure the enterprise has a process to detect such situations.
• D.Ensure the business is aware of the risk.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST help to ensure that suspicious network activity is identified?

• A.Analyzing server logs
• B.Coordinating events with appropriate agencies
• C.Analyzing intrusion detection system (IDS) logs
• D.Using a third-party monitoring provider

Comment: *

Name: *

Email: *

Verification: *

What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?

• A.Anti-harassment policy
• B.Acceptable use policy
• C.Intellectual property policy
• D.Privacy policy

Comment: *

Name: *

Email: *

Verification: *