You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. (Choose three.)

• A.Education of staff or business partners
• B.Deployment of a threat-specific countermeasure
• C.Modify of the technical architecture
• D.Apply more controls

Correct Answer: A,B,C

Explanation/Reference:
Explanation:
As new threats are identified and prioritized in terms of impact, the first step is to evaluate the ability of existing controls to mitigate risk associated with new threats and if it does not work then in that case facilitate the:
Modification of the technical architecture

Deployment of a threat-specific countermeasure

Implementation of a compensating mechanism or process until mitigating controls are developed

Education of staff or business partners

Incorrect Answers:
D: Applying more controls is not the good solution. They usually complicate the condition.

Comment: *

Name: *

Email: *

Verification: *

Reviewing historical risk events is MOST useful for which of the following processes within the risk management life cycle?

• A.Risk mitigation
• B.Risk assessment
• C.Risk monitoring
• D.Risk aggregation

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of HJT project. Important confidential files of your project are stored on a computer. Keeping the unauthorized access of this computer in mind, you have placed a hidden CCTV in the room, even on having protection password. Which kind of control CCTV is?

• A.Technical control
• B.Physical control
• C.Administrative control
• D.Management control
• E.Explanation:
  CCTV is a physical control. Physical controls protect the physical environment. They include basics such as locks to protect access to secure areas. They also include environmental controls. This section presents the following examples of physical controls: Locked doors, guards, access logs, and closed-circuit television Fire detection and suppression Temperature and humidity detection Electrical grounding and circuit breakers Water detection

Comment: *

Name: *

Email: *

Verification: *

The MAIN goal of the risk analysis process is to determine the:

• A.control deficiencies
• B.frequency and magnitude of loss
• C.potential severity of impact
• D.threats and vulnerabilities

Comment: *

Name: *

Email: *

Verification: *

Which one of the following is the only output for the qualitative risk analysis process?

• A.Project management plan
• B.Risk register updates
• C.Organizational process assets
• D.Enterprise environmental factors

Correct Answer: B

Explanation/Reference:
Explanation:
Risk register update is the only output of the choices presented for the qualitative risk analysis process.
The four inputs for the qualitative risk analysis process are the risk register, risk management plan, project scope statement, and organizational process assets. The output of perform qualitative risk analysis process is Risk Register Updates. Risk register is updated with the information from perform qualitative risk analysis and the updated risk register is included in the project documents. Updates include the following important elements:
Relative ranking or priority list of project risks

Risks grouped by categories

Causes of risk or project areas requiring particular attention

List of risks requiring response in the near-term

List of risks for additional analysis and response

Watchlist of low priority risks

Trends in qualitative risk analysis results

Incorrect Answers:
A, C, D: These are not the valid outputs for the qualitative risk analysis process.

Comment: *

Name: *

Email: *

Verification: *