Judy has identified a risk event in her project that will have a high probability and a high impact. Based on the requirements of the project, Judy has asked to change the project scope to remove the associated requirement and the associated risk. What type of risk response is this?

• A.Exploit
• B.Not a risk response, but a change request
• C.Avoidance
• D.Transference

Comment: *

Name: *

Email: *

Verification: *

You work as a project manager for BlueWell Inc. Your project is using a new material to construct a large warehouse in your city. This new material is cheaper than traditional building materials, but it takes some time to learn how to use the material properly. You have communicated to the project stakeholders that you will be able to save costs by using the new material, but you will need a few extra weeks to complete training to use the materials. This risk response of learning how to use the new materials can also be known as what term?

• A.Benchmarking
• B.Cost-benefits analysis
• C.Cost of conformance to quality
• D.Team development
• E.Explanation:
  When the project team needs training to be able to complete the project work it is a cost of conformance to quality. The cost of conformance to quality defines the cost of training, proper resources, and the costs the project must spend in order to ascertain the expected levels of quality the customer expects from
  the project. It is the capital used up throughout the project to avoid failures. It consists of two types
  of costs:
  Prevention costs: It is measured to build a quality product. It includes costs in training, document
  processing, equipment , and time to do it right.
  Appraisal costs: It is measured to assess the quality. It includes testing, destructive testing loss,
  and inspections.
• F.is incorrect. Team development describes activities the project manager uses to create
  a more cohesive and responsive project team.
• G.is incorrect. Cost-benefit analysis is the study of the benefits in relation to the costs to
  receive the benefits of a decision, a project, or other investment.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST key performance indicator (KPI) to measure the effectiveness of an antivirus program?

• A.Percentage of IT assets with current malware definitions
• B.Frequency of anti-vinjs software updates
• C.Number of false positives defected over a period of time
• D.Number of alerts generated by the anti-virus software

Comment: *

Name: *

Email: *

Verification: *

In which of the following risk management capability maturity levels risk appetite and tolerance are applied only during episodic risk assessments?

• A.Level 3
• B.Level 2
• C.Level 4
• D.Level 1

Correct Answer: D

Explanation/Reference:
Explanation:
An enterprise's risk management capability maturity level is 1 when:
There is an understanding that risk is important and needs to be managed, but it is viewed as a

technical issue and the business primarily considers the downside of IT risk.
Any risk identification criteria vary widely across the enterprise.

Risk appetite and tolerance are applied only during episodic risk assessments.

Enterprise risk policies and standards are incomplete and/or reflect only external requirements and lack

defensible rationale and enforcement mechanisms.
Risk management skills exist on an ad hoc basis, but are not actively developed.

Ad hoc inventories of controls that are unrelated to risk are dispersed across desktop applications.

Incorrect Answers:
A: In level 3 of risk management capability maturity model, local tolerances drive the enterprise risk tolerance.
B: In level 2 of risk management capability maturity model, risk tolerance is set locally and may be difficult to aggregate.
C: In level 4 of risk management capability maturity model, business risk tolerance is reflected by enterprise policies and standards reflect.

Comment: *

Name: *

Email: *

Verification: *

The BEST way to obtain senior management support for investment in a control implementation would be to articulate the reduction in:

• A.residual risk.
• B.inherent risk.
• C.detected incidents.
• D.vulnerabilities.

Comment: *

Name: *

Email: *

Verification: *