During a risk assessment, the risk practitioner finds a new risk scenario without controls has been entered into the risk register. Which of the following is the MOST appropriate action?

• A.Exclude the new risk scenario from the current risk assessment
• B.Request the risk scenario be removed from the register.
• C.Include the new risk scenario in the current risk assessment.
• D.Postpone the risk assessment until controls are identified.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be a risk practitioner's NEXT step upon learning the organization is not in compliance with a specific legal regulation?

• A.Assess the likelihood and magnitude of the associated risk.
• B.Identify mitigation activities and compensating controls.
• C.Notify senior compliance executives of the associated risk.
• D.Determine the penalties for lack of compliance.

Comment: *

Name: *

Email: *

Verification: *

Which of the following will BEST ensure that information security risk factors are mitigated when developing in-house applications?

• A.Include information security control specifications in business cases.
• B.Identify information security controls in the requirements analysis
• C.Identify key risk indicators (KRIs) as process output.
• D.Design key performance indicators (KPIs) for security in system specifications.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY reason a risk practitioner would be interested in an internal audit report is to:

• A.plan awareness programs for business managers.
• B.assist in the development of a risk profile.
• C.maintain a risk register based on noncompliances.
• D.evaluate maturity of the risk management process.

Comment: *

Name: *

Email: *

Verification: *

Marie has identified a risk event in her project that needs a mitigation response. Her response actually creates a new risk event that must now be analyzed and planned for. What term is given to this newly created risk event?

• A.Residual risk
• B.Secondary risk
• C.Infinitive risk
• D.Populated risk
• E.Explanation:
  Secondary risks are the risks that come about as a result of implementing a risk response. This
  new risk event must be recorded, analyzed, and planned for management.
• F.is incorrect. A residual risk event is similar to a secondary risk, but is often small in
  probability and impact, so it may just be accepted.
• G.is incorrect. Populated risk event is not a valid project management term.

Comment: *

Name: *

Email: *

Verification: *