What can be determined from the risk scenario chart?

• A.Risk treatment options
• B.The multiple risk factors addressed by a chosen response
• C.Relative positions on the risk map
• D.Capability of enterprise to implement

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a KEY outcome of risk ownership?

• A.Business process risk is analyzed.
• B.Risk-related information is communicated.
• C.Risk responsibilities are addressed.
• D.Risk-oriented tasks are defined.

Comment: *

Name: *

Email: *

Verification: *

To reduce the risk introduced when conducting penetration tests, the BEST mitigating control would be to:

• A.clearly define the project scope
• B.perform background checks on the vendor
• C.notify network administrators before testing
• D.require the vendor to sign a nondisclosure agreement

Comment: *

Name: *

Email: *

Verification: *

You are the risk professional in Bluewell Inc. You have identified a risk and want to implement a specific risk mitigation activity. What you should PRIMARILY utilize?

• A.Vulnerability assessment report
• B.Business case
• C.Technical evaluation report
• D.Budgetary requirements
• E.Explanation:
  As business case includes business need (like new product, change in process, compliance need, etc.) and the requirements of the enterprise (new technology, cost, etc.), risk professional should utilize this for implementing specific risk mitigation activity. Risk professional must look at the costs of the various controls and compare them against the benefits that the organization will receive from the risk response. Hence he/she needs to have knowledge of business case development to illustrate the costs and benefits of the risk response.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an output of risk assessment process?

• A.Identification of risk
• B.Identification of appropriate controls
• C.Mitigated risk
• D.Enterprise left with residual risk

Comment: *

Name: *

Email: *

Verification: *