The effectiveness of a control has decreased. What is the MOST likely effect on the associated risk?

• A.The inherent risk changes.
• B.The risk classification changes.
• C.The risk impact changes.
• D.The residual risk changes.

Comment: *

Name: *

Email: *

Verification: *

Risk acceptance of an exception to a security control would MOST likely be justified when:

• A.the control is difficult to enforce in practice.
• B.the end-user license agreement has expired.
• C.business benefits exceed the loss exposure.
• D.automation cannot be applied to the control

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration for protecting data assets m a Business application system?

• A.Encrypted communication is established between applications and data servers
• B.Offsite encrypted backups are automatically created by the application
• C.Application users are periodically trained on proper data handling practices
• D.Application controls are aligned with data classification lutes

Comment: *

Name: *

Email: *

Verification: *

You are the project manager for BlueWell Inc. You have noticed that the risk level in your project increases above the risk tolerance level of your enterprise. You have applied several risk responses. Now you have to update the risk register in accordance to risk response process. All of the following are included in the risk register except for which item?

• A.Risk triggers
• B.Agreed-upon response strategies
• C.Network diagram analysis of critical path activities
• D.Risk owners and their responsibility

Correct Answer: C

Explanation/Reference:
Explanation:
The risk register does not examine the network diagram and the critical path. There may be risks associated with the activities on the network diagram, but it does not address the network diagram directly.
The risk register is updated at the end of the plan risk response process with the information that was discovered during the process. The response plans are recorded in the risk register. In the risk register, risk is stated in order of priority, i.e., those with the highest potential for threat or opportunity first. Some risks might not require response plans at all, but then too they should be put on a watch list and monitored throughout the project. Following elements should appear in the risk register:
List of identified risks, including their descriptions, root causes, and how the risks impact the project

objectives
Risk owners and their responsibility

Outputs from the Perform Qualitative Analysis process

Agreed-upon response strategies

Risk triggers

Cost and schedule activities needed to implement risk responses

Contingency plans

Fallback plans, which are risk response plans that are executed when the initial risk response plan

proves to be ineffective
Contingency reserves

Residual risk, which is a leftover risk that remains after the risk response strategy has been

implemented
Secondary risks, which are risks that come about as a result of implementing a risk response

Comment: *

Name: *

Email: *

Verification: *

Mike is the project manager of the NNP Project for his organization. He is working with his project team to plan the risk responses for the NNP Project. Mike would like the project team to work together on establishing risk thresholds in the project. What is the purpose of establishing risk threshold?

• A.It is a study of the organization's risk tolerance.
• B.It is a warning sign that a risk event is going to happen.
• C.It is a limit of the funds that can be assigned to risk events.
• D.It helps to identify those risks for which specific responses are needed.

Comment: *

Name: *

Email: *

Verification: *