Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?

• A.Asset custodians are responsible for defining controls instead of asset owners.
• B.Successive assessments have the same recurring vulnerabilities.
• C.Redundant compensating controls are in place.
• D.A high number of approved exceptions exist with compensating controls.

Comment: *

Name: *

Email: *

Verification: *

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

• A.Risk transfer
• B.Risk acceptance
• C.Risk avoidance
• D.Risk mitigation

Comment: *

Name: *

Email: *

Verification: *

Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?

• A.Mary will schedule when the identified risks are likely to happen and affect the project schedule.
• B.Mary will utilize the schedule controls and the nature of the schedule for the quantitative analysis of the schedule.
• C.Mary will use the schedule management plan to schedule the risk identification meetings throughout the remaining project.
• D.Mary will utilize the schedule controls to determine how risks may be allowed to change the project schedule.
• E.Explanation:
  The controls within the schedule management plan can shape how quantitative risk analysis will be performed on the schedule. Schedule management plan also describes how the schedule contingencies will be reported and assessed.

Comment: *

Name: *

Email: *

Verification: *

Which of the following matrices is used to specify risk thresholds?

• A.Risk indicator matrix
• B.Impact matrix
• C.Risk scenario matrix
• D.Probability matrix
• E.Explanation:
  Risk indicators are metrics used to indicate risk thresholds, i.e., it gives indication when a risk level is approaching a high or unacceptable level of risk. The main objective of a risk indicator is to ensure tracking and reporting mechanisms that alert staff about the potential risks.

Comment: *

Name: *

Email: *

Verification: *

For which of the following risk management capability maturity levels do the statement given below is true?
"Real-time monitoring of risk events and control exceptions exists, as does automation of policy management"

• A.Level 3
• B.Level 0
• C.Level 5
• D.Level 2

Comment: *

Name: *

Email: *

Verification: *