It is MOST important that security controls for a new system be documented in:

• A.testing requirements
• B.the implementation plan.
• C.System requirements
• D.The security policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be management's PRIMARY consideration when approving risk response action plans?

• A.Changes in residual risk after implementing the plans
• B.Ability of the action plans to address multiple risk scenarios
• C.Ease of implementing the risk treatment solution
• D.Prioritization for implementing the action plans

Comment: *

Name: *

Email: *

Verification: *

Which of the following is NOT true for risk management capability maturity level 1?

• A.There is an understanding that risk is important and needs to be managed, but it is viewed as a technical issue and the business primarily considers the downside of IT risk
• B.Decisions involving risk lack credible information
• C.Risk appetite and tolerance are applied only during episodic risk assessments
• D.Risk management skills exist on an ad hoc basis, but are not actively developed

Correct Answer: B

Explanation/Reference:
Explanation:
The enterprise with risk management capability maturity level 0 makes decisions without having much knowledge about the risk credible information. In level 1, enterprise takes decisions on the basis of risk credible information.
Incorrect Answers:
A, C, D: An enterprise's risk management capability maturity level is 1 when:
There is an understanding that risk is important and needs to be managed, but it is viewed as a

technical issue and the business primarily considers the downside of IT risk.
Any risk identification criteria vary widely across the enterprise.

Risk appetite and tolerance are applied only during episodic risk assessments.

Enterprise risk policies and standards are incomplete and/or reflect only external requirements and lack

defensible rationale and enforcement mechanisms.
Risk management skills exist on an ad hoc basis, but are not actively developed.

Ad hoc inventories of controls that are unrelated to risk are dispersed across desktop applications.

Comment: *

Name: *

Email: *

Verification: *

Which of the following assets are the examples of intangible assets of an enterprise?
Each correct answer represents a complete solution. Choose two.

• A.Customer trust
• B.Information
• C.People
• D.Infrastructure

Comment: *

Name: *

Email: *

Verification: *

You work as a project manager for Bluewell Inc. You have identified a project risk. You have then implemented the risk action plan and it turn out to be non-effective. What type of plan you should implement in such case?

• A.Risk mitigation
• B.Risk fallback plan
• C.Risk avoidance
• D.Risk response plan

Comment: *

Name: *

Email: *

Verification: *