Which of the following BEST enforces access control for an organization that uses multiple cloud technologies?
Correct Answer: D
Question 242
Which of the following IT controls is MOST useful in mitigating the risk associated with inaccurate data?
Correct Answer: D
Question 243
Qualitative risk assessment uses which of the following terms for evaluating risk level? Each correct answer represents a part of the solution. Choose two.
Correct Answer: A,C
Section: Volume D Explanation: Unlike the quantitative risk assessment, qualitative risk assessment does not assign dollar values. Rather, it determines risk's level based on the probability and impact of a risk. These values are determined by gathering the opinions of experts. * Probability- establishing the likelihood of occurrence and reoccurrence of specific risks, independently, and combined. The risk occurs when a threat exploits vulnerability. Scaling is done to define the probability that a risk will occur. The scale can be based on word values such as Low, Medium, or High. Percentage can also be assigned to these words, like 10% to low and 90% to high. * Impact- Impact is used to identify the magnitude of identified risks. The risk leads to some type of loss. However, instead of quantifying the loss as a dollar value, an impact assessment could use words such as Low, Medium, or High. Impact is expressed as a relative value. For example, low could be 10, medium could be 50, and high could be 100. Risk level = Probability * Impact Incorrect Answers: B, D: These are used for calculating Annual loss expectancy (ALE) in quantitative risk assessment. Formula is given as follows: ALE= SLE * ARO
Question 244
Which of the following is the MOST relevant input to an organization's risk profile?
Correct Answer: A
Section: Volume D
Question 245
You and your project team have identified a few risk events in the project and recorded the events in the risk register. Part of the recording of the events includes the identification of a risk owner. Who is a risk owner?
Correct Answer: D
Explanation/Reference: Explanation: Risk owner for each risk should be the person who has the most influence over its outcome. Selecting the risk owner thus usually involves considering the source of risk and identifying the person who is best placed to understand and implement what needs to be done. They are also responsible for responding to the event and reporting on the risk status. Incorrect Answers: A: A risk owner will monitor the identified risks for status changes, but all project stakeholders should be iteratively looking to identify the risks. B: Risk owners do not pay for the cost of the risk event. C: Risk owners are not the people who cause the risk event.
