Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?

• A.To enable consistent data on risk to be obtained
• B.To allow for proper review of risk tolerance
• C.To provide consistent and clear terminology
• D.To identify dependencies for reporting risk

Comment: *

Name: *

Email: *

Verification: *

Which of The following should be the FIRST step when a company is made aware of new regulatory requirements impacting IT?

• A.Review the risk tolerance and appetite.
• B.Perform a gap analysis.
• C.Perform a risk assessment.
• D.Prioritize impact to the business units.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. Choose all that apply.

• A.Education of staff or business partners
• B.Deployment of a threat-specific countermeasure
• C.Modify of the technical architecture
• D.Apply more controls
• E.Explanation:
  As new threats are identified and prioritized in terms of impact, the first step is to evaluate the ability of existing controls to mitigate risk associated with new threats and if it does not work then in that case facilitate the: Modification of the technical architecture Deployment of a threat-specific countermeasure Implementation of a compensating mechanism or process until mitigating controls are developed Education of staff or business partners

Comment: *

Name: *

Email: *

Verification: *

Assessing the probability and consequences of identified risks to the project objectives, assigning a risk score to each risk, and creating a list of prioritized risks describes which of the following processes?

• A.Qualitative Risk Analysis
• B.Plan Risk Management
• C.Identify Risks
• D.Quantitative Risk Analysis
• E.Explanation:
  The purpose of qualitative risk analysis is to determine what impact the identified risk events will have on the project and the probability they'll occur. It also puts risks in priority order according to their effects on the project objectives and assigns a risk score for the project.
• F.is incorrect. This process does not involve assessing the probability and consequences of identified risks. Quantitative analysis is the use of numerical and statistical techniques rather than the analysis of verbal material for analyzing risks. Some of the quantitative methods of risk analysis are: Internal loss method External data analysis Business process modeling (BPM) and simulation Statistical process control (SPC) Answer:C is incorrect. It involves listing of all the possible risks so as to cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry some level
  of risk with them.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way of managing risk inherent to wireless network?

• A.Enabling auditing on every host that connects to a wireless network
• B.Require private, key-based encryption to connect to the wireless network
• C.Require that the every host that connect to this network have a well-tested recovery plan
• D.Enable auditing on every connection to the wireless network

Comment: *

Name: *

Email: *

Verification: *