Which of the following is NOT true for risk management capability maturity level 1?

• A.There is an understanding that risk is important and needs to be managed, but it is viewed as a technical issue and the business primarily considers the downside of IT risk
• B.Decisions involving risk lack credible information
• C.Risk appetite and tolerance are applied only during episodic risk assessments
• D.Risk management skills exist on an ad hoc basis, but are not actively developed

Correct Answer: B

Explanation/Reference:
Explanation:
The enterprise with risk management capability maturity level 0 makes decisions without having much knowledge about the risk credible information. In level 1, enterprise takes decisions on the basis of risk credible information.
Incorrect Answers:
A, C, D: An enterprise's risk management capability maturity level is 1 when:
There is an understanding that risk is important and needs to be managed, but it is viewed as a

technical issue and the business primarily considers the downside of IT risk.
Any risk identification criteria vary widely across the enterprise.

Risk appetite and tolerance are applied only during episodic risk assessments.

Enterprise risk policies and standards are incomplete and/or reflect only external requirements and lack

defensible rationale and enforcement mechanisms.
Risk management skills exist on an ad hoc basis, but are not actively developed.

Ad hoc inventories of controls that are unrelated to risk are dispersed across desktop applications.

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner is developing a set of bottom-up IT risk scenarios. The MOST important time to involve business stakeholders is when:

• A.identifying risk mitigation controls
• B.documenting the risk scenarios
• C.validating the risk scenarios
• D.updating the risk register

Comment: *

Name: *

Email: *

Verification: *

Kelly is the project manager of the NNQ Project for her company. This project will last for one year and has a budget of $350,000. Kelly is working with her project team and subject matter experts to begin the risk response planning process. What are the two inputs that Kelly would need to begin the plan risk response process?

• A.Risk register and the results of risk analysis
• B.Risk register and the risk response plan
• C.Risk register and power to assign risk responses
• D.Risk register and the risk management plan
• E.Explanation:
  The only two inputs for the risk response planning are the risk register and the risk management plan. The plan risk response project management process aims to reduce the threats to the project objectives and to increase opportunities. It follows the perform qualitative risk analysis process and perform quantitative risk analysis process. Plan risk response process includes the risk response owner to take the job for each agreed-to and funded risk response. This process addresses the risks by their priorities, schedules the project management plan as required, and inserts resources and activities into the budget. The inputs to the plan risk response process are as follows: Risk register Risk management plan

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of GHT project. You have implemented an automated tool to analyze and report on access control logs based on severity. This tool generates excessively large amounts of results.
You perform a risk assessment and decide to configure the monitoring tool to report only when the alerts are marked "critical". What you should do in order to fulfill that?

• A.Apply risk response
• B.Optimize Key Risk Indicator
• C.Update risk register
• D.Perform quantitative risk analysis

Comment: *

Name: *

Email: *

Verification: *

It is MOST important to the effectiveness of an IT risk management function that the associated processes are:

• A.reviewed and approved by senior management.
• B.periodically assessed against regulatory requirements.
• C.aligned to an industry-accepted framework.
• D.updated and monitored on a continuous basis.

Comment: *

Name: *

Email: *

Verification: *