Which of the following is the MOST important consideration when identifying stakeholders to review risk scenarios developed by a risk analyst? The reviewers are:

• A.independent from the business operations.
• B.accountable for the affected processes.
• C.authorized to select risk mitigation options.
• D.members of senior management.

Comment: *

Name: *

Email: *

Verification: *

Which of the following baselines identifies the specifications required by the resource that meet the approved requirements?

• A.Functional baseline
• B.Allocated baseline
• C.Product baseline
• D.Developmental baseline
• E.Explanation:
  Allocated baseline identifies the specifications that meet the approved requirements.
• F.is incorrect. Functional baseline identifies the initial specifications before any changes
  are made.
• G.is incorrect. Product baseline identifies the minimal specification required by the
  resource to meet business outcomes.

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner has become aware of production data being used in a test environment. Which of the following should be the practitioner's PRIMARY concern?

• A.Security of the test environment.
• B.Readability of test data.
• C.Sensitivity of the data.
• D.Availability of data to authorized staff.

Comment: *

Name: *

Email: *

Verification: *

You are working in an enterprise. You project deals with important files that are stored on the computer.
You have identified the risk of the failure of operations. To address this risk of failure, you have guided the system administrator sign off on the daily backup. This scenario is an example of which of the following?

• A.Risk avoidance
• B.Risk transference
• C.Risk acceptance
• D.Risk mitigation

Correct Answer: D

Explanation/Reference:
Explanation:
Mitigation is the strategy that provides for the definition and implementation of controls to address the risk described. Here in this scenario, you are trying to reduce the risk of operation failure by guiding administrator to take daily backup, hence it is risk mitigation.
Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level.
Risk mitigation can utilize various forms of control carefully integrated together. The main control types are:
Managerial(e.g.,policies)

Technical (e.g., tools such as firewalls and intrusion detection systems)

Operational (e.g., procedures, separation of duties)

Preparedness activities

Incorrect Answers:
A: The scenario does not describe risk avoidance. Avoidance is a strategy that provides for not implementing certain activities or processes that would incur risk.
B: The scenario does not describe the sharing of risk. Transference is the strategy that provides for sharing risk with partners or taking insurance coverage.
C: The scenario does not describe risk acceptance, Acceptance is a strategy that provides for formal acknowledgment of the existence of a risk and the monitoring of that risk.

Comment: *

Name: *

Email: *

Verification: *

A change management process has recently been updated with new testing procedures. What is the NEXT course of action?

• A.Communicate to those who test and promote changes.
• B.Monitor processes to ensure recent updates are being followed.
• C.Assess the maturity of the change management process.
• D.Conduct a cost-benefit analysis to justify the cost of the control

Comment: *

Name: *

Email: *

Verification: *