Which of the following is the MOST useful information for a risk practitioner when planning response activities after risk identification?

• A.Risk appetite
• B.Risk heat maps
• C.Risk register
• D.Risk priorities

Comment: *

Name: *

Email: *

Verification: *

An organization has four different projects competing for funding to reduce overall IT risk. Which project should management defer?

• A.Project Delta
• B.Project Charlie
• C.Project Bravo
• D.Project Alpha

Comment: *

Name: *

Email: *

Verification: *

When defining thresholds for control key performance indicators (KPIs), it is MOST helpful to align:

• A.control performance with risk tolerance of business owners
• B.information risk assessments with enterprise risk assessments
• C.the control key performance indicators (KPIs) with audit findings
• D.key risk indicators (KRIs) with risk appetite of the business

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY responsibility of the first line of defense related to computer-enabled fraud?

• A.Providing oversight of risk management processes
• B.Monitoring the results of actions taken to mitigate fraud
• C.Implementing processes to detect and deter fraud
• D.Ensuring that risk and control assessments consider fraud

Comment: *

Name: *

Email: *

Verification: *

Harry is the project manager of HDW project. He has identified a risk that could injure project team members. He does not want to accept any risk where someone could become injured on this project so he hires a professional vendor to complete this portion of the project work. What type of risk response is Harry implementing?

• A.Transference
• B.Mitigation
• C.Acceptance
• D.Avoidance

Comment: *

Name: *

Email: *

Verification: *