David is the project manager of the HRC Project. He has identified a risk in the project, which could cause the delay in the project. David does not want this risk event to happen so he takes few actions to ensure that the risk event will not happen. These extra steps, however, cost the project an additional $10,000. What type of risk response has David adopted?
Which of the following is an administrative control?
AWater detection
BReasonableness check
CData loss prevention program
DSession timeout
Risks to an organization's image are referred to as what kind of risk?
AOperational
BFinancial
CInformation
DStrategic
You are the project manager of the NHQ project in Bluewell Inc. The project has an asset valued at $200,000 and is subjected to an exposure factor of 45 percent.
If the annual rate of occurrence of loss in this project is once a month, then what will be the Annual Loss Expectancy (ALE) of the project?
A$ 2,160,000
B$ 95,000
C$ 108,000
D$ 90,000
You are the project manager of GHT project. You have planned the risk response process and now you are about to implement various controls. What you should do before relying on any of the controls?
AReview performance data
BDiscover risk exposure
CConduct pilot testing
DArticulate risk
Question 6
Risk Assessment
0
Question 7
Risk Response and Reporting
Question 8
Risk Assessment
Question 9
Governance
Question 10
Risk Response and Reporting
Question 11
Risk Response and Reporting
Question 12
Governance
Question 13
Risk Assessment
Question 14
Risk Response and Reporting
Question 15
Risk Response and Reporting
Question 16
Risk Response and Reporting
Question 17
Risk Response and Reporting
Question 18
Risk Response and Reporting
Question 19
Governance
Question 20
Governance
Question 21
Risk Assessment
Question 22
Risk Response and Reporting
Question 23
Risk Response and Reporting
Question 24
Risk Assessment
Question 25
Risk Assessment
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which of the following statements are true for enterprise's risk management capability maturity level 3?
AWorkflow tools are used to accelerate risk issues and track decisions
BThe business knows how IT fits in the enterprise risk universe and the risk portfolio view
CThe enterprise formally requires continuous improvement of risk management skills, based on clearly defined personal and enterprise goals
DRisk management is viewed as a business issue, and both the drawbacks and benefits of risk are recognized
You are the project manager of GHT project. You have analyzed the risk and applied appropriate controls. In turn, you got residual risk as a result of this. Residual risk can be used to determine which of the following?
AStatus of enterprise's risk
BAppropriate controls to be applied next
CThe area that requires more control
DWhether the benefits of such controls outweigh the costs
Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization.
Which of the following assessment are you doing?
AIT security assessment
BIT audit
CThreat and vulnerability assessment
DRisk assessment
Which of the following control audit is performed to assess the efficiency of the productivity in the operations environment?
AOperational
BFinancial
CAdministrative
DSpecialized
Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly.
What type of risk response had been used by him?
AAvoiding
BAccepting
CExploiting
DEnhancing
You have identified several risks in your project. You have opted for risk mitigation in order to respond to identified risk. Which of the following ensures that risk mitigation method that you have chosen is effective?
AReduction in the frequency of a threat
BMinimization of inherent risk
CReduction in the impact of a threat
DMinimization of residual risk
Which of the following will significantly affect the standard information security governance model?
ACurrency with changing legislative requirements
BNumber of employees
CComplexity of the organizational structure
DCultural differences between physical locations
You work as a project manager for BlueWell Inc. You are preparing for the risk identification process. You will need to involve several of the project's key stakeholders to help you identify and communicate the identified risk events. You will also need several documents to help you and the stakeholders identify the risk events. Which one of the following is NOT a document that will help you identify and communicate risks within the project?
AStakeholder registers
BActivity duration estimates
CActivity cost estimates
DRisk register
You are the project manager of GHT project. Your project utilizes a machine for production of goods. This machine has the specification that if its temperature would rise above 450 degree Fahrenheit then it may result in burning of windings. So, there is an alarm which blows when machine's temperature reaches 430 degree Fahrenheit and the machine is shut off for 1 hour. What role does alarm contribute here?
AOf risk indicator
BOf risk identification
COf risk trigger
DOf risk response
You are working in an enterprise. Assuming that your enterprise periodically compares finished goods inventory levels to the perpetual inventories in its ERP system. What kind of information is being provided by the lack of any significant differences between perpetual levels and actual levels?
ADirect information
BIndirect information
CRisk management plan
DRisk audit information
A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?
ATransference
BMitigation
CAvoidance
DExploit
Which of the following control detects problem before it can occur?
ADeterrent control
BDetective control
CCompensation control
DPreventative control
Out of several risk responses, which of the following risk responses is used for negative risk events?
AShare
BEnhance
CExploit
DAccept
Which of the following is MOST important to the effectiveness of key performance indicators (KPIs)?
AManagement approval
BAutomation
CAnnual review
DRelevance
Which of the following is the BEST indication of an effective risk management program?
ARisk action plans are approved by senior management
BMitigating controls are designed and implemented
CResidual risk is within the organizational risk appetite
DRisk is recorded and tracked in the risk register
After undertaking a risk assessment of a production system, the MOST appropriate action is for the risk manager to:
Ainform the IT manager of the concerns and propose measures to reduce them
Binform the process owner of the concerns and propose measures to reduce them
Cinform the development team of the concerns, and together formulate risk reduction measures
Drecommend a program that minimizes the concerns of that production system
An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?
ARestrict access to customer data on a ג€need to knowג€ basis
BEnforce criminal background checks
CMask customer data fields
DRequire vendor to sign a confidentiality agreement
Which of the following aspects of an IT risk and control self-assessment would be MOST important to include in a report to senior management?
AA decrease in the number of key controls
BChanges in control design
CAn increase in residual risk
DChanges in control ownership
Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?
ABusiness management
BBusiness process owner
CChief information officer (CIO)
DChief risk officer (CRO)
When developing a business continuity plan (BCP), it is MOST important to:
Adevelop a multi-channel communication plan
Bprioritize critical services to be restored
Cidentify a geographically dispersed disaster recovery site
Didentify an alternative location to host operations
