An organization has experienced several incidents of extended network outages that have exceeded tolerance.
Which of the following should be the risk practitioner's FIRST step to address this situation?

• A.Recommend a root cause analysis of the incidents
• B.Update the risk tolerance level to acceptable thresholds
• C.Recommend additional controls to address the risk
• D.Update the incident-related risk trend in the risk register

Comment: *

Name: *

Email: *

Verification: *

A business unit has decided to accept the risk of implementing an off-the-shelf, commercial software package that uses weak password controls. The BEST course of action would be to:

• A.select another application with strong password controls.
• B.develop an improved password software routine.
• C.continue the implementation with no changes.
• D.obtain management approval for policy exception.

Comment: *

Name: *

Email: *

Verification: *

A PRIMARY function of the risk register is to provide supporting information for the development of an organization's risk:

• A.map.
• B.process.
• C.profile.
• D.strategy.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is true for risk management frameworks, standards and practices?
Each correct answer represents a part of the solution. Choose three.

• A.They act as a guide to focus efforts of variant teams.
• B.They result in increase in cost of training, operation and performance improvement.
• C.They provide a systematic view of "things to be considered" that could harm clients or an enterprise.
• D.They assist in achieving business objectives quickly and easily.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY benefit of using an entry in the risk register to track the aggregate risk associated with server failure?

• A.It provides historical information about the impact of individual servers malfunctioning.
• B.It provides a view on where controls should be applied to maximize the uptime of servers.
• C.It provides a comprehensive view of the impact should the servers simultaneously fail.
• D.It provides a cost-benefit analysis on control options available for implementation.

Comment: *

Name: *

Email: *

Verification: *