After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:
After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:
Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

• A.Internal audit
• B.External audit
• C.Regulatory examination
• D.Vendor performance scorecard

Comment: *

Name: *

Email: *

Verification: *

David is the project manager of HRC project. He concluded while HRC project is in process that if he adopts e-commerce, his project can be more fruitful. But he did not engaged in electronic commerce (e- commerce) so that he would escape from risk associated with that line of business. What type of risk response had he adopted?

• A.Acceptance
• B.Avoidance
• C.Exploit
• D.Enhance

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of GHT project. You are performing cost and benefit analysis of control. You come across the result that costs of specific controls exceed the benefits of mitigating a given risk. What is the BEST action would you choose in this scenario?

• A.The enterprise may apply the appropriate control anyway.
• B.The enterprise should adopt corrective control.
• C.The enterprise may choose to accept the risk rather than incur the cost of mitigation.
• D.The enterprise should exploit the risk.

Comment: *

Name: *

Email: *

Verification: *

Which of the following documents is described in the statement below?
"It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

• A.Quality management plan
• B.Risk management plan
• C.Risk register
• D.Project charter
• E.Explanation:
  Risk register is a document that contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. Risk register is developed along with all processes of the risk management from Plan Risk Management through Monitor and Control Risks.
• F.is incorrect. The quality management plan is a component of the project management plan. It describes how the project team will implement the organization's quality policy. The quality management plan addresses quality control (QC), quality assurance (QA), and continuous process improvement for the project. Based on the requirement of the project, the quality management plan may be formal or informal, highly detailed or broadly framed. Answer:B is incorrect. Risk management plan includes roles and responsibilities, risk analysis definitions, timing for reviews, and risk threshold. The Plan Risk Responses process takes input from risk management plan and risk register to define the risk response.

Comment: *

Name: *

Email: *

Verification: *

Which among the following is the BEST reason for defining a risk response?

• A.To eliminate risk from the enterprise
• B.To ensure that the residual risk is within the limits of the risk appetite and tolerance
• C.To overview current status of risk
• D.To mitigate risk

Comment: *

Name: *

Email: *

Verification: *