What is the PRIMARY reason to categorize risk scenarios by business process?

• A.To determine aggregated risk levels by risk owner
• B.To identify situations that result in over-control
• C.To enable management to implement cost-effective risk mitigation
• D.To show business activity deficiencies that need to be improved

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY reason a risk practitioner would be interested in an internal audit report is to:

• A.plan awareness programs for business managers.
• B.maintain a risk register based on noncompliances.
• C.evaluate maturity of the risk management process.
• D.assist in the development of a risk profile.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of project for a client. The client has promised your company a bonus, if the project is completed early. After studying the project work, you elect to crash the project in order to realize the early end date. This is an example of what type of risk response?

• A.Negative risk response, because crashing will add risks.
• B.Positive risk response, as crashing is an example of enhancing.
• C.Positive risk response, as crashing is an example of exploiting.
• D.Negative risk response, because crashing will add costs.

Comment: *

Name: *

Email: *

Verification: *

The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?

• A.Logs and system events
• B.Vulnerability assessment reports
• C.Intrusion detection system (IDS) rules
• D.Penetration test reports

Comment: *

Name: *

Email: *

Verification: *

In order to efficiently execute a risk response action plan, it is MOST important for the emergency response team members to understand:

• A.system architecture in target areas.
• B.IT management policies and procedures.
• C.defined roles and responsibilities.
• D.business objectives of the organization.

Comment: *

Name: *

Email: *

Verification: *