Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?

A. Project scope statement

B. Project charter

C. Risk low-level watch list

D. Risk register

You are the project manager of the HGT project in Bluewell Inc. The project has an asset valued at $125,000 and is subjected to an exposure factor of 25 percent. What will be the Single Loss Expectancy of this project?

A. $ 125,025

B. $ 31,250

C. $ 5,000

D. $ 3,125,000

Which of the following is described by the definition given below? "It is the expected guaranteed value of taking a risk."

A. Certainty equivalent value

B. Risk premium

C. Risk value guarantee

D. Certain value assurance

A legacy application used for a critical business function relies on software that has reached the end of extended support Which of the following is the MOST effective control to manage this application?

A. Subscribe to threat intelligence to monitor external attacks.

B. Apply patches for a newer version of the application.

C. Segment the application within the existing network.

D. Increase the frequency of regular system and data backups.

The PRIMARY advantage of implementing an IT risk management framework is the:

A. establishment of a reliable basis for risk-aware decision making.

B. compliance with relevant legal and regulatory requirements.

C. improvement of controls within the organization and minimized losses.

D. alignment of business goals with IT objectives.

A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?

A. invoke the established incident response plan.

B. Inform internal audit.

C. Perform a root cause analysis

D. Conduct an immediate risk assessment

Which of The following would offer the MOST insight with regard to an organization's risk culture?

A. Risk management procedures

B. Senior management interviews

C. Benchmark analyses

D. Risk management framework

Which of the following MOST effectively enables senior management to communicate risk appetite?

A. Budget and resource allocation

B. Risk awareness training

C. Policies and procedures

D. Risk heat map

Which of the following should be done FIRST to enable consistent understanding of risk across the organization?

A. Prepare relevant risk scenarios for use across the organization.

B. Develop risk awareness communications for the organization.

C. Establish a common risk taxonomy for the organization.

D. Embed risk management practices throughout the organization.

The PRIMARY focus of an ongoing risk awareness program should be to:

A. enable better risk-based decisions.

B. expand understanding of risk indicators.

C. define appropriate controls to mitigate risk.

D. determine impact of risk scenarios.