Which of the following is the HIGHEST risk of a policy that inadequately defines data and system
ownership?

Marie has identified a risk event in her project that needs a mitigation response. Her response
actually creates a new risk event that must now be analyzed and planned for. What term is given
to this newly created risk event?

Which one of the following is the only output for the qualitative risk analysis process?

FISMA requires federal agencies to protect IT systems and data. How often should compliance be
audited by an external organization?

Which of the following is the FOREMOST root cause of project risk?
Each correct answer represents a complete solution. Choose two.

You are the project manager of a SGT project. You have been actively communicating and
working with the project stakeholders. One of the outputs of the “manage stakeholder
expectations” process can actually create new risk events for your project. Which output of the
manage stakeholder expectations process can create risks?

Which of the following characteristics of risk controls can be defined as under?
“The separation of controls in the production environment rather than the separation in the design
and implementation of the risk”

Shelly is the project manager of the BUF project for her company. In this project Shelly needs to

establish some rules to reduce the influence of risk bias during the qualitative risk analysis
process. What method can Shelly take to best reduce the influence of risk bias?

You are the IT manager in Bluewell Inc. You identify a new regulation for safeguarding the
information processed by a specific type of transaction. What would be the FIRST action you will
take?

You are the risk official of your enterprise. You have just completed risk analysis process. You
noticed that the risk level associated with your project is less than risk tolerance level of your
enterprise. Which of following is the MOST likely action you should take?