Risk Management Exam Practice

45 Questions | Total Attempts: 485

SettingsSettingsSettings
Please wait...
Risk Management Exam Practice

Project risk is the possibility that project events will not occur as planned or that unplanned events will occur that will have a negative impact on the project. Do you have a risk management quiz coming up? The quiz below is designed to test out just how ready you are while reminding you about some of the things. Give it a shot!


Questions and Answers
  • 1. 
    The asset with the highest risk rating is: Asset Vulnerability Asset Impact Danger Supply Order Hardware failure 10 0.2 Customer e-mail Software failure 30 0.1 Employee e-mail Human Error 20 0.2 Supply fulfillment Power failure 10 0.3
    • A. 

      Supply order

    • B. 

      Customer e-mail

    • C. 

      Employee e-mail

    • D. 

      Supply fulfillment

    • E. 

      Cannot tell, need more information

  • 2. 
    The asset with the lowest risk rating is: Asset Vulnerability Asset Impact Danger Supply Order Hardware failure 10 0.2 Customer e-mail Software failure 30 0.1 Employee e-mail Human Error 20 0.2 Supply fulfillment Power failure 10 0.3
    • A. 

      Supply order

    • B. 

      Customer e-mail

    • C. 

      Employee e-mail

    • D. 

      Supply fulfillment

    • E. 

      Cannot tell, need more information

  • 3. 
    The most import asset to the organization is: Asset Vulnerability Asset Impact Danger Supply Order Hardware failure 10 0.2 Customer e-mail Software failure 30 0.1 Employee e-mail Human Error 20 0.2 Supply fulfillment Power failure 10 0.3
    • A. 

      Supply order

    • B. 

      Customer e-mail

    • C. 

      Employee e-mail

    • D. 

      Supply fulfillment

    • E. 

      Cannot tell, need more information

  • 4. 
    The vulnerability that poses the largest threat to the organization is: Asset Vulnerability Asset Impact Danger Supply Order Hardware failure 10 0.2 Customer e-mail Software failure 30 0.1 Employee e-mail Human Error 20 0.2 Supply fulfillment Power failure 10 0.3
    • A. 

      Hardware failure

    • B. 

      Software failure

    • C. 

      Power failure

    • D. 

      Employee e-mail

    • E. 

      Cannot tell, need more information

  • 5. 
    The vulnerability that poses the smallest threat to the organization is: Asset Vulnerability Asset Impact Danger Supply Order Hardware failure 10 0.2 Customer e-mail Software failure 30 0.1 Employee e-mail Human Error 20 0.2 Supply fulfillment Power failure 10 0.3
    • A. 

      Hardware failure

    • B. 

      Software failure

    • C. 

      Power failure

    • D. 

      Employee e-mail

    • E. 

      Cannot tell, need more information

  • 6. 
    For an organization, Risk Control Selection is influenced by
    • A. 

      The willingness of its employees to accept the controls

    • B. 

      The budget allocated to Information Security

    • C. 

      The ability of the organization to implement the risk control

    • D. 

      Both a and b

    • E. 

      All of the above

  • 7. 
    Which of the following types of organizations will likely have the highest risk appetite? An organization that:
    • A. 

      Is closely regulated

    • B. 

      Depends on the internet

    • C. 

      Considers information security controls investment a low priority

    • D. 

      Both a and b

    • E. 

      All of the above

  • 8. 
    An organization with a large risk appetite will likely follow the ____ risk control strategy?
    • A. 

      Acceptance

    • B. 

      Mitigation

    • C. 

      Transference

    • D. 

      Avoidance

    • E. 

      None of the above

  • 9. 
    An Incident Response Plan is part of the _____ risk control strategy.
    • A. 

      Acceptance

    • B. 

      Mitigation

    • C. 

      Transference

    • D. 

      Avoidance

    • E. 

      None of the above

  • 10. 
    An organization that chooses to outsources its risk management practice to independents consultants is taking the risk ____ control strategy.
    • A. 

      Acceptance

    • B. 

      Mitigation

    • C. 

      Transference

    • D. 

      Avoidance

    • E. 

      None of the above

  • 11. 
    Application of training and education is a technique of the risk ___ control strategy.
    • A. 

      Acceptance

    • B. 

      Mitigation

    • C. 

      Transference

    • D. 

      Avoidance

    • E. 

      None of the above

  • 12. 
    Reducing the impact of a successful attack on an organization’s system falls under the risk ___ control strategy.
    • A. 

      Acceptance

    • B. 

      Mitigation

    • C. 

      Transference

    • D. 

      Avoidance

    • E. 

      None of the above

  • 13. 
    In order to improve the behavioural acceptance of a risk control, an organization should _____.
    • A. 

      Inform its employees about the controls

    • B. 

      Explain the reasons for controls

    • C. 

      Allow the employee about the controls

    • D. 

      Both a and b

    • E. 

      All of the above

  • 14. 
    Which of the following factors influences the risk appetite of an organization?
    • A. 

      Management style

    • B. 

      Regulatory requirements

    • C. 

      Technical capabilities

    • D. 

      Both a and b

    • E. 

      All of the above

  • 15. 
    In terms of the CBA, a Risk Assessment involves
    • A. 

      Deriving a protection benefit calculation

    • B. 

      Deriving a protection cost calculation

    • C. 

      Both a and b

    • D. 

      None of the above

  • 16. 
    The risk that represents the most danger to the organization is: Risk Risk Description Type Priority 1 Information accessed by unauthorized personnel CON B 2 Unclear versioning of information CON C 3 Database corrupted by hardware failure CON A
    • A. 

      Information accessed by unauthorized personnel

    • B. 

      Unclear versioning of information

    • C. 

      Database corrupted by hardware failure

    • D. 

      Cannot tell, need more information

  • 17. 
    Corrective action must be implemented for which risk? Risk Risk Description Type Priority 1 Information accessed by unauthorized personnel CON B 2 Unclear versioning of information CON C 3 Database corrupted by hardware failure CON A
    • A. 

      Information accessed by unauthorized personnel

    • B. 

      Unclear versioning of information

    • C. 

      Database corrupted by hardware failure

    • D. 

      None of the above risks need corrective action

    • E. 

      Cannot tell, need more information

  • 18. 
    Which risk only requires monitoring? Risk Risk Description Type Priority 1 Information accessed by unauthorized personnel CON B 2 Unclear versioning of information CON C 3 Database corrupted by hardware failure CON A
    • A. 

      Information accessed by unauthorized personnel

    • B. 

      Unclear versioning of information

    • C. 

      Database corrupted by hardware failure

    • D. 

      None of the above risks need corrective action

    • E. 

      Cannot tell, need more information

  • 19. 
    Which risk does not requirement any further action? Risk Risk Description Type Priority 1 Information accessed by unauthorized personnel CON B 2 Unclear versioning of information CON C 3 Database corrupted by hardware failure CON A
    • A. 

      Information accessed by unauthorized personnel

    • B. 

      Unclear versioning of information

    • C. 

      Database corrupted by hardware failure

    • D. 

      All of the above risks need corrective action

    • E. 

      Cannot tell, need more information

  • 20. 
    The post-FRAP meeting involves:
    • A. 

      Determining which controls to implement

    • B. 

      Producing a cross-reference sheet

    • C. 

      Prioritizing the risks

    • D. 

      Both a and b

    • E. 

      All of the above are true

  • 21. 
    The first control that the organization should consider implementing is: Control Number Class Control Description 1 Backup Backup requirements will be determined and communicated 2 Recovery Plan Develop, document and test recovery procedures 3 Access Control Implement an access control mechanism
    • A. 

      Backup

    • B. 

      Recovery Plan

    • C. 

      Access Control

    • D. 

      Cannot tell, need more information

  • 22. 
    The most effective control that the organization is now implementing is: Control Number Class Control Description 1 Backup Backup requirements will be determined and communicated 2 Recovery Plan Develop, document and test recovery procedures 3 Access Control Implement an access control mechanism
    • A. 

      Backup

    • B. 

      Recovery Plan

    • C. 

      Access Control

    • D. 

      Cannot tell, need more information

  • 23. 
    The FRAP process:
    • A. 

      Always assumes that no controls are in place

    • B. 

      Has three main sessions

    • C. 

      Is a qualitative risk assessment method

    • D. 

      Both b and c

    • E. 

      All of the above are true

  • 24. 
    The priority model:
    • A. 

      Looks at business impact

    • B. 

      Looks at vulnerability

    • C. 

      Has a scale of high, medium, and low

    • D. 

      Both a and c

    • E. 

      All of the above are true

  • 25. 
    The pre-FRAP meeting involves:
    • A. 

      Preparing a scope statement

    • B. 

      Assembling an analysis team

    • C. 

      Providing each member of the analysis team with a copy of the agreed definitions

    • D. 

      Both a and b

    • E. 

      All of the above are true

  • 26. 
    The risk that represents the most danger to the organization is: Risk Risk Description Type 1 Improper protection of passwords CON 2 Uncontrolled access to information CON 3 Information on laptops in unprotected   CON
    • A. 

      Improper protection of passwords

    • B. 

      Uncontrolled access to information

    • C. 

      Information on laptops is unprotected

    • D. 

      Cannot tell, need more information

  • 27. 
    The risk that does not represent any danger to the organization is: Risk Risk Description Type 1 Improper protection of passwords CON 2 Uncontrolled access to information CON 3 Information on laptops in unprotected   CON
    • A. 

      Improper protection of passwords

    • B. 

      Uncontrolled access to information

    • C. 

      Information on laptops is unprotected

    • D. 

      Cannot tell, need more information

  • 28. 
      CON is an abbreviation for: Risk Risk Description Type 1 Improper protection of passwords CON 2 Uncontrolled access to information CON 3 Information on laptops in unprotected   CON
    • A. 

      Controlled

    • B. 

      Confidentiality

    • C. 

      Concern

    • D. 

      Connection

    • E. 

      None of the above

  • 29. 
    What is NOT involved in the pre-FRAP process?
    • A. 

      A business manager

    • B. 

      A facilitator

    • C. 

      A project development lead

    • D. 

      A systems administrator

    • E. 

      All of the above play a role in guiding the analysis

  • 30. 
    The FRAP session:
    • A. 

      Is lead by the business manager

    • B. 

      Involves identifying the risks facing the organization

    • C. 

      Results in the production of a list of suggested controls for each asset

    • D. 

      Both b and c

    • E. 

      All of the above are true

  • 31. 
    Which threat is the most likely to cause the largest SLE? Type of Threat Probability Human Impact Property Impact Business Impact Fire 1 3 3 4 Flood 2 2 3 3 Power Failure 4 1 2 2
    • A. 

      Fire

    • B. 

      Flood

    • C. 

      Power Failure

    • D. 

      Cannot tell, need more information

  • 32. 
    Which threat has the largest potential impact on the organization? Type of Threat Probability Human Impact Property Impact Business Impact Fire 1 3 3 4 Flood 2 2 3 3 Power Failure 4 1 2 2
    • A. 

      Fire

    • B. 

      Flood

    • C. 

      Power Failure

    • D. 

      Cannot tell, need more information

  • 33. 
    Risk assessment is the ____ step in the disaster recovery planning process.
    • A. 

      First

    • B. 

      Second

    • C. 

      Third

    • D. 

      Fourth

    • E. 

      All of the above

  • 34. 
    Which threat is the most likely to strike the organization? Type of Threat Probability Human Impact Property Impact Business Impact Fire 1 3 3 4 Flood 2 2 3 3 Power Failure 4 1 2 2
    • A. 

      Fire

    • B. 

      Flood

    • C. 

      Power Failure

    • D. 

      Cannot tell, need more information

  • 35. 
    The threat that poses the biggest risk to the organization is: Type of Threat Impact Sub Total Internal Resources External Resources Fire 12 1 2 Flood 11 2 3 Power Failure 10 3 1
    • A. 

      Fire

    • B. 

      Flood

    • C. 

      Power Failure

    • D. 

      Cannot tell, need more information

  • 36. 
    The threat that has the least effective safeguard is: Type of Threat Impact Sub Total Internal Resources External Resources Fire 12 1 2 Flood 11 2 3 Power Failure 10 3 1
    • A. 

      Fire

    • B. 

      Flood

    • C. 

      Power Failure

    • D. 

      Cannot tell, need more information

  • 37. 
    The threat that is most likely to strike the site is: Type of Threat Impact Sub Total Internal Resources External Resources Fire 12 1 2 Flood 11 2 3 Power Failure 10 3 1
    • A. 

      Fire

    • B. 

      Flood

    • C. 

      Power Failure

    • D. 

      Cannot tell, need more information

  • 38. 
    The threat that is the most likely to cause the greatest ALE is: Type of Threat Impact Sub Total Internal Resources External Resources Fire 12 1 2 Flood 11 2 3 Power Failure 10 3 1
    • A. 

      Fire

    • B. 

      Flood

    • C. 

      Power Failure

    • D. 

      Cannot tell, need more information

  • 39. 
    In disaster recovery planning, the coordinator is responsible for _____.
    • A. 

      Maintaining an activity log

    • B. 

      Documenting all aspects of the disaster recovery plan

    • C. 

      Revising the disaster recovery plan as required

    • D. 

      Both a and b

    • E. 

      None of the above

  • 40. 
    In disaster recovery planning, procedures are required to______.
    • A. 

      Determine the extent of the disaster

    • B. 

      Declaring a disaster

    • C. 

      Mobilize resources

    • D. 

      Both a and b

    • E. 

      All of the above

  • 41. 
    In disaster recovery planning, an asset that contributes to smooth operations and comfortable working conditions for employees is classified as ________.
    • A. 

      Critical

    • B. 

      Essential

    • C. 

      Necessary

    • D. 

      Desirable

    • E. 

      None of the above

  • 42. 
    In disaster recovery planning, an asset that must be in place to support day-to-day operations of the organizations is classified as ________.
    • A. 

      Critical

    • B. 

      Essential

    • C. 

      Necessary

    • D. 

      Desirable

    • E. 

      None of the above

  • 43. 
    In disaster recovery planning, a chart of responsibility determines the responsibilities of _____.
    • A. 

      Departments

    • B. 

      Business partners

    • C. 

      Outside service organizations

    • D. 

      Both a and b

    • E. 

      All of the above

  • 44. 
    Which of the following is the most strategic and long term of the following mitigation strategies. 
    • A. 

      Disaster recovery plan(DRP)

    • B. 

      Incident response plan(IRP)

    • C. 

      Business continuity plan(BCP)

    • D. 

      Business recovery plan(BRP)

    • E. 

      None of the above

  • 45. 
    An asset that improves working conditions and help enhance the organization’s performance is classified as ______________.
    • A. 

      Critical

    • B. 

      Essential

    • C. 

      Necessary

    • D. 

      Desirable

    • E. 

      None of the above