1. Risk management is responding to a negative
event when it occurs.
2. With respect to IT security, a risk can result
in either a positive or a negative effect.
3. According to PMI, which term describes
the list of identied risks?
A. Risk checklist
B. Risk register
C. Risk methodology
D. Mitigation list
4. Which type of risk analysis uses formulas
and numerical values to indicate risk severity?
A. ...view middle of the document...
Which type of risk analysis uses relative ranking?
A. Objective risk analysis
B. Qualitative risk analysis
C. Subjective risk analysis
D. Quantitative risk analysis
6. Which risk-analysis value represents the annual
probability of a loss?
7. Which risk-response option would best describe
purchasing re insurance?
D. Avoid 8. Which risk response would be most appropriate
if the impact of a risk becoming a reality
9. Which of the following statements best describes
the relationship of a BCP to a DRP?
A. A BCP is required but a DRP is not
B. A DRP is a component of a BCP
C. A DRP is required but a BCP is not
D. A BCP is a component of a DRP
10. Which term is used to indicate the amount
of data loss that is acceptable?
11. A(n) ________ identies processes that are
critical to the operation of a business.
12. Which risk-assessment methodology is marketed
as a self-directed approach and has two different
editions for organizations of different sizes?
13. ________ is the U.S. security-related act
that governs health-related information.