Which of the following nodes of the decision tree analysis represents the start point of decision tree?
Correct Answer: D
Section: Volume C Explanation: Root node is the starting node in the decision tree. Incorrect Answers: A: Decision nodes represents the choice available to the decision maker, usually between a risky choice and its non-risky counterpart. C: Event node represents the possible uncertain outcomes of a risky decision, with at least two nodes to illustrate the positive and negative range of events. B: End node represents the outcomes of risk and decisions.
Question 147
The PRIMARY purpose of IT control status reporting is to:
Correct Answer: C
Question 148
An organization is considering allowing users to access company data from their personal devices. Which of the following is the MOST important factor when assessing the risk?
Correct Answer: A
Question 149
A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?
Correct Answer: D
Section: Volume D
Question 150
Which of the following is the process of numerically analyzing the effects of identified risks on the overall enterprise's objectives?
Correct Answer: B
is incorrect. Unlike the quantitative risk assessment, qualitative risk assessment does not assign dollar values. Rather, it determines risk's level based on the probability and impact of a risk. These values are determined by gathering the opinions of experts. Probability- establishing the likelihood of occurrence and reoccurrence of specific risks, independently, and combined. The risk occurs when a threat exploits vulnerability. Scaling is done to define the probability that a risk will occur. The scale can be based on word values such as Low, Medium, or High. Percentage can also be assigned to these words, like 10% to low and 90% to high. Impact- Impact is used to identify the magnitude of identified risks. The risk leads to some type of loss. However, instead of quantifying the loss as a dollar value, an impact assessment could use words such as Low, Medium, or High. Impact is expressed as a relative value. For example, low could be 10, medium could be 50, and high could be 100. Risk level= Probability*Impact Answer: A is incorrect. The first thing we must do in risk management is to identify the areas of the project where the risks can occur. This is termed as risk identification. Listing all the possible risks is proved to be very productive for the enterprise as we can cure them before it can occur. In risk identification both threats and opportunities are considered, as both carry some level of risk with them. Answer: D is incorrect. This is the process of implementing risk response plans, tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk process effectiveness through the project.
