A.Review vendors' performance metrics on quality and delivery of processes.

B.Review vendors' internal risk assessments covering key risk and controls.

C.Obtain independent control reports from high-risk vendors.

D.Obtain vendor references from third parties.

A.Encrypted passwords

B.Digital signatures

C.One-time passwords

D.Digital certificates

A.To determine the present state of risk

B.To analyze the effect on the business

C.To satisfy regulatory requirements

D.To budget appropriately for the application of various controls

E.Explanation:
Risk assessment is a process of analyzing the identified risk, both quantitatively and qualitatively. Quantitative risk assessment requires calculations of two components of risk, the magnitude of the potential loss, and the probability that the loss will occur. While qualitatively risk assessment
checks the severity of risk. Hence risk assessment helps in determining the present state of the
risk.

F.is incorrect. Budgeting appropriately is one the results of risk assessment but is not the
reason for performing the risk assessment.

G.is incorrect. Analyzing the effect of risk on an enterprise is the part of the process while
performing risk assessment, but is not the reason for doing it.

A.the business process.

B.managing controls.

C.the risk management process

D.implementing actions.

A.The scenarios are based on past incidents.

B.The scenarios are linked to probable organizational situations.

C.The scenarios are aligned with risk management capabilities.

D.The scenarios are mapped to incident management capabilities.