1. Right Answer: C
Explanation: Watch-list contains risks with low rating of probability and impact. This list is useful for future monitoring of low risk factors.Incorrect Answers:A, B: No such documents as risk alarm and observation list is prepared during risk identification process.D: Risk register is a document that contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. Description, category, cause, probability of occurring, impact on objectives, proposed responses, owner, and the current status of all identified risks are put in the risk register.

2. Right Answer: B
Explanation: Quantitative risk analysis is generally more complex and thus is costlier than qualitative risk analysis.Incorrect Answers:A: Neither of the two risk analysis methods is fully objective. Qualitative method subjectively assigns high, medium and low frequency and impact categories to a specific risk, whereas quantitative method subjectivity expressed in mathematical 'weights'.C: To be effective, both processes require personnel who have a good understanding of the business. So there is equal requirement of skilled personnel in both.D: Quantitative analysis generally has a better buy-in than qualitative analysis to the point where it can cause over-reliance on the results. Hence this option is not correct.

3. Right Answer: C
Explanation: The first step after receiving any change request in a project must be first analyzed for its impact. Changes may be requested by any stakeholder involved with the project. Although, they may be initiated verbally, they should always be recorded in written form and entered into the change management and/or configuration management.Incorrect Answers:A, B, D: All these are the required steps depending on the change request. Any change request must be followed by the impact analysis of the change.

4. Right Answer: A,D
Explanation: The board of directors and senior management has the responsibility to set up the risk governance process, establish and maintain a common risk view, make risk-aware business decisions, and set the enterprise's risk culture.Incorrect Answers:B: CFO is the most senior official 0f the enterprise who is accountable for financial planning, record keeping, investor relations and financial risks. CFO is not responsible for responsible for setting up the risk governance process, establishing and maintaining a common risk view, making risk-aware business decisions, and setting the enterprise's risk culture.C: Human resource is the most senior official of an enterprise who is accountable for planning and policies with respect to all human resources in that enterprise.HR is not responsible for risk related activities.

5. Right Answer: D
Explanation: Mitigation is the strategy that provides for the definition and implementation of controls to address the risk described. Here in this scenario, you are trying to reduce the risk of operation failure by guiding administrator to take daily backup, hence it is risk mitigation.Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together. The main control types are: Managerial(e.g.,policies) Technical (e.g., tools such as firewalls and intrusion detection systems) Operational (e.g., procedures, separation of duties) Preparedness activitiesIncorrect Answers:A: The scenario does not describe risk avoidance. Avoidance is a strategy that provides for not implementing certain activities or processes that would incur risk.B: The scenario does not describe the sharing of risk. Transference is the strategy that provides for sharing risk with partners or taking insurance coverage.C: The scenario does not describe risk acceptance, Acceptance is a strategy that provides for formal acknowledgment of the existence of a risk and the monitoring of that risk.