M9 Practice Quiz

#risk_management

Question 1

  1. John is the owner of a small construction company. He recently signed a contract for a new project. The contract includes a clause stating that John's company will be responsible for any damages that occur during the construction process. As a result, John has decided to purchase insurance that will cover the cost of any damage that might occur during the construction process. Which risk management strategy is John using?

    Options:

    • Risk Transference
    • Risk Mitigation
    • Risk Avoidance
    • Risk Acceptance

    Overall explanation:

    • Risk transference is a strategy that involves shifting the risk of a loss to a third party. In this case, the risk of potential damages (and the associated costs) is being transferred from John's construction company to the insurance company.
    • If John were using Risk Acceptance, he would be prepared to accept the risk of damage without taking any actions to mitigate the risk. I
    • f he was using Risk Avoidance, he would not have signed the contract or accepted the job, thus avoiding any risk that his company would do damage and have to pay for it.
    • If John has used Risk Mitigation, he would have taken steps to reduce the likelihood that damage would occur. This could mean he would use only the most experienced and careful employees on job to reduce the likelihood of any damage being done.

    Tags: Risk Management Strategies

Question 2

  1. Solarflare, an energy company, has identified a risk that, if it occurs, could halt their production line. They have determined that they can tolerate a disruption of up to 3 hours before it severely impacts their operations. Which of the following metrics does this scenario represent?

    Options:

    • Recovery Time Objective (RTO)
    • Recovery Point Objective (RPO)
    • Mean Time Between Failures (MTBF)
    • Mean Time to Repair (MTTR)

    Overall explanation:

    • The scenario describes the Recovery Time Objective (RTO), which is the maximum acceptable length of time that can elapse before the lack of a business function severely impacts the organization. In this case, the company's RTO for their production line is 3 hours. This means they aim to restore the production line within this timeframe following a disruption to avoid unacceptable consequences.
    • The Mean Time Between Failures (MTBF) is a measurement of a device's life expectancy.
    • The Recovery Point Objective (RTO) measures the amount of time it takes to identify that a problem has occurred and return the system to full functionality.
    • The Mean Time to Repair (MTTR) is a measure of how long it will take to fix an issue and return the system to full functionality.

    Tags: Risk Identification

Question 3

  1. What does the term 'Risk Appetite' refer to?

    Options:

    • The steps taken to reduce the impact or likelihood of a risk
    • The risk an organization is prepared to accept without taking any countermeasures
    • The risk that remains after mitigation has taken place
    • The amount of residual risk an organization is willing to accept

    Overall explanation:

    • Risk Appetite describes an organization's willingness to take on certain risks to achieve its objectives. It can be expansionary, conservative, or neutral, depending on the balance the organization seeks between risk and return.

    Tags: Risk Register

Question 4

  1. You are managing a construction project and a potential risk is the delay in delivery of critical materials. The likelihood of this risk is high and the impact is also high. What would be an appropriate mitigation strategy based on Qualitative Risk Analysis?

    Options:

    • Increase the project budget
    • Ignore the risk
    • Stop the project
    • Secure multiple vendors

    Overall explanation:

    • Securing multiple vendors for critical materials is a proactive mitigation strategy in this scenario. It reduces the dependency on a single vendor and provides alternatives if one vendor fails to deliver on time, thereby reducing both the likelihood and impact of the risk.
    • Because the impact is high, ignoring the risk isn't a good idea. Stopping the project would likely create even more risk and a greater loss of money. It would also not make sense because the critical material might be delivered on time, so stopping would ensure problems rather than mitigate them.
    • Increasing the project's budget will not address the issue.

    Tags: Qualitative Risk Analysis

Question 5

  1. You are managing a company's IT infrastructure. One of your servers, valued at $20,000, has an Exposure Factor (EF) of 60% in the event of a crash. The server crashes once every five years. What is the Annualized Loss Expectancy (ALE) for this server?

    Options:

    • $6,000
    • $4,000
    • $2,400
    • $12,000

    Overall explanation:

    • The Single Loss Expectancy (SLE) is calculated as the value of the asset multiplied by the Exposure Factor (EF). In this case, SLE = 12,000.
    • The Annualized Rate of Occurrence (ARO) is 1/5 (since the server crashes once every five years) = 0.2.
    • The Annualized Loss Expectancy (ALE) is calculated as SLE * ARO. In this case, ALE = 12,000 * 0.2 = 2,400.

    Tags: Quantitative Risk Analysis