1. Right Answer: D
Explanation: All of the options are directly or indirectly are the advantages of classifying information assets, but the most important benefit amongst them is that appropriate controls can be identified.Incorrect Answers:A, B, C: These all are less significant than identifying controls.

2. Right Answer: A,B,D
Explanation: When the risk events occur then following tasks have to done to react to it: Maintain incident response plans Monitor risk Initiate incident response Communicate lessons learned from risk eventsIncorrect Answers:C: Risk register is updated after applying appropriate risk response and at the time of risk event occurrence.

3. Right Answer: A,C,D
Explanation: The prioritization of the risk responses and development of the risk response plan is influenced by several parameters: Cost of the response to reduce risk within tolerance levels Importance of the risk Capability to implement the response Effectiveness of the response Efficiency of the responseIncorrect Answers:B: Time required to mitigate risk does not influence the prioritization of the risk and development of the risk response plan. It affects the scheduled time of the project.

4. Right Answer: A,C
Explanation: The Management class of controls includes five families. These families include over 40 individual controls. Following is a list of each of the families in theManagement class: Certification, Accreditation, and Security Assessment (CA): This family of controls addresses steps to implement a security and assessment program. It includes controls to ensure only authorized systems are allowed on a network. It includes details on important security concepts, such as continuous monitoring and a plan of action and milestones. Planning (PL): The PL family focuses on security plans for systems. It also covers Rules of Behaviour for users. Rules of Behaviour are also called an acceptable use policy. Risk Assessment (RA): This family of controls provides details on risk assessments and vulnerability scanning. System and Services Acquisition (SA): The SA family includes any controls related to the purchase of products and services. It also includes controls related to software usage and user installed software. Program Management (PM): This family is driven by the Federal Information Security Management Act (FISMA). It provides controls to ensure compliance withFISMA. These controls complement other controls. They don't replace them.Incorrect Answers:B, D: Identification and authentication, and audit and accountability control are technical class of controls.

5. Right Answer: A,B,D
Explanation: Risk indicators are placed at control points within the enterprise and are used to collect data. These collected data are used to measure the risk levels at that point. They also track events or incidents that may indicate a potentially harmful situation.Risk indicators can be in form of logs, alarms and reports. Risk indicators are selected depending on a number of parameters in the internal and external environment, such as: Size and complexity of the enterprise Type of market in which the enterprise operates Strategy focus of the enterpriseIncorrect Answers:C: Risk appetite and risk tolerance are considered when applying various risk responses.