1. Right Answer: A
Explanation: The Delphi technique uses rounds of anonymous surveys to build consensus on project risks. Delphi is a technique to identify potential risk. In this technique, the responses are gathered via a question and their inputs are organized according to their contents. The collected responses are sent back to these experts for further input, addition, and comments. The final list of risks in the project is prepared after that. The participants in this technique are anonymous and therefore it helps prevent a person from unduly influencing the others in the group. The Delphi technique helps in reaching the consensus quickly.Incorrect Answers:B: Root cause analysis is not an anonymous approach to risk identification.C: Isolated pilot groups is not a valid risk identification activity.D: SWOT analysis evaluates the strengths, weaknesses, opportunities, and threats of the project.

2. Right Answer: A
Explanation: Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware, operating systems, firmware, applications, and configuration files. Hence lack of adequate controls represents vulnerability and would ultimately cause threat to the enterprise.Incorrect Answers:B: Threat is the potential cause of unwanted incident.C: Assets are economic resources that are tangible or intangible, and is capable of being owned or controlled to produce value.D: Impact is the measure of the financial loss that the threat event may have.

3. Right Answer: B
Explanation: The risk matrix is not included as part of the risk register updates. There are seven things that can be updated in the risk register as a result of qualitative risk analysis: relating ranking of project risks, risks grouped by categories, causes of risks, list of near-term risks, risks requiring additional analysis, watchlist of low- priority risks, trends in qualitative risk analysis.Incorrect Answers:A: Trends in qualitative risk analysis are part of the risk register updates.C: Risks grouped by categories are part of the risk register updates.D: Watchlist of low-priority risks is part of the risk register updates.

4. Right Answer: D
Explanation: Systemic risks are those risks that happen with an important business partner and affect a large group of enterprises within an area or industry. An example would be a nationwide air traffic control system that goes down for an extended period of time (six hours), which affects air traffic on a very large scale.Incorrect Answers:A: Contagious risks are those risk events that happen with several of the enterprise's business partners within a very short time frame.B, C: Their scopes do not limit to the important or general enterprise's business partners. These risks can occur with both.Operational risks are those risks that are associated with the day-to-day operations of the enterprise. It is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.Reporting risks are caused due to wrong reporting which leads to bad decision. This bad decision due to wrong report hence causes a risk on the functionality of the organization.

5. Right Answer: B
Explanation: Risk rating rules define how to prioritize risks after the related probability and impact values are calculated. These are generally included in the organizational process assets and are refined for individual projects.Incorrect Answers:A: Affinity Diagram is a method of group creativity technique to collect requirements which allows large numbers of ideas to be sorted into groups for review and analysis. This is generally used in Scope Management and not applicable to this option.C: A Project Network diagram shows the sequencing and linkage between various project tasks and is not applicable to this questionD: Risk categories are an output of the Perform Qualitative Risk Analysis process and not a tool to complete the process.