1. Right Answer: B
Explanation: As the sensitivity of the monitoring tool has to be changed, therefore it requires optimization of Key Risk Indicator. The monitoring tool which is giving alerts is itself acting as a risk indicator. Hence to change the sensitivity of the monitoring tool to give alert only for critical situations requires optimization of the KRI.Incorrect Answers:A, C, D: These options are not relevant to the change of sensitivity of the monitoring tools.

2. Right Answer: A
Explanation: Force majeure describes acts of God (Natural disaster), such as tornados and fires, and are usually accepted because there's little than can be done to mitigate these risks.Incorrect Answers:B: Transference transfers the risk ownership to a third party, usually for a fee.C: Enhance is used for a positive risk event, not for force majeure.D: Mitigation isn't the best choice, as this lowers the probability and/or impact of the risk event.

3. Right Answer: C
Explanation: Configuration management control is a family of controls that addresses both configuration management and change management. Change control practices prevent unauthorized changes. They include goals such as configuring systems for least functionality as a primary method of hardening systems.Incorrect Answers:A: The Personal security control is family of controls that includes aspects of personnel security. It includes personnel screening, termination, and transfer.B: Access control is the family of controls that helps an organization implement effective access control. They ensure that users have the rights and permissions they need to perform their jobs, and no more. It includes principles such as least privilege and separation of duties.D: Physical and environment protection control are the family that provides an extensive number of controls related to physical security.

4. Right Answer: C
Explanation: The risk register does not examine the network diagram and the critical path. There may be risks associated with the activities on the network diagram, but it does not address the network diagram directly.The risk register is updated at the end of the plan risk response process with the information that was discovered during the process. The response plans are recorded in the risk register. In the risk register, risk is stated in order of priority, i.e., those with the highest potential for threat or opportunity first. Some risks might not require response plans at all, but then too they should be put on a watch list and monitored throughout the project. Following elements should appear in the risk register: List of identified risks, including their descriptions, root causes, and how the risks impact the project objectives Risk owners and their responsibility Outputs from the Perform Qualitative Analysis process Agreed-upon response strategies Risk triggers Cost and schedule activities needed to implement risk responses Contingency plans Fallback plans, which are risk response plans that are executed when the initial risk response plan proves to be ineffective Contingency reserves Residual risk, which is a leftover risk that remains after the risk response strategy has been implemented Secondary risks, which are risks that come about as a result of implementing a risk response

5. Right Answer: B
Explanation: Enhance is a risk response to improve the conditions to ensure the risk event occurs. Risk enhancement raises the probability of an opportunity to take place by focusing on the trigger conditions of the opportunity and optimizing the chances. Identifying and maximizing input drivers of these positive-impact risks may raise the probability of their occurrence.Incorrect Answers:A: Transference is a strategy to mitigate negative risks or threats. In this strategy, consequences and the ownership of a risk is transferred to a third party. This strategy does not eliminate the risk but transfers responsibility of managing the risk to another party. Insurance is an example of transference.C: Exploit response is one of the strategies to negate risks or threats that appear in a project. This strategy may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. Exploiting a risk event provides opportunities for positive impact on a project. Assigning more talented resources to the project to reduce the time to completion is an example of exploit response.D: Sharing happens through partnerships, joint ventures, and teaming agreements. Sharing response is where two or more entities share a positive risk. Teaming agreements are good example of sharing the reward that comes from the risk of the opportunity.