1. Right Answer: A,B
Explanation: leaders to determine which risk indicators will be monitored on a regular basis and be recognized as KRIs.Incorrect Answers:C, D: Chief financial officer and human resource only overview common risk view, but are not involved in risk based decisions.

2. Right Answer: B,C,D
Explanation: Creating a scenario requires determination of the value of an asset or a business process at risk and the potential threats and vulnerabilities that could cause loss.The risk scenario should be assessed for relevance and realism, and then entered into the risk register if found to be relevant.In practice following steps are involved in risk scenario development: First determine manageable set of scenarios, which include:- Frequently occurring scenarios in the industry or product area.- Scenarios representing threat sources that are increasing in count or severity level.- Scenarios involving legal and regulatory requirements applicable to the business. After determining manageable risk scenarios, perform a validation against the business objectives of the entity. Based on this validation, refine the selected scenarios and then detail them to a level in line with the criticality of the entity. Lower down the number of scenarios to a manageable set. Manageable does not signify a fixed number, but should be in line with the overall importance and criticality of the unit. Risk factors kept in a register so that they can be reevaluated in the next iteration and included for detailed analysis if they have become relevant at that time. Risk factors kept in a register so that they can be reevaluated in the next iteration and included for detailed analysis if they have become relevant at that time. Include an unspecified event in the scenarios, that is, address an incident not covered by other scenarios.Incorrect Answers:A: Cause-and-effect analysis is a predictive or diagnostic analytical tool used to explore the root causes or factors that contribute to positive or negative effects or outcomes. It is used during the process of exposing risk factors.

3. Right Answer: D
Explanation: The Communications Management Plan defines, in regard to risk management, who will be available to share information on risks and responses throughout the project.The Communications Management Plan aims to define the communication necessities for the project and how the information will be circulated. TheCommunications Management Plan sets the communication structure for the project. This structure provides guidance for communication throughout the project's life and is updated as communication needs change. The Communication Managements Plan identifies and defines the roles of persons concerned with the project. It includes a matrix known as the communication matrix to map the communication requirements of the project.Incorrect Answers:A: The Resource Management Plan does not define risk communications.B: The Risk Management Plan defines risk identification, analysis, response, and monitoring.C: The stakeholder management strategy does not address risk communications.

4. Right Answer: B
Explanation: Physical security is an example of non-technical control. It comes under the family of operational controls.Incorrect Answers:A, C, D: Intrusion detection system, access control, and encryption are the safeguards that are incorporated into computer hardware, software or firmware, hence they refer to as technical controls.

5. Right Answer: D
Explanation: Decision tree diagrams are used during the Quantitative risk analysis process and not in risk identification.Incorrect Answers:A, B, C: All the these options are diagrammatical techniques used in the Identify risks process.