Ucertify RMP QB

Question Bank - 1
Q1: John is the project manager of the HGT project. He has identified project risks and applied
appropriate response for its mitigation. He noticed a risk generated as a result of applying response.
What is this resulting risk known as?
A. Secondary risk
B. Pure risk
C. Response risk
D. High risk
Explanation: Answer option A is correct.
Secondary risk is a risk that is generated as the result of risk response. The secondary risk is an
outcome of dealing with the original risk. Secondary risks are not as rigorous or important as
primary risks, but can turn out to be so if not estimated and planned properly.
Answer option B is incorrect. Pure risk is a risk that has only a negative effect on the project.
Pure risks are activities that are dangerous to complete and manage such as construction,
electrical work, or manufacturing.
Answer options C and D are incorrect. These terms are not applied for the risk that is generated
as a result of risk response.
Lesson: Risk response
Q2: Beth is the project manager of the BFG project for her company. In this project, Beth has
decided to create a contingency response based on the performance of the project schedule. If the
project schedule variance is greater than $10,000, the contingency plan will be implemented.
What is the formula for the schedule variance?
A. SV=PV-EV
B. SV=EV-PV
C. SV=EV/AC
D. SV=EV/PV
Explanation: Answer option B is correct.
The schedule variance is found by subtracting the planned value from the earned value.
Schedule variance (SV) is an earned-value technique used for measuring project schedule
performance. The variance signifies that the schedule is ahead or behind what was planned at a
given time and is calculated by the following formula:
SV = Earned value (EV) – Planned value (PV)
If the resulting value is negative, it indicates that the project is behind schedule. A value greater
than 0 shows that the project is ahead of the planned schedule. A value of 0 indicates that the
project is on schedule.
Answer option D is incorrect. EV/PV is the formula for the schedule performance index.
Answer option C is incorrect. EV/AC is the formula for the cost performance index.
Answer option A is incorrect. This is not a valid earned value management formula.
Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Lesson: Risk monitoring and control
Q3: Which of the following techniques are used for the schedule risk analysis and cost analysis?
Each correct answer represents a complete solution. Choose all that apply.
A. Modeling
B. Expert judgment
C. Probability distribution
D. Simulation
Explanation: Answer options A and D are correct.
Modeling and simulation techniques are used for schedule risk analysis and cost analysis. The
modeling technique permits a user to translate the potential risks at specific points in the project
into their impacts so that the user can determine how the project objectives are affected. The
simulation technique computes the project model using various inputs, such as cost or schedule
duration, for determining a probability distribution for the variable chosen. The monte carlo
analysis is an example of a simulation technique.
Answer option C is incorrect. The probability distribution includes normal, lognormal,

triangular, beta, and uniform distributions. These distributions are graphically displayed and
display both the probability and time or cost elements.
Triangular distributions use estimates based on the three-point estimate. Normal and lognormal
distributions use mean and standard deviations for quantifying risk, which also need gathering
the optimistic, most likely, and pessimistic estimates. The discrete distribution represents
possible scenarios in a decision tree, outcomes of a test, results of a prototype, and other
uncertain events.
Answer option B is incorrect. It is required to categorize the probability and impact of each risk
to determine its location in the matrix.

Lesson: Risk analysis
Q4: Which of the following statements are true about risk analysis?
A. It is a procedure to identify threats and vulnerabilities, analyze them for ascertaining the
exposures, and highlighting how the impact can be eliminated or reduced.
B. It is the identification, assessment, and prioritization of risks followed by coordinated and
economical application of resources.
C. It is a method or a technique that can be used to identify and assess factors that may hinder the
successful completion of a project or the achievement of a goal.
D. It is also known as Project Impact Analysis or PIA.
Explanation: Answer options C, D, and A are correct.
Risk analysis is a method or a technique that can be used to identify and assess factors that may
hinder the successful completion of a project or the achievement of a goal. It is also known as
Project Impact Analysis or PIA. Risk analysis can also be used to determine business needs to
start a project. It is a procedure to identify threats and vulnerabilities, analyze them for
ascertaining the exposures, and highlighting how the impact can be eliminated or reduced.
Answer option B is incorrect. Risk management is the identification, assessment, and

prioritization of risks followed by coordinated and economical application of resources.
Reference: "A Guide to the Project Management Body of Knowledge, (PMBOK Guide)"
Q5: Which of the following helps in prioritizing the response plan efforts to eliminate (or
minimize) the impact of the threats and capitalize on the opportunities?
A. Probability of achieving cost and time objectives

B. Prioritized list of quantified risks
C. Trends in quantitative risk analysis results
D. Probabilistic analysis of the project
The output of the perform quantitative risk analysis process is risk register updates. The risk
register is updated to take account of a quantitative risk report detailing quantitative approaches
and outputs. Updates include the following important elements:
 Probabilistic analysis of the project: This contains the estimates of the project schedule
and cost with a confidence level attached to each estimate.
 Probability of achieving cost and time objectives: Factoring in the project risks, the
probability of meeting project objectives can be estimated.
 Prioritized list of quantified risks: This helps in prioritizing the response plan efforts to
eliminate (or minimize) the impact of the threats and capitalize on the opportunities.
 Trends in quantitative risk analysis results: A trend for specific risks can be
recognized by repeating the analysis several times and by examining the results.

Q6: Risk data quality assessment tool and technique evaluates the data for which of the
following?
A. Accuracy
B. Reliability
C. Integrity
D. Quality
E. Accessibility
Explanation: Answer options A, B, C, and D are correct.
Risk data quality assessment tool and technique checks that the data is accurate and unbiased. It
involves determining the usefulness of the data gathered to evaluate risk. Specifically, it
evaluates the data for the following:
 Accuracy
 Reliability
 Integrity
 Quality
Reference: PMI Risk Management Professional (PMI-RMP) Exam Preparation Courseware,

Contents: "Risk analysis"
Q7: Holly is the project manager of the GHH project. During risk identification and the
subsequent risk analysis process, she has identified a risk with a high probability and high impact
for her project. She and the stakeholder agree that the project management plan should be
changed to eliminate the risk threat entirely. What risk response has Holly used in this instance?
A. This is the risk mitigation response.
B. This is the transference risk response.
C. This is the avoidance risk response.
D. This is a scope change and not a risk response.
Explanation: Answer option C is correct.
Risk avoidance changes the project management plan to eliminate the risk threat.
Risk avoidance is a technique used for threats. It creates changes to the project management plan
that are meant to either eliminate the risk completely or to protect the project objectives from its
impact. Risk avoidance removes the risk event entirely either by adding additional steps to avoid
the event or reducing the project scope requirements. It may seem the answer to all possible
risks, but avoiding risks also means losing out on the potential gains that accepting (retaining)
the risk might have allowed.
Answer option D is incorrect. While the scope may be changed, in some instances, the scope
does not always have to change to use the avoidance risk response.
Answer option B is incorrect. Transference happens when the risk is not eliminated but
transferred to someone else often for a fee.
Answer option A is incorrect. Risk mitigation does not remove the risk; it lowers the risk
probability and impact.

Q8: You are the project manager of the NHK project. Management wants to know how often
your risk identification process will occur during the project. Considering that your project is
scheduled to last one year and involves five distinct phases, how often should risk identification
take place?
A. Monthly
B. Once per project life cycle phase
C. Quarterly
D. Vary depending on the situations within the project
Explanation: Answer option D is correct.
Risk identification is an ongoing, iterative process. Its frequency is determined by situations

within the project.
Answer options C, B, and A are incorrect. These are not the best answers for this question, as the
identify risks process varies depending on the situations within the project.

Lesson: Risk identification
Q9: Ben is the project manager of the YHT project for his company. Alice, one of his team
members, is confused about when project risks will happen in the project. Which one of the
following statements is the most accurate about when project risk happens?
A. Project risk is uncertain, so no one can predict when the event will happen.
B. Project risk can happen at any moment.
C. Project risk is always in the future.
D. Project risk happens throughout the project execution.
Project risk is always in the future - that's the point of planning for project risk events.
Answer option B is incorrect. Risks are associated with events and activities in the project and do
not occur at random intervals.
Answer option A is incorrect. You can predict when risk events are likely to happen based on
conditions within the project.
Answer option D is incorrect. Risks do not always happen during project execution - risk events
can come from outside the project and are not caused by team-generated activities.

Lesson: Project and risk management framework
Q10: You are the project manager of the QSL project for your organization. You are working
with your project team and several key stakeholders to create a diagram that shows how various
elements of a system interrelate and the mechanism of causation within the system. What
diagramming technique are you using as a part of the identify risks process?
A. Predecessor and successor diagramming

B. Influence diagrams
C. System or process flowcharts
D. Cause-and-effect diagrams
In this example, you are using a system or process flowchart. These can help identify risks within
the process flow, such as bottlenecks or redundancy.
Answer option D is incorrect. A cause-and-effect diagram, also known as an Ishikawa or

fishbone diagram, can reveal causal factors to the effect to be solved.
Answer option B is incorrect. An influence diagram shows causal influences, time ordering of
events, and relationships among variables and outcomes.
Answer option A is incorrect. Predecessor and successor diagramming is not a valid risk
identification term.

Q11: Jerry works as a project manager for uCertify Inc. He and his team are prioritizing the risks
for further quantitative analysis based on the risk rating. Which of the following tools and
techniques of the qualitative risk analysis process should Jerry use to rate the risks as low,
moderate, or high priority?
A. Probability and impact matrix

B. Risk probability and impact assessment
C. Risk data quality assessment
D. Risk categorization
The tools and techniques for qualitative risk analysis process are as follows:
 Risk probability and impact assessment: Risk probability assessment investigates the
chances of a particular risk to occur. Risk impact assessment investigates the possible
effects on the project objectives such as cost, quality, schedule, or performance, including
positive opportunities and negative threats.
 Probability and impact matrix: Estimation of risk's consequence and priority for
awareness is conducted by using a look-up table or the probability and impact matrix.
This matrix specifies the mixture of probability and impact that directs to rating the risks
as low, moderate, or high priority.
 Risk data quality assessment: Investigation of quality of risk data is a technique to
calculate the degree to which the data about risks are useful for risk management.
 Risk categorization: Risks to the projects can be categorized by sources of risk, the area
of project affected and other valuable types to decide the areas of the project most
exposed to the effects of uncertainty.
 Risk urgency assessment: Risks that requires near-term responses are considered more
urgent to address.
 Expert judgment: It is required to categorize the probability and impact of each risk to
determine its location in the matrix.
Q12: You are the project manager of the BlueStar project in your company. Your company is
structured as a functional organization and you report to the functional manager that you are
ready to move onto the qualitative risk analysis process. What will you need as inputs for
qualitative risk analysis of the project in this scenario?
A. You will need the risk register, risk management plan, permission from the functional
manager, and any relevant organizational process assets.
B. You will need the risk register, risk management plan, outputs of qualitative risk analysis,
and any relevant organizational process assets.
C. You will need the risk register, risk management plan, scope baseline, and any relevant
organizational process assets.
D. Qualitative risk analysis does not happen through the project manager in a functional
structure.
Qualitative risk analysis happens through the project manager regardless of the organizational
structure. Qualitative risk analysis uses the likelihood and impact of the identified risks in a fast
and cost-effective manner. Qualitative risk analysis establishes a basis for a focused quantitative
analysis or risk response plan by evaluating the precedence of risks with a concern to impact on
the project's scope, cost, schedule, and quality objectives. Qualitative risk analysis is conducted
at any point in a project life cycle. The primary goal of qualitative risk analysis is to determine
proportion of effect and theoretical response.
Answer options D, B, and A are incorrect. These are not valid answers for qualitative risk
analysis.

Q13: Which of the following is an expression of the total budget for the project?
A. PV
B. AC
C. BAC
D. EV
The key terms that should be understood to calculate earned value technique are as follows:
 Earned value (EV): It is the value of work performed.
 Planned value (PV): It is the amount of budget planned to be used at a given point in the
project.
 Actual cost (AC): It is the actual cost of the project to date.
 Budget at completion (BAC): It is an expression of the total budget for the project.

Q14: What is the project life cycle?
A. It is the alignment of project objectives with the strategy of the larger organization by the
project sponsor and project team.
B. It is the expected duration of a project.
C. It is a series of phases that a project passes through from its initiation to its closure.
D. It is a series of phases that represent the evolution of a product, from concept through delivery,
growth, maturity, and to retirement.
A project life cycle is a series of phases that a project passes through from its initiation to its
closure.
Answer option A is incorrect. Project governance is the alignment of project objectives with the
strategy of the larger organization by the project sponsor and project team.
Answer option D is incorrect. A product life cycle is a series of phases that represent the
evolution of a product, from concept through delivery, growth, maturity, and to retirement.
Answer option B is incorrect. The expected duration of the project is simply the project schedule.
Reference: The Project Management Body of Knowledge, Fifth edition, Section 2.4, Page 38
Q15: Which of the following risk response strategies for positive risks raises the probability of
an opportunity to take place by focusing on the trigger conditions of the opportunity and
optimizing the chances?
A. Share
B. Enhance
C. Accept
D. Exploit
The risk response strategies for positive risks are as follows:
 Exploit: This strategy is preferred for risks with positive impacts where the organization
desires to make sure that the opportunity is realized.
 Share: This strategy deals with sharing of responsibility and accountability with others to
facilitate the team with the best chance of seizing the opportunity.
 Enhance: This strategy raises the probability of an opportunity to take place by focusing
on the trigger conditions of the opportunity and optimizing the chances.
 Accept: This strategy delineates that the project plan will not be changed to deal with the
risk. Management may develop a contingency plan if the risk does occur. It is used for
both negative and positive risks.

Q16: You work as a project manager for BlueWell Inc. You have to communicate the causes of
risk events to stakeholders. Which risk diagramming technique will you use to accomplish the
task?
A. Process flow charts

B. Ishikawa diagrams
C. Project network diagrams
D. Influence diagrams
An Ishikawa diagram, also known as a cause-and-effect chart or a fishbone diagram, can help
identify root causes of risk events. The Ishikawa diagram displays causes of a certain event. A
common use of this diagram is to identify causal factors that result in an overall effect and their
root causes. It is sometimes called a fishbone diagram because of its resemblance to a fish
skeleton.
Answer option A is incorrect; process flow charts show how various elements of a system
interrelate.
Answer option D is incorrect; an influence diagram shows causal influences, time order of
events, and other relationships among project variables.
Answer option C is incorrect; a project network diagram identifies the flow of project work,
predecessor and successor activities, and the critical path.

Q17: The decision tree analysis is a risk analysis tool that can help the project manager
determine the best risk response. Which of the following nodes in a decision tree represents the
possible uncertain outcomes of a risky decision, with at least two nodes to illustrate the positive
and negative range of events?
A. End
B. Root
C. Event
D. Decision
Each point within a decision tree is a node and these are as follows:
 Root node: It is a starting node in the decision tree.

 Event node: It represents the possible uncertain outcomes of a risky decision, with at
least two nodes to illustrate the positive and negative range of events. Probabilities are
always attached to the branches of event nodes.
 Decision node: It represents the choice available to the decision maker, usually between
a risky choice and its non-risky counterpart.
 End node: It represents the outcomes of risk and decisions.
Q18: Holly is the project manager of the NHQ project for her company. Her project sponsor,
Tracy, has requested that Thomas, the department manager from the risk management
department, work with Holly to determine the effectiveness of the risk responses. Tracy and
Thomas are concerned that some of the risks within Holly's project may not be addressed to
depth they would like. In this scenario, who is responsible for ensuring that risk audits are
performed at an appropriate frequency throughout the project?
A. Holly
B. The project team
C. Thomas
D. Tracy
The project manager has the responsibility to ensure that risk audits are performed throughout
the project.
Answer option D is incorrect. Tracy, the project sponsor, is not responsible for performing risk
audits.
Answer option C is incorrect. Thomas, the department manager, may have some influence over
the risk audits, but he is not the person that has the responsibility to ensure that risk audits are
performed throughout the project.
Answer option B is incorrect. The project team may help complete the risk audits, but they are
not responsible for completing the risk audits.

Q19: Which of the following is an estimate of the total cost for the project, utilizing current
project performance and work that still needs to be completed?
A. EAC
B. SV
C. SPI
D. CPI
Estimate at completion (EAC) is an estimate of the total cost for the project, utilizing current
project performance and work that still needs to be completed. The formula used to calculate this
estimate is as follows:
EAC = Actual cost (AC) + Estimate to completion (ETC)
Answer option D is incorrect. It is used to calculate performance efficiencies.
Answer option C is incorrect. It is a measure of schedule efficiency on a project.
Answer option B is incorrect. It is a measure of schedule performance on a project.

Q20: Gary is the project manager for his organization. He is managing a project that is similar to
a project his organization completed recently. Gary has decided that he will use the information
from the past project to help him and the project team to identify risks that may be present in the
project. Management agrees that this checklist approach is ideal and will save time in the project.
Which of the following statements is most accurate about the limitations of the checklist analysis
approach for Gary?
A. The checklist analysis approach saves time, but can cost more.
B. The checklist analysis approach is fast, but it is impossible to build an exhaustive checklist.
C. The checklist is also known as top down risk assessment.
D. The checklist analysis approach only uses qualitative analysis.
A checklist can be quick and simple, but it is impossible to build an exhaustive one for each
project.
Answer options D, A, and C are incorrect. These are not valid statements about the checklist
approach.

Q21: Della works as a project manager for Tech Perfect Inc. She is studying the documentation
of planning of a project. The documentation states that there are twenty-eight stakeholders with
the project. What will be the number of communication channels for the project?
A. 250
B. 378
C. 28
D. 300
According to the question, the project has twenty-eight stakeholders. Communication channels
are paths of communication with stakeholders in a project. The number of communication
channels shows the complexity of a project's communication and can be derived through the
formula shown below:
Total Number of Communication Channels = n (n-1) / 2
where, n is the number of stakeholders. Hence, a project having five stakeholders will have ten
communication channels. Putting the value of the number of stakeholders in the formula will
provide the number of communication channels:
Number of communication channel = (n (n-1)) / 2

= (28 (28-1)) / 2
= (28 x 27) / 2
= 756 / 2
= 378
Project stakeholders
Project stakeholders are those entities within or without an organization, which:
 Sponsor a project or,

 Have an interest or a gain upon a successful completion of a project.
Examples of project stakeholders include the customer, the user group, the project manager, the
development team, the testers, etc. A stakeholder is anyone who has an interest in the project.
Project stakeholders are individuals and organizations that are actively involved in the project, or
whose interests may be affected as a result of project execution or project completion. They may
also exert influence over the project's objectives and outcomes. The project management team
must identify the stakeholders, determine their requirements and expectations, and to the extent
possible manage their influence in relation to the requirements to ensure a successful project.
Lesson: Stakeholder communication and engagement
Q22: There are four inputs to the risk-control process. For the project you're currently managing,
which of these choices will not help you prepare for risk monitoring and control?
A. Risk management plan

B. Change requests
C. Work Performance data
D. Risk register
Change requests aren't one of the four inputs to the risk-control process. The four inputs are a
risk register, a risk management plan, work performance data, and work performance reports.
Answer options D, A, and C are incorrect because they're all valid risk-control inputs.

Q23: You're preparing to complete quantitative risk analysis with your project team and several
subject matter experts. You gather necessary inputs, including the project's cost management
plan. Why is it necessary to include your project's cost management plan in preparation for
quantitative risk analysis?
A. The project's cost management plan provides control that might help determine a structure for
quantitative analysis of the budget.
B. The project's cost management plan provides direction on how costs might be changed because
of identified risks.
C. The project's cost management plan is not an input in the quantitative risk analysis process.
D. The project's cost management plan can help you determine the allowable total project cost.
The cost management plan is an input in the quantitative risk analysis process because of the cost
management control it provides.
The cost management plan sets how project costs are managed during its life cycle. It defines a
format and principles by which project costs are measured, reported, and controlled. The cost
management plan identifies the person responsible for managing costs, those with the authority
to approve changes to the project or its budget, and how cost performance is quantitatively
calculated and reported upon.
Answer option C is incorrect because it's not a valid statement. The cost management plan is an
input in the quantitative risk analysis process.
Answer option D is incorrect because the cost management plan defines how project cost is
estimated, budgeted, and controlled.
Answer option B is incorrect because, although the cost management plan defines a cost change
control system, it's not the best answer to this question.

Q24: You are the project manager of the GGK project for your company. The GGK project has a
budget of $1,265,100 and is currently 40 percent complete. In this project, you elected to add
labor to the project to increase the likelihood of completing the project early as the project was
only scheduled to be 35 percent complete at this time. This positive risk response, while keeping
the project ahead of schedule, has added significant costs to the project. You have already spent
$575,000 to reach this point in the project. Management would like to know what your cost
performance index and the schedule performance index is for this project. What are these values?
A. The CPI is .88 and the SPI is 1.14.

B. The CPI is 1.14 and the SPI is .88.
C. The CPI is .88 and the SPI is zero.
D. The CPI is -$68,960 and the SPI is $63,255.
The cost performance index can be found by dividing the earned value by the actual costs. The
schedule performance index can be found by dividing the earned value by the planned value. In
this example, the schedule is doing well, but the costs are significant. Here, it is
CPI = EV/AC
= (0.40*1,265,100)/575,000
= 506040/575,000
= 0.88
SPI = EV/PV
= (0.40*1,265,100)/(0.35*1,265,100)
= 506040/442785
= 1.14
Answer option D is incorrect. These values are the costs and schedule variances.
Answer option B is incorrect. These values are reversed from the costs and schedule
performance indexes.
Answer option C is incorrect. The CPI value is .88, but the SPI is significantly greater than zero
at 1.14.

Q25: Which of the following processes included in risk management decides how risk
management activities for the project at hand will be performed?
A. Plan risk management

B. Identify risks
C. Perform qualitative risk analysis
D. Plan risk responses
The following are the processes included in risk management:
 Plan risk management: This process decides how risk management activities for the
project at hand will be performed.
 Identify risks: This process identifies and documents risks that might occur for a given
project.
 Perform qualitative risk analysis: This process estimates the overall probability for
risks to occur and their impact and prioritizes them accordingly for further analysis.
 Perform quantitative risk analysis: This process analyzes numerically the effect of
identified risks on meeting the project objectives.
 Plan risk responses: This process prepares a risk response plan for increasing the
positive impact and decreasing the negative impact of risks on the project.
 Control risks: This process tracks identified risks, identifies new risks, executes risk
response plans, and evaluates the effectiveness of executing responses throughout the
lifecycle of the project.

Lesson: Risk management planning
Q26: Your project's key stakeholders want you to create a visual diagram of resources that will
be utilized in the project deliverables. What type of a chart are you being asked to create?
A. Resource breakdown structure
B. RACI chart
C. Roles and responsibility matrix
D. Work breakdown structure
Explanation: Answer A is correct.
A resource breakdown structure is a visual diagram depicting the resources that will be used
within the project.
Answer D is incorrect. The work breakdown structure is a visual diagram of the project
deliverables the project will create.
Answer C is incorrect. The roles and responsibility matrix maps roles to the project assignments.
Answer B is incorrect. A RACI chart is a responsibility assignment matrix that uses the legend of
responsible, accountable, consult, and inform.
Reference: The Project Management Body of Knowledge, Fifth edition, Section 6.6.1.11, Page
175
Q27: Which of the following parameters influences the prioritization of the risk responses and
development of the risk response plan?
A. Effectiveness of the response

B. Importance of the risk
C. Time required to mitigate risk
D. Cost of the response to reduce risk within tolerance levels
Explanation: Answer options D, A, and B are correct.
Risk response selection depends on several parameters that are described below:
 Cost of response: The cost of response is applied so as to reduce risk within tolerance
levels is one of the most important parameter. For example, if the risk transfer response is
applied by using insurance, then cost would be the cost of insurance.
 Importance of risk: The importance of the risk is determined by the combination of
likelihood and magnitude levels along with its position on the risk map.
 Capability to implement response: The enterprise's capability to implement the
response means that if the risk management process is mature then the risk response is
more sophisticated, and if it is not then risk response should be very basic.
 Effectiveness of response: The extent to which the response will reduce the likelihood
and/or the impact of the risk.
 Efficiency of response: The relative benefits promised compared to quick win, business
case to be made, and deferral.
Answer option C is incorrect. Time required to mitigate risk does not influence the prioritization
of the risk and development of the risk response plan. It affects the scheduled time of the project.
Q28: Which of the following risk responses delineates that the project plan will not be changed
to deal with the risk?
A. Acceptance
B. Transference
C. Mitigation
D. Exploitation
Acceptance response is a part of risk response planning. Acceptance response indicates that the
project plan will not be changed to deal with the risk. Management may develop a contingency
plan if the risk does occur. Acceptance response to a risk event is a strategy that can be used for
risks that pose either threats or opportunities. Acceptance response can be one of two types:
 Passive acceptance: A strategy in which no plans are made to avoid or mitigate the risk.
 Active acceptance: These responses include developing contingency reserves to deal
with risks in case they occur.
Acceptance is the only response to both threats and opportunities.
Answer option C is incorrect. Mitigation is a risk response planning technique associated with
threats. It seeks to reduce the probability of occurrence or impact of a risk below an acceptable
threshold.
Answer option D is incorrect. Exploitation is a strategy that may be selected for risks with
positive impacts where the organization wishes to ensure that the opportunity is realized.
Answer option B is incorrect. When you hire a third party to own the risk, it is known as
transference risk response.
Q29: Which of the following acts as a trigger for the risk response process?
A. Risk level increases above risk tolerance

B. Risk level equates risk appetite
C. Risk level increases above risk appetite
D. Risk level equates risk tolerance
The risk response process is triggered when a risk exceeds the enterprise's risk tolerance level.
Answer options B and C are incorrect. Risk appetite level is not relevant in triggering of risk
response process.
Answer option D is incorrect. The risk response process is triggered when the risk level increases
the risk tolerance level of the enterprise, and not when it just equates the risk tolerance level.
Q30: What are the requirements of monitoring risk?
A. Defining the project's scope

B. Information of various stakeholders
C. Identifying the risk to be monitored
D. Preparation of detailed monitoring plan
It is important to first understand the risk to be monitored, prepare a detailed plan, and define the
project's scope for monitoring risk. In the case of a monitoring project, this step should involve
process owners, data owners, system custodians, and other process stakeholders.
Answer option B is incorrect. Data regarding stakeholders of the project is not required in any
phase of risk monitoring.
Q31: You are the project manager of the NHQ project for your company. You are discussing
some of the project issues that need to be resolved in the project. You and the project
stakeholders come to an agreement about the risk issues and how they will be resolved. Where
should you document this information for issue resolution?
A. Risk response plan

B. Project management plan for execution
C. Lessons learned documentation
D. Issue log
The issue log records all information, including resolution, of project issues.
An issue log is used to record all the issues within a project. It helps to monitor the types of
issues and follow the procedures taken to determine them. The issue log reduces the impact that
issues have on the project and hence increases the chances of success. The issue log provides
different ways to help the project manager. The purpose of the issue log is as follows:
 It gives priority to each issue raised.

 It analyzes the impact that the issue is having on the project.
 It tracks the actions taken to resolve the issue.
 It tracks the outcome of the actions taken.
The issues must be clearly declared and classified based on necessity and the probable impact.
Unresolved issues are an important basis for conflict and project delays.
Answer option C is incorrect. Information that you have learned about the project and the
experience should be documented in the lessons learned documentation, but this is not the best
choice for this question.
Answer option B is incorrect. Issue resolution is not documented in the project management
plan, but specifically in the issues log.
Answer option A is incorrect. The risk response plan identifies the expected risk responses, not
the reactions to issues.

Q32: Which of the following techniques is a graphical representation of situations that displays
relationships among various variables and outcomes, such as causal influences and time ordering
of events?
A. System or process flow chart diagram

B. Cause-and-effect diagram
C. Analysis diagram
D. Influence diagram
Diagramming techniques use diagrams for identifying risks by exposing and exploring the risks
causes. The following are some diagramming techniques:
 Cause and effect diagram: This technique illustrates how various factors (causes) can
be linked to potential problems (effects). It is also known as fishbone diagrams or
Ishikawa diagram.
 System or process flow chart: This shows the logical steps needed to accomplish an
objective, how the elements of a system relate to each other, and what actions cause what
responses.
 Influence diagram: This technique is a graphical representation of situations that display
relationships among various variables and outcomes, such as causal influences and time
ordering of events.
Answer option C is incorrect. This is an invalid option.

Q33: John works as a project manager for uCertify Inc. He's preparing to examine and document
the effectiveness of the risk management processes in the project. Which of the following tools
and techniques is John using?
A. Risk assessment
B. Technical performance measurement
C. Variance analysis
D. Risk audit
John is using risk audit, which is a method to test the overall risk management process and the
planned risk responses. It is a way of examining and documenting the effectiveness of the risk
management processes, as well as the effectiveness of the risk responses developed to deal with
risks. Risk audits are carried out during the entire project life by risk auditors.
Answer option A is incorrect. Risk assessment is used to analyze the value of assets to the
business, identify threats to those assets, and evaluate how vulnerable each asset is to those
threats. Risk assessment can be quantitative or qualitative.
Answer option C is incorrect. Variance analysis is used to gauge how closely a project adheres to
the scope, time, and cost estimates made during the planning phase.
Answer option B is incorrect. Technical performance measurement compares actual versus

planned parameters related to the overall project's technical progress.

Contents: "Risk monitoring and control"
Q34: Which of the following includes data collection based on the checklists and their related
questions, in addition to evaluation of results?
A. ETA
B. CCA
C. SMORT
D. OCTAVE
SMORT (safety management organization review technique) includes data collection based on
the checklists and their related questions, in addition to evaluation of results. This technique is a
simplified modification of MORT and is structured by means of analysis levels with associated
checklists.
Answer option D is incorrect. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability
Evaluation) is a strategic assessment based on the risk identified. It is also used as a planning
technique for security.
Answer option B is incorrect. CCA (cause-consequence analysis) identifies chains of events that
can result in undesirable consequences.
Answer option A is incorrect. ETA (event-tree analysis) is a logical method of analyzing how
and why a disaster could occur.

Q35: Which of the following techniques is used when there are multiple possible outcomes with
different threats or opportunities with certain probabilities assigned to them?
A. Sensitivity analysis
B. Expected monetary value
C. Decision tree analysis
D. Pareto chart
The decision tree analysis is used when there are multiple possible outcomes with different
threats or opportunities with certain probabilities assigned to them.
Answer option A is incorrect. It is used to determine which risk has the greatest impact on the
project.
Answer option B is incorrect. It is used to calculate the expected value of an outcome when
different possible scenarios exist for different values of the outcome with some probabilities
assigned to them.
Answer option D is incorrect. It helps identify the leading problems in a situation.

Q36: Which of the following statements are true regarding the risk management plan?
A. The risk management plan is an output of the plan risk management process.
B. The risk management plan includes a description of the risk responses and triggers.
C. The risk management plan includes thresholds, scoring and interpretation methods, responsible
parties, and budgets.
D. The risk management plan is an input to all the remaining risk-planning processes.
Explanation: Answer options A, C, and D are correct.
All these statements are true for the risk management plan. The risk management plan details
how risk management processes will be implemented, monitored, and controlled throughout the
life of the project. It includes thresholds, scoring and interpretation methods, responsible parties,
and budgets. It also acts as input to all the remaining risk-planning processes.
Answer option B is incorrect. The risk management plan details how risk management processes
will be implemented, monitored, and controlled throughout the life of the project. The risk
management plan does not include responses to risks or triggers. Responses to risks are
documented in the risk register as part of the plan risk responses process.
Q37: You are the project manager for your organization. Management has asked you to
determine which resources in the organization would work best on your project. Your project
will need resources from around the organization, and the management strongly supports your
ability to recruit project team members for this high-profile project. While the project team
members may be on other projects, your project will take precedence on scheduling issues. What
type of organizational structure are you operating within?
Functional
Strong matrix
Matrix
Projectized
This is an example of a strong matrix, as management is strongly supporting your lead in

recruiting project team members.
Answer option C is incorrect. This option is tempting, but a matrix is too generic of a choice, as
there are three options: weak, balanced, and strong matrix.
Answer option A is incorrect. Functional organizations do not recruit employees from across the
organizations but use only resources in one department.
Answer option D is incorrect. Project team members in a projectized organizational structure are
on one project at a time. The question reveals that the project team members may be on multiple
projects at once.
Reference: The Project Management Body of Knowledge, Fifth edition, Section 2.1.3, Page 21
Q38: You work as a project manager for TechSoft Inc. You are preparing to plan risk responses
for your project with your project team. How many risk responses are available for a positive
risk event in the project?
A. Four
B. Three
C. One
D. Seven
There are four risk responses available for a positive risk event. The risk response strategies for
positive risks are as follows:
Answer option C is incorrect. There are four responses for positive risk events.
Answer option B is incorrect. There are four, not three, responses for positive risk events. Do not
forget that acceptance can be used for both positive and negative risk events.
Answer option D is incorrect. There are a total of seven risk responses, four of which can be used
for positive risk events.

Q39: Adrian is a project manager for a new project using a technology that has recently been
released and there's relatively little information about the technology. Initial testing of the
technology makes the use of it look promising, but there's still uncertainty as to the longevity and
reliability of the technology. Adrian wants to consider the technology factors a risk for her
project. Where should she document the risks associated with this technology so that she can
track the risk status and responses?
A. Risk register
B. Project charter
C. Risk low-level watchlist
D. Project scope statement
A risk register is a document that contains results of qualitative and quantitative risk analyses
and risk response planning. Description, category, cause, probability of occurrence, impact on
objectives, proposed responses, owner, and current status of all identified risks are entered in the
risk register. The risk register contains the following elements:
 List of identified risks

 List of potential responses
The risk register also often contains warning signs or triggers, although they aren't listed as an
official part of the register. It records the initial risks, the potential responses, and tracks the
status of each identified risk in the project.
Answer B is incorrect. The project charter does not define risks.
Answer D is incorrect. The project scope statement documents initially defined risks, but it is not
a place that records risks responses and status of risks.
Answer C is incorrect. The risk low-level watchlist is for identified risks that have low impact
and low probability in the project.
Reference: "The Project Management Body of Knowledge, Fifth edition, Section 11.2.3.1, Page
327"
Q40: John works as a project manager for BlueWell Inc. He is determining which risks can
affect the project he is working on. Which of the following inputs of the identify risks process is
useful in identifying risks associated with the time allowances for the activities or projects as a
whole?
A. Schedule management plan

B. Risk management plan
C. Activity cost estimates
D. Activity duration estimates
The activity duration estimates review is valuable in identifying risks associated with the time
allowances for the activities or projects as a whole, with a width of the range indicating the
degrees of risk.
Answer option C is incorrect. The activity cost estimates review is valuable in identifying risks,
as it provides a quantitative assessment of the expected cost to complete scheduled activities and
is expressed as a range, with a width of the range indicating the degrees of risk.
Answer option A is incorrect. It describes how the schedule contingencies will be reported and
assessed.
Answer option B is incorrect. A risk management plan is a document arranged by a project

manager to estimate project effectiveness, predict risks, and build response plans to mitigate
them. It also consists of a risk assessment matrix.
Risks are built-in with any project, and project managers evaluate them repeatedly and build
plans to address them. The risk management plan consists of analysis of possible risks of both
high and low impact, and mitigation strategies to facilitate project and avoid its derailment. Risk
management plans should be reviewed by the project team in a timely manner to avoid the
analysis becoming "stale" and not reflective of actual potential project risks. Most critically, risk
management plans include a risk strategy for project execution.

Q41: Frank is the project manager of the NHH project. He is working with the project team to
create a plan to document the procedures to manage risks throughout the project. This document
will define how risks will be identified and quantified. It will also define how contingency plans
will be implemented by the project team. What document are Frank and the NHH project team
creating in this scenario?
A. Project plan
B. Resource management plan
C. Risk management plan
D. Project management plan
The risk management plan, part of the comprehensive management plan, defines how risks will
be identified, analyzed, monitored and controlled, and even responded to.
A risk management plan is a document arranged by a project manager to estimate project

effectiveness, predict risks, and build response plans to mitigate them. It also consists of a risk
assessment matrix.
Answer option D is incorrect. The project management plan is a comprehensive plan that
communicates the intent of the project for all project management knowledge areas.
Answer option A is incorrect. The project plan is not an official PMBOK project management
plan.
Answer option B is incorrect. The resource management plan defines the management of project
resources, such as project team members, facilities, equipment, and contractors.
Q42: Tracy is the project manager of the NLT project for her company. The NLT project is
scheduled to last 14 months and has a budget at completion of $4,555,000. Tracy's organization
will receive a bonus of $80,000 per day that the project is completed early up to $800,000. Tracy
realizes that there are several opportunities within the project to save on time by crashing the
project work. Crashing the project is what type of risk response?
A. Exploit
B. Enhance
C. Mitigation
D. Transference
Crashing the project enhances opportunities for the project to finish early. By crashing the
project, there's no guarantee that the project will complete early, but the odds of completing early
is improved by the addition of labor.
Risk enhancement raises the probability of an opportunity to take place by focusing on the
trigger conditions of the opportunity and optimizing the chances. Identifying and maximizing
input drivers of these positive-impact risks may raise the probability of their occurrence.
Answer option D is incorrect. Transference is a negative risk response that transfers the risk to a
third party.
Answer option C is incorrect. Mitigation is a negative risk response that aims to lower the
probability and/or impact of the risk event.
Answer option A is incorrect. Exploiting the project risk is a positive risk response but it aims to
ensure that the opportunity is realized.

Q43: Donna is the project manager of the QSD project and she believes Risk Event D in the
following figure is likely to happen.
If this event does happen, how much will Donna have left in the risk contingency reserve if none
of the other risk events have happened?
A. $35,000
B. $6,700
C. $41,700
D. $14,000
To answer this question, you'll first need to calculate the contingency reserve. Contingency
reserves are estimated costs to be used at the discretion of the project manager to deal with
anticipated, but not certain, events. These events are "known unknowns" and are part of the
project scope and cost baselines. The contingency reserve is calculated by multiplying the
probability and the impact for the risk event value for each risk event. The sum of the risk events
equals the contingency reserve for the project. The sum of the risk events equals the contingency
reserve for the project. In this question,
Risk contingency fund

=(0.60*12,000)+(0.15*45,000)+(0.35*15,000)+(0.40*35,000)+(0.50*17,000)
= 7200 + 6750 + 5250 + 14000 + 8500
= 41,700
If Risk D happens, it'll cost the project $35,000. The difference of $35,000 and $41,700 is
$6,700.
Answer option A is incorrect. This is the impact of Risk Event D.
Answer option D is incorrect. $14,000 is the risk event value of Risk Event D.
Answer option C is incorrect. $41,700 is the amount of the contingency reserve.
206
Q44: Diane is the project manager of the HGF project. A risk that has been identified and
analyzed in the project planning processes is now coming to fruition. Which individual should
respond to the risk with the preplanned risk response?
A. Subject matter expert

B. Diane
C. Project sponsor
D. Risk owner
Explanation: Answer D is correct.
The risk owner is the individual on the project team who is closest to the risk event. The risk
owner can be an individual or an organization responsible for implementing risk responses or
contingency plan. The risk owner should be empowered with the ability to respond to the risk as
it was planned.
Answer B is incorrect. Diane is the project manager and likely won't be the risk owner as well.
Answer C is incorrect. The project sponsor authorizes the project but does not participate in the
execution of the project.
Answer A is incorrect. While a subject matter expert may be the risk owner on some occasions,
he won't be the risk owner on every occasion.
Q45: Which of the following are diagramming techniques used within the identify risks process?
A. Herzberg
B. Influence
C. Fishbone
D. Ishikawa
Explanation: Answer options D, C, and B are correct.
Here are the diagramming techniques used within the identify risks process:
 lshikawa
 Fishbone
 Influence
Answer option A is incorrect because Herzberg is the name of a management theorist and is not
a diagramming technique.

Contents: "Risk identification"
Q46: Which of the following is an example of an intangible element in business value?
A. Brand recognition
B. Monetary asset
C. Fixture
D. Stockholder equity
Business value is defined as a concept that is unique to each organization. It is defined as the
entire value of the business; the total sum of all tangible and intangible elements. Examples of
tangible elements include monetary assets, fixtures, stockholder equity, and utility. Examples of
intangible elements include good will, brand recognition, public benefit, and trademarks.
Q47: Which of the following are used as inputs in creating the risk management plan?
A. Project charter
B. Organizational process assets
C. Project management plan
D. Work performance data
Explanation: Answer options C, A, and B are correct.
The following are the inputs to this process:
 Project management plan: It includes all of the subsidiary plans and baselines for the
project.
 Project charter: It provides various inputs, such as high-level risks, high-level project
descriptions, and high-level requirements.
 Stakeholder register: It includes all details related to the project's stakeholders and
provides an overview of their roles.
 Enterprise environmental factors: They include risk attitudes, thresholds, and
tolerances that describe the degree of risk that an organization withstand. Risk attitude
consists of three elements:
o Risk appetite: Risk appetite is the level of uncertainty the stakeholders are
willing to accept in exchange for the potential positive impacts of the risk.
o Risk tolerance: Risk tolerance is the degree, amount, or volume of risk that an
organization or individual will withstand.
o Risk threshold: Risk threshold is a measure of the level of uncertainty or impact
the organization is willing to operate within.
 Organizational process assets: They include risk categories, risk statement formats,
standard templates, roles and responsibilities, authority levels for decision-making,
lessons learned, and stakeholder registers.
The output of this process is risk management plan.

Q48: You are the project manager of the CUL project in your organization. You and the project
team are assessing the risk events and creating a probability and impact matrix for the identified
risks. Which one of the following statements best describes the requirements for the data type
used in qualitative risk analysis?
A. A qualitative risk analysis requires accurate and unbiased data if it is to be credible.

B. A qualitative risk analysis requires unbiased stakeholders with biased risk tolerances.
C. A qualitative risk analysis encourages biased data to reveal risk tolerances.
D. A qualitative risk analysis requires fast and simple data to complete the analysis.
Of all the choices, only this answer is accurate. The PMBOK clearly states that the data must be
accurate and unbiased to be credible.
Answer options D, C, and B are incorrect. These are not valid statements about the qualitative
risk analysis data.

Q49: Which of the following phases of risk response process implements the selected risk
response option as per the risk action plan?
A. Implement the risk action plan

B. Review risk analysis results
C. Select risk response
D. Prioritize the risk response option
There are various phases involved in the process of risk response:
 Review risk analysis results: Risk analysis is the process of identifying and prioritizing
risk levels according to risk scenarios and then making assessments based on the
likelihood and magnitude of the risk, taking into account potential business impact.
If the risk analysis result shows that the risk level exceeds the risk tolerance level, then
appropriate risk response is taken for its mitigation, otherwise no action is required.
 Select risk response: If the risk analysis result shows that the risk level exceeds the risk
tolerance level, weigh projected risk against the potential cost of implementing and
maintaining controls and then select the most appropriate response for its mitigation.
 Prioritize the risk response option: Select a risk response implementation strategy
according to the priorities for addressing risk, and developing the risk action plan.
 Implement the risk action plan: Implement the selected risk response option as per
according to the risk action plan.

Q50: John is the project manager of the XYZ project. He received a voicemail from his
hardware vendor saying that the delivery of the equipment he has ordered would not arrive on
time. He identified a risk response strategy for this risk and has arranged for a local company to
lease the needed equipment until it arrives. Which type of risk response is this?
A. Passive acceptance
B. Active acceptance
C. Avoid
D. Transfer
Risk acceptance is a risk response technique employed when the risk cannot be avoided or the
project team decides to accept the risk and its consequences. There are two alternatives to the
acceptance strategy, passive, and active.
 Passive acceptance means that enterprise has made no plan to avoid or mitigate the risk
but willing to accept the consequences of the risk.
 Active acceptance is the second strategy and might include developing contingency
plans and reserves to deal with risks.
Answer option D is incorrect. Risk transfer means that impact of risk is reduced by transferring
or otherwise sharing a portion of the risk with an external organization or another internal entity.
Answer option C is incorrect. Risk avoidance means to evade risk altogether, eliminate the cause
of the risk event, or change the project plan to protect the project objectives from the risk event.
Q51: You and your project team have identified the project risks and now are analyzing the
probability and impact of the risks. What type of analysis of the risks provides a quick and high-
level review of each identified risk event?
A. Quantitative risk analysis

B. Risk probability-impact matrix
C. Seven risk responses
D. Qualitative risk analysis
Qualitative risk analysis is a high-level, fast review of the risk event. Qualitative risk analysis
qualifies the risk events for additional analysis.
Perform Qualitative Risk Analysis

Perform qualitative risk analysis is the process of prioritizing risks for further analysis and
action. It combines risks and their probability of occurrences and ranks them accordingly. It
enables organizations to improve the project's performance by focusing on high-priority risks.
Perform qualitative risk analysis is usually a rapid and cost-effective means of establishing
priorities for plan risk responses. It also lays the foundation to perform quantitative risk analysis.
The Perform qualitative risk analysis process should be performed throughout the project. This
process is the one you'll find most often when prioritizing project risks because it's fast,
relatively easy to perform, and cost effective. The PMBOK Guide notes that you should identify
and manage the risk attitudes of those assisting with this process, and if bias is introduced, you
should evaluate it and correct it if necessary. It also notes that simply conducting the Perform
Qualitative Risk Analysis process and evaluating the impact and probability of risks can help to
keep bias at a minimal level.
Answer option A is incorrect. Quantitative risk analysis is an in-depth analysis of the risk events.
Answer option B is incorrect. Risk probability-impact matrix can be used in both qualitative and
quantitative risk analysis.
Answer option C is incorrect. There are seven risk responses in project management, but this
choice does not answer the question.
Q52: You are the project manager of uCertify Inc. You have been entrusted with a new project
to develop a machine which produces auto components. For this, you have arranged a planning
meeting with the project team and began issuing assignments to each team members. Which of
the following leadership styles are you using for the project?
A. Supporting
B. Delegating
C. Directing
D. Coaching
Directive is used when a team member needs to know the step-by-step procedures for the
problem. It involves the manager telling others what to do. It is the best used leadership style in
the beginning of a project when team members are not familiar with their assignments yet. As
the team members becomes more familiar with their work, the project manager is better to use
styles such as coaching, supporting, and facilitating.
Q53: John works as the project manager for BlueWell Inc. He needs to monitor the project
performance. For this, he wants to make a decision to change the project plan to eliminate a risk
in order to protect the project objectives. Which of the following strategies will he use to tackle
the risk?
A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk transfer
John is changing the plan to eliminate the risk. He is avoiding the risk from occurring. This is an
example of risk avoidance.
Answer option C is incorrect. Risk acceptance means that no action is taken relative to a
particular risk; loss is accepted if it occurs.
Answer option A is incorrect. Risk mitigation involves the identification, planning, and conduct
of actions aimed at reducing risk to an acceptable level.
Q54: Which of the following processes is described in the statement below?
"It is the process of implementing risk response plans, tracking identified risks, monitoring
residual risks, identifying new risks, and evaluating risk process effectiveness throughout the
project."
A. Control risks
B. Perform qualitative risk analysis
C. Identify risks
D. Perform quantitative risk analysis
Control risks is the process of implementing risk response plans, tracking identified risks,
monitoring residual risks, identifying new risks, and evaluating risk process effectiveness
throughout the project. It can involve choosing alternative strategies, executing a contingency or
fallback plan, taking corrective action, and modifying the project management plan.
Answer B is incorrect because this is the process of prioritizing risks for further analysis or
action by accessing and combining their probability of occurrence and impact.
Answer C is incorrect because this is the process of determining which risks may affect the
project and documenting their characteristics.
Answer D is incorrect because this is the process of numerically analyzing the effect of identified
risks on overall project objectives.
Q55: Gary is the project manager of the MMQ project for his company. He is working with his
project team to plan the risk responses for his project. Sarah, a project team member, does not
understand the process that Gary is using to plan the risk responses. Which approach is the
preferred method to address project risks and the risk responses?
A. Risks in the project should be addressed by the organization's risk tolerance for creating risk
responses.
B. Risks in the project should be addressed by their priority for creating risk responses.
C. Risks in the project should be addressed by their probability for creating risk responses.
D. Risks in the project should be addressed by their impact for creating risk responses.
Risk response planning happens after risk analysis. Once the risks have been analyzed and
prioritized, risk response planning begins. Risks are addressed based on their priority that is
established during risk analysis.
Plan risk response process

The plan risk response project management process aims to reduce the threats to the project
objectives and to increase opportunities. It follows the qualitative risk analysis process and
performs the quantitative risk analysis process. The plan risk response process includes the risk
response owner to take the job for each agreed-to and funded risk response. This process
addresses the risks by their priorities, schedules the project management plan as required, and
inserts resources and activities into the budget. The inputs to the plan risk response process are as
follows:
 Risk register: It contains the results from risk identification, qualitative risk analysis, and
 Risk management plan: It is a document that a project manager prepares to foresee
risks, estimate impacts, and define responses to issues.
Answer option C is incorrect. Risks are not addressed based only on their probability, as some
highly-probable risks may have a low impact.
Answer option D is incorrect. Risks are not addressed only by impact, as some risks may have a
low probability.
Answer option A is incorrect. The organization's risk tolerance will be considered during the
analysis of the risks. The analysis helps prioritize the risk events, which is what is considered
during risk response planning.
Q56: Jenny is the project manager for the NBT projects. She is working with the project team
and several subject matter experts to perform the quantitative risk analysis process. During this
process, she and the project team uncover several risk events that were not previously identified.
What should Jenny do with these risk events?
A. The events should be determined if they need to be accepted or responded to.

B. The events should be entered into the risk register.
C. The events should be entered into qualitative risk analysis.
D. The events should continue on with quantitative risk analysis.
All identified risk events should be entered into the risk register.
risk register.
The risk register contains the following elements:

official part of the register.
Answer option C is incorrect. Before the risk events are analyzed, they should be documented in
the risk register.
Answer option D is incorrect. These risks should first be identified, documented, passed through
qualitative risk analysis, and then it should be determined if they should pass through the
quantitative risk analysis process.
Answer option A is incorrect. The risks should first be documented and analyzed.

Q57: In which of the following project risk management processes are contingency and
management reserves created and added to the risk register?
A. Perform qualitative risk analysis

B. Perform quantitative risk analysis
C. Plan risk responses
D. Plan risk management
In the plan risk responses process, contingency and management reserves are created and added
to the risk register.
Contingency reserves also called buffers or time reserves in the PMBOK guide; means a portion
of time added to the schedule to account for risk or uncertainty. Contingency reserves are
calculated for known risks that have documented contingency or mitigation response plans to
deal with the risk event should it occur, but you don't necessarily know how much time it will
take to implement the mitigation plan and potentially perform rework.
Management reserves are a type of reserve used for unknown events. Management reserves set
aside periods of time for this unknown work but are not included in the schedule baseline. If you
do use management reserves during the project, you must change the schedule baseline to reflect
the time used.

Contents: "Risk response"
Q58: You work as a project manager for BlueWell Inc. Management has asked you to perform a
risk audit and report back on the results. Bonny, a project team member, asks you what a risk
audit is. What will you tell Bonny?
A. A risk audit is a review of all the risks that have yet to occur and what their probability of
happening is.
B. A risk audit is an audit of all the risks that have occurred in the project and what their true
impact on cost and time has been.
C. A risk audit is a review of the effectiveness of the risk responses in dealing with identified risks
and their root causes, as well as the effectiveness of the risk management process.
D. A risk audit is a review of all the risk probability and impact for the risks, which are still present
in the project but which have not yet occurred.
A risk audit is a method to test the overall risk management process and the planned risk
responses. A risk audit is a review of the effectiveness of the risk responses in dealing with
identified risks and their root causes, as well as the effectiveness of the risk management process.
Answer option B is incorrect because this defines the quantitative analysis of the risk events that
have occurred.
Answer options A and D are incorrect because these define risk analysis, part of project risk
management planning.
351
Q59: Which of the following organizational structures provides the least authority to the project
manager?
A. Weak matrix
B. Projectized
C. Functional
D. Strong matrix
The functional organization provides the least authority to the project manager.
Answer options B and A are incorrect. The authority of the project manager is high to full in a
projectized organization and low in a weak matrix organization.
Answer option D is incorrect. The authority of the project manager is moderate to high in a
strong matrix organization.
Q60: Which of the following are objectives of risk identification?
A. It defines the parameters used for analyzing and categorizing risks, and the parameters used for
controlling the risk management effort.
B. It establishes and maintains the strategy to be used for risk management.
C. It should explicitly address uncertainty and assumptions.
D. It identifies and categorizes risks that could affect the project and documents these risks.
Explanation: Answer options B, A, and D are correct.
The following are the objectives of risk identification:
 It identifies and categorizes risks that could affect the project and documents these risks.
 It defines the parameters used for analyzing and categorizing risks, and the parameters
used for controlling the risk management effort.
 It establishes and maintains the strategy to be used for risk management.
Answer option C is incorrect. The following are the principles of risk management:
 It should be an integral part of organizational processes.

 It should be part of decision making process.
 It should explicitly address uncertainty and assumptions.
 It should be systematic and structured.
 It should be based on the best available information.
 It should take human factors into account.
 It should be transparent and inclusive.
 It should be dynamic, iterative, and responsive to change.
 It should be capable of continual improvement and enhancement.
 It should be continually or periodically re-assessed.

Q61: You are the project manager of the GHY project for your organization. You are about to
start the qualitative risk analysis process for the project and you need to determine the roles and
responsibilities for conducting risk management. Where can you find this information?
A. Enterprise environmental factors

C. Staffing management plan
D. Risk register
The risk management plan defines the roles and responsibilities for conducting risk management.
A risk management plan is a document arranged by a project manager to estimate project

effectiveness, predict risks, and build response plans to mitigate them. It also consists of a risk
assessment matrix.
Answer option D is incorrect. The risk register does not define the risk management roles and
responsibilities.
Answer option A is incorrect. Enterprise environmental factors may define the roles that risk
management officials or departments play in the project, but the best answer for all projects is
the risk management plan.
Answer option C is incorrect. The staffing management plan does not define the risk
management roles and responsibilities.

Q62: Which of the following techniques examines the degree to which organizational strengths
offset threats and opportunities that may serve to overcome weaknesses?
A. SWOT analysis
B. Expert judgment
C. Brainstorming
D. Delphi
SWOT analysis is a strategic planning method used to evaluate the strengths, weaknesses,
opportunities, and threats involved in a project or in a business venture. It involves specifying the
objective of the business venture or project and identifying the internal and external factors that
are favorable and unfavorable to achieve that objective. The technique is credited to Albert
Humphrey, who led a research project at Stanford University in the 1960s and 1970s using data
from Fortune 500 companies.
Answer options C and D are incorrect. Brainstorming and Delphi techniques are used to identify
risks in a project through consensus. Delphi differs in that the members of the team do not know
each other.
Answer option B is incorrect. In this technique, risks can be identified directly by experts with
relevant experience of similar projects or business areas.
Q63: The sensitivity analysis is a technique for systematically changing parameters in a model to
determine the effects of such changes and is useful for computer modelers for a range of
purposes. Which of the following purposes does the sensitivity analysis include?
A. Model development
B. Increased understanding or quantification of the system
C. Estimating the average outcome
D. Decision making or the development of recommendations for decision makers
Explanation: Answer options D, B, and A are correct.
The sensitivity analysis is the study of how the variation (uncertainty) in the output of a
mathematical model can be apportioned, qualitatively or quantitatively, to different sources of
variation in the input of a model. In other words, it is a technique for systematically changing
parameters in a model to determine the effects of such changes. The sensitivity analysis is useful
for computer modelers for a range of purposes, including:
 Support decision making or the development of recommendations for decision makers
 Enhancing communication from modelers to decision makers
 Increased understanding or quantification of the system
 Model development
The sensitivity analysis is common in physics and chemistry, in financial applications, risk
analysis, signal processing, neural networks, and any area where models are developed. One of
the ways the sensitivity analysis data is displayed is a tornado diagram.
Answer option C is incorrect. It is included in the EMV. Expected monetary value (EMV)
analysis is a statistical technique that calculates the average outcome when the future includes
scenarios that may or may not happen. This analysis is often used within decision tree analysis.

Q64: You work as a project manager for BlueWell, Inc. You're working with your team
members on the risk responses in the project. Which risk response will likely cause a project to
use the procurement processes?
A. Mitigation
B. Sharing
C. Exploiting
D. Acceptance
Sharing allows the project manager to share an opportunity with another entity - often through
partnerships and teaming agreement.
Sharing response is where two or more entities share a positive risk. Risk sharing deals with
sharing of responsibility and accountability with others to facilitate the team with the best chance
of seizing the opportunity. Teaming agreements are good example of sharing the reward that
comes from the risk of the opportunity.
Answer option D is incorrect because acceptance does not require a contractual agreement.
Answer option A is incorrect because mitigation tries to lower the probability and/or impact of
the risk, but does not use contracts to the extent that the sharing risk response does.
Answer option C is incorrect because exploiting aims to take advantage of a positive risk and
ensures that the risk event will happen.
Q65: Frank is manager of the NHQ project for his company. He's working with his project team,
key stakeholders, and several subject matter experts on risks of dealing with new project
materials. Frank wants to utilize a risk analysis method that will help his team make decisions
regarding the current uncertainty concerning the new materials. Which risk analysis approach
can Frank use to make decisions in the presence of uncertainty?
A. Monte Carlo technique

B. Delphi technique
C. Qualitative risk analysis
D. Quantitative risk analysis
Quantitative risk analysis presents a quantitative approach to decision-making in the presence of

uncertainty.
Answer option B is incorrect because the Delphi technique uses rounds of anonymous surveys to
build consensus.
Answer option A is incorrect because the Monte Carlo technique uses a combination of
hypothetical and actual events to determine mean or most likely outcome of a scenario.
Answer option C is incorrect because qualitative risk analysis determines the probability and
impact of risk events to determine which events require further analysis.

Q66: Residual risk is the risk or danger of an action or an event, a method or a (technical)
process that still conceives these dangers even if all theoretically possible safety measures would
be applied. How residual risk can be determined?
A. By threat analysis
B. By determining remaining vulnerabilities after countermeasures are in place
C. By risk assessment
D. By transferring all risks
All risks are determined by risk assessment, regardless whether risks are residual or not.
Answer option B is incorrect. Determining remaining vulnerabilities after countermeasures are in

place says nothing about threats; therefore, risk cannot be determined.
Answer option A is incorrect. Risk cannot be determined by threat analysis alone, regardless of
whether it is residual or not.
Answer option D is incorrect. Transferring all risks is not relevant to determining residual risk. It
is one of the methods of risk management.
Q67: Qualitative risk analysis enables an individual to identify potential risks, and assets and
resources which are susceptible to these risks. Which of the following statements are true about
qualitative risk analysis?
A. It depends more on scenarios rather than calculations.

B. It provides useful and meaningful results.
C. It supports automation.
D. It includes judgment, intuition, and experience.
Qualitative risk analysis includes judgment, intuition, and experience. It enables an individual to
identify the potential risks, and assets and resources which are vulnerable to these risks. It
depends more on scenarios rather than calculations. It requires guesswork, makes use of
opinions, and provides useful and meaningful results.
Answer option C is incorrect. Qualitative risk analysis does not support automation; it is
supported by quantitative risk analysis.
Q68: The risk transference is referred to the transfer of risks to a third party, usually for a fee, it
creates a contractual relationship for the third party to manage the risk on behalf of the
performing organization. Which one of the following is NOT an example of the transference risk
response?
A. Life cycle costing

B. Use of insurance
C. Performance bonds
D. Warranties
Life cycle costing describes the cost of ownership for a project's product. It is not a risk response,
but informs the stakeholders that what it will cost to support the deliverable of the project.
Transference is a strategy to mitigate negative risks or threats. In this strategy, consequences and
ownership of risk is transferred to a third party. This strategy doesn't eliminate risk but transfers
responsibility of its management to another party. Insurance is an example of transference.
Answer options B, C, and D are incorrect. These are examples of the risk response transference.

Q69: Ted is the project manager of the HRR project for his company. Management has asked
Ted to periodically review the contingency reserve as risk events happen, pass, or is still
pending. What is the purpose of reviewing the contingency reserve?
A. It helps evaluate if the remaining reserve is adequate for the risk exposure.
B. It helps determine how much more funds will need to be invested in the project.
C. It helps determine the probability and impact of project risks.
D. It helps evaluate secondary and residual risks related to the risk responses and their costs.
A periodic analysis of the contingency reserve helps determine if the remaining funds in the
reserve are adequate for the remaining risks in the project.
Answer option C is incorrect. Qualitative and quantitative analysis determine probability and
impact of risk events.
Answer option D is incorrect. Residual and secondary risk events happen as a result of risk
responses and are not related to reserve analysis.
Answer option B is incorrect. The reserve analysis determines if the remaining funds in the
reserve are adequate for the identified risks remaining in the project.

Q70: Fred is the project manager of the CPS project. He is working with his project team to
prioritize the identified risks within the CPS project. He and the team are prioritizing risks for
further analysis or action by assessing and combining the risks probability of occurrence and
impact. What process is Fred completing?
A. Perform qualitative analysis

B. Risk identification
C. Risk breakdown structure creation
D. Perform quantitative analysis
Perform qualitative analysis ranks the probability and impact, and then helps the project manager
and team to determine which risks need further analysis.
Answer option B is incorrect. Risk identification precedes this activity.
Answer option C is incorrect. This process does not describe the decomposition and organization
of risks that you will complete in a risk breakdown structure.
Answer option D is incorrect. Perform quantitative analysis is the final step of risk analysis. Note
the question tells you that Fred and the team will identify risks for additional analysis.

Q71: Which of the following diagrams displays sensitivity analysis data?
A. Fishbone
B. Influence
C. Cause-and-effect
D. Tornado
Tornado diagrams graphically display the result of single-factor sensitivity analysis. The
sensitive variable is modeled as uncertain value while all other variables are held at baseline
values (stable). The diagram is shown in the image below:
The uncertainty in the parameter associated with the largest bar, the one at the top of the chart,
has the maximum impact on the result, with each successive lower bar having a lesser impact.
Tornado diagrams are useful for the sensitivity analysis - comparing the relative importance of
variables.
Answer options C and A are incorrect. Cause-and-effect diagrams are also known as fishbone or
Ishikawa diagrams. They are useful for identifying causes of risks.
Answer option B is incorrect. Influence diagrams are graphical representations of situations

showing causal influences, time ordering of events, and other relationships among variables and
outcomes.
Q72: Melody is the project manager for her organization. She has created a risk response to
conduct more tests on the software her project is creating. The identified risk that prompted this
response was that the software is mission-critical and must be flawless before it can be put into
product. What type of a risk response has Melody used in this scenario?
A. Avoidance
B. Enhance
C. Transference
D. Mitigation
This is an example of mitigation, as she is trying to lower the probability and/or impact of the
risk event. There is still a chance that the software could have errors, but the additional testing is
trying to catch the bugs and offer time for corrective actions.
Mitigation is a risk response planning technique associated with threats that seeks to reduce the
probability of occurrence or impact of a risk to below an acceptable threshold. Risk mitigation
involves taking early action to reduce the probability and impact of a risk occurring on the
project. Adopting less complex processes, conducting more tests, or choosing a more stable
supplier are examples of mitigation actions.
Answer option C is incorrect. Transference transfers the risks to some other party to own it.
Answer option B is incorrect. Enhance is a positive risk response to increase the probability
and/or impact of an opportunity.
Answer option A is incorrect. Avoidance changes the project plan to take the risk out of the
project entirely.

Q73: Project documents utilized for risk identification purposes include which of the following?
A. Project exclusions
B. Network diagrams
C. Work performance reports
D. Assumptions log
Project documents utilized for risk identification purposes include:
 Assumptions log
 Work performance reports
 Earned value reports
 Network diagrams
 Other project information
Answer option A is incorrect because project documents include project exclusions.

Q74: Jenny is the project manager of the NHJ project for her company. She has identified
several positive risk events within the project and she thinks these events can save the project
time and money. You, a new team member, wants to know how many risk responses are
available for a positive risk event. What will Jenny reply to you?
A. Seven
B. Four
C. Three
D. Acceptance is the only risk response for positive risk events.
Jenny will reply that there are four risk responses for positive risk events.
Answer option D is incorrect. Acceptance is one of the four risk responses.
Answer option C is incorrect. There are four risk responses for positive events, not just three.
Answer option A is incorrect. There are seven total risk responses for positive and negative risk
events.

Q75: Which of the following is a preliminary assessment of the viability of the project; the
viability or perhaps marketability of the product, service, or result of the project; and the project's
value to the organization?
A. Phase-end review
B. Progressive elaboration
C. Feasibility study
D. Deliverable

A feasibility study is a preliminary assessment of the viability of the project; the viability or
perhaps marketability of the product, service, or result of the project; and the project's value to
the organization. It might also determine whether the product, service, or result of the project is
safe and meets industry or governmental standards and regulations. The completion and approval
of the feasibility study triggers the beginning of the requirements phase, where requirements are
documented and then handed off to the design phase, where blueprints are produced. The
feasibility might also show that the project is not worth pursuing and the project is then
terminated; therefore, the next phase never begins.
Answer option D is incorrect. A deliverable is an output that must be produced, verified, and
approved to bring the phase, life cycle process, or project to completion. Deliverables are unique
and verifiable and may be tangible or intangible, such as the ability to carry out a service.
Deliverables might also include things such as design documents, project budgets, blueprints,
project schedules, prototypes, and so on.
Answer option A is incorrect. A phase-end review allows those involved with the work to
determine whether the project should continue to the next phase. Phase-end reviews give the
project manager the ability to discover, address, and take corrective action against errors
discovered during the phase. Phase end reviews are also known as phase exits, phase gates, and
kill points.
Answer option B is incorrect. Progressive elaboration is the characteristics of incrementally, and

continually, refining work and information in greater detail as a project progresses. The concept
of progressive elaboration refers specifically to a project management technique in which the
plan for the particular and designated project is being continuously and constantly modified,
detailed, and improved as newer and more improved sets of information becomes available to the
project management team as the project unfolds and comes into implementation.
Q76: Which of the following tools and techniques of the perform qualitative risk analysis
process investigates the chances of a particular risk to occur?
A. Risk categorization
B. Risk urgency assessment
C. Risk data quality assessment
D. Probability and impact matrix
urgent to address.
Q77: You are the project manager of the NNH project. In this project, you have created a
contingency response that the cost performance index should be less than 0.93. The NHH project
has a budget at completion of $945,000 and is 45 percent complete though the project should be
49 percent complete. The project has spent $455,897 to reach the 45 percent complete milestone.
What is the project's cost performance index?
A. 0.93
B. -$30,647
C. 1.06
D. 0.92
The cost performance index is found by dividing the earned value by the actual costs. In this
example, it is:
CPI= 425,250/455,897
=0.93
The CPI is the ratio of earned value to actual cost. It is used to calculate performance
efficiencies, as well as predict future performance in trend analysis. The CPI is calculated using
the following formula:
CPI = Earned value (EV) / Actual cost (AC)
If the CPI value is greater than 1, it indicates better than expected performance; if less than 1, it
shows poor performance. A CPI value of 1 indicates that the project is right on target.
Answer option D is incorrect. 0.92 is the schedule performance index for the project.
Answer option C is incorrect. 1.06 represents the to-complete performance index for the project.
Answer option B is incorrect. -$30,647 is the cost variance for the project.

Q78: Which of the following is the opportunity of discussing and agreeing on expectations of
communication and, primarily, agreeing on a set of values and principles that all stakeholders
will abide by?
A. Stakeholder matrix
B. Stakeholder engagement
C. Stakeholder identification
D. Stakeholder analysis
Stakeholder management is defined as process and control that should be planned and guided by
underlying principles. It prepares a strategy by making use of information (or intelligence)
gathered during the following common processes:
 Stakeholder identification: It identifies interested parties, either internal or external, to

an organization/project. A stakeholder map is helpful in recognizing the stakeholders.
 Stakeholder analysis: It is a process of recognizing and acknowledging stakeholder's
needs concerns, wants, authority, common relationships, and interfaces, and aligning this
information within the stakeholder matrix.
 Stakeholder matrix: It is used to position stakeholders according to the level of
influence, impact, or enhancement they may provide to the business or its projects.
 Stakeholder engagement: It is the opportunity of discussing and agreeing on
expectations of communication, and primarily agreeing on a set of values and principles
that all stakeholders will abide by.
 Communicating information: It is managed between stakeholders.
Q79: Which of the following processes evaluates the effectiveness of executing responses
throughout the lifecycle of the project?
A. Control risks
B. Identify risks
C. Perform quantitative risk analysis
D. Perform qualitative risk analysis
The following are the processes included in risk management:
 Plan risk management: This process decides how risk management activities for the
project at hand will be performed.
 Identify risks: This process identifies and documents risks that might occur for a given
project.
 Perform qualitative risk analysis: This process estimates the overall probability for
risks to occur and their impact and prioritizes them accordingly for further analysis.
 Perform quantitative risk analysis: This process analyzes numerically the effect of
identified risks on meeting the project objectives.
 Plan risk responses: This process prepares a risk response plan for increasing the
 Control risks: This process tracks identified risks, identifies new risks, executes risk
response plans, and evaluates the effectiveness of executing responses throughout the
lifecycle of the project.

Q80: Which of the following is a technique for assisting in reaching decisions under uncertainty
and risk?
A. Decision theory
B. Utility theory
C. Probability analysis
D. Sensitivity analysis
Risk analysis techniques are as follows:
 OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation): It is

a strategic assessment based on the risk identified. It is also used as a planning technique
for security.
 COBRA (Collective, Objective, and Bi-Functional Risk Analysis): It is a
questionnaire system which is based on system's principle and extensive knowledge to
evaluate the relative importance of all threats and vulnerabilities.
 Delphi: It is a group of experts who used to rate independently and rate business risk of
an organization. Each expert analyzes the risk independently and then prioritizes the risk,
and the results are combined into a consensus.
 Brainstorming: It is used extensively in formative project planning. It can also be used
to identify and postulate risk scenarios for a particular project.
 Sensitivity analysis: It examines the extent to which the uncertainty of each element
affects the object under consideration when all other uncertain elements are held at their
baseline values.
 Probability analysis: It overcomes the limitations of a sensitivity analysis technique by
specifying a probability distribution for each variable, and then considering situations
where any or all of these variables can be modified at the same time.
 Utility theory: It is an approach that is appropriate to the decision tree analysis for the
calculation of expected values, and also for the assessment of results from sensitivity and
probability analyses.
 Decision theory: It is a technique for assisting in reaching decisions under uncertainty
and risk.
Q81: Which of the following is a risk response that's appropriate to positive or negative risk
events, depending on the project?
A. Acceptance
B. Transference
C. Sharing
D. Avoidance
Acceptance is a risk response appropriate to either positive or negative risk events. Acceptance
response is a part of risk response planning. Acceptance response indicates that the project plan
will not be changed to deal with the risk. Management may develop a contingency plan if the
risk does occur. Acceptance response to a risk event is a strategy that can be used for risks that
pose either threats or opportunities. Acceptance response can be one of two types:
Answer option B is incorrect. Transference is a response to negative risk events that might occur
in the project. Transference such as hiring an electrician usually requires a contractual
relationship with a vendor.
Answer option C is incorrect. Sharing is a risk response that's appropriate to positive risks that an
organization shares with another organization, such as a teaming agreement or partnership to
seize an opportunity.
Answer option D is incorrect. Avoidance is a negative risk response, such as a workaround to

avoid a project risk event.
Reference: "A Guide to the Project Management Body of Knowledge"

Q82: You are the project manager of the HQQ project for your company. You are working with
your project stakeholders to discuss the risks in the project that can adversely affect the project
objectives. You are discussing the possibilities of causes for an identified risk event in your
project. Your stakeholder is confused on the difference between causes and risk events. Which of
the following is NOT an example of a cause for a project risk?
A. Schedule constraints on the project

B. Quality assurance programs within the company
C. Work permit requirements
D. Limited team members to complete the project work
Quality assurance programs are generally not considered causes for risk events. These programs
can be considered as the project requirement.
A cause in project risks is a necessity, limitation, assumption, or situation that creates the chance
of negative and positive outcomes. A cause can be the condition of permit to do work, or having
restricted personnel assigned to design the project. If either of these conditions occurs, there may
be an impact on the project cost, schedule, or performance.
Answer options C, D, and A are incorrect. These are examples of risk causes.

Q83: There are seven risk responses for any project. Which one of the following is a valid risk
response for a negative risk event?
A. Exploit
B. Acceptance
C. Share
D. Enhance
Among the given choices, only acceptance response can be used for a negative risk event.
Answer options A, D, and C are incorrect. Exploit, enhance, and share risk responses are used to
deal with opportunities or positive risks.
344
Q84: Which of the following risk response options involve the identification, planning, and
conduct of actions aimed at reducing risk to an acceptable level?
A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk transfer
Risk mitigation involves the identification, planning, and conduct of actions aimed at reducing
risk to an acceptable level. Hence, risk can be reduced by reducing vulnerabilities, and risk
mitigation is the primary strategy in this process. Risk mitigation is also known as reduction or
treatment.
Answer option B is incorrect. Risk avoidance is a technique used for threats. It creates changes to
the project management plan that are meant to either eliminate the risk completely or to protect
the project objectives from its impact. Risk avoidance removes the risk event entirely either by
adding additional steps to avoid the event or reducing the project scope requirements. It may
seem the answer to all possible risks, but avoiding risks also means losing out on the potential
gains that accepting (retaining) the risk might have allowed.
Transfer of risk can occur in many forms but is most effective when dealing with financial risks.
Insurance is one form of risk transfer.
particular risk; loss is accepted if it occurs. If an enterprise adopts a risk acceptance, it should
carefully consider who can accept the risk. Risks should be accepted only by the senior
management and the board. There are two alternatives to the acceptance strategy, i.e., passive
and active.

Q85: ____ analysis is a statistical concept that calculates the average outcome when the future
includes scenarios that may or may not happen.
A. Expert judgment
B. Expected monetary value
C. Sensitivity
D. Modeling and simulation
Expected monetary value (EMV) analysis is a statistical technique that calculates the average
outcome when the future includes scenarios that may or may not happen. This analysis is often
used within decision tree analysis.
Q86: Which of the following phases of the project life cycle formalizes the acceptance of the
project and ensures an orderly end?
A. Executing
B. Initiating
C. Closing
D. Monitoring/ controlling
Table 2.1 describes each phase of the project life cycle:
Phase Description Output

Initiating process recognizes the beginning of the project. It
Initiating defines and authorizes the project, names the project manager, Project charter
and defines scope, deliverable, duration, and resources.
Planning process identifies the scope of the project and resource
requirements. It identifies stakeholders, defines objectives and Project
Planning requirements, defines scope, develops the schedule, defines the management
budget, identifies risks, identifies resources, and plans plan
procurement.
During executing process, one implements the project
Executing Deliverable
management plan, completes the work, and coordinates staff.
Monitoring/controlling process ensures the objectives are met
Monitoring/ by monitoring and tracking the project's progress. It monitors Corrective
controlling performance against the project management plan, identifies action
variances, undertakes corrective action, and implements
approved changes.
Closing process formalizes the acceptance of the project and
Sign-off from
ensures an orderly end. It gathers project information, reviews
Closing the customer or
the project's time and cost performance, compiles lessons
sponsor
learned, and closes contracts.
Table 2.1: Phases Of The Project Life Cycle
Reference: The Project Management Body of Knowledge, Fifth edition, Section 2.4
Q87: Shawn is the project manager of the WHT project for his company. In this project, Shawn's
team reports that they have found a way to complete the project work for less cost than what was
originally planned. The project team presents new software that will help automate the project
work. While the software and associated training cost $25,000, it will save the project nearly
$65,000 in total costs. Shawn agrees to the software and changes the project management plan
accordingly. What type of risk response has been used in this instance?
A. Enhancing
B. Accepting
C. Exploiting
D. Avoidance
Exploiting happens when the project manager wants to ensure that an opportunity is realized.
Amongst all the strategies used to negate risks or threats that appear in a project, exploit response
is one that may be selected for risks with positive impacts where the organization wishes to
ensure that the opportunity is realized. Exploiting a risk event provides opportunities for positive
impact on a project. Assigning more talented resources to the project to reduce the time to
completion is an example of exploit response.
Answer option D is incorrect. Avoidance is a negative risk response that changes the project
management plan to take the risk entirely out of the project.
Answer option A is incorrect. Enhancing is a positive risk response that aims to increase the
probability and/or impact of the risk event.
Answer option B is incorrect. Accepting is a risk response that is appropriate for positive or
negative risk events. It does not pursue the risk, but documents the event and allows the risk to
happen. Often acceptance is used for low probability and low impact risk events.

Q88: You work as a project manager for SoftTech Inc. You're working with the project
stakeholders to begin the qualitative risk analysis process. You will need all of the following as
inputs to the qualitative risk analysis process except for which one?
A. Stakeholder register
B. Risk register
C. Scope baseline
D. Risk management plan
You would not need the stakeholder register to perform qualitative risk analysis. Qualitative risk
analysis uses the likelihood and impact of the identified risks in a fast and cost-effective manner.
Qualitative risk analysis establishes a basis for a focused quantitative analysis or risk response
plan by evaluating the precedence of risks with a concern to impact on the project's scope, cost,
schedule, and quality objectives. Qualitative risk analysis is conducted at any point in a project
life cycle. The primary goal of qualitative risk analysis is to determine proportion of effect and
theoretical response.
Q89: You are the project manager of the AMD project for your organization. In this project, you
are currently performing quantitative risk analysis. The tool and technique you are using is
simulation, where the project model is computed many times with the input values chosen at
random for each iteration. The goal is to create a probability distribution from the iterations for
the project schedule. What technique will you use with this simulation?
A. Expected monetary value

B. Pareto modeling
C. Analogous modeling
D. Monte Carlo technique
This is an example of the Monte Carlo technique, which is typically used with project
simulations. You can ideally use the Monte Carlo technique with time and estimate using
pessimistic, optimistic, and value.
The Monte Carlo simulation is a process for iteratively evaluating a deterministic form using sets
of random numbers as inputs. This method is repeatedly used when the model is complex,
nonlinear, or involves more than just a couple of vague parameters. The Monte Carlo simulation
is named after the city in Monaco, where the major attractions are casinos that have games of
chance. Gambling games, such as roulette, dice, and slot machines, exhibit random behavior.
This technique works particularly well when the process is one where the underlying
probabilities are known, but the results are more difficult to determine. It is a process that
generates hundreds or thousands of probable performance outcomes based on probability
distribution for cost and schedule on individual tasks. The outcomes are then used to generate a
probability distribution for the project as a whole.
Answer option A is incorrect. The expected monetary value is found by multiplying the risk
probability times the risk impact.
Answer option B is incorrect. Pareto modeling is not a valid quantitative risk analysis process
term.
Answer option C is incorrect. Analogous modeling uses previous project data to predict the
current project experience.

Q90: Which of the following diagrams describes the statement below?
"It graphically displays the result of single-factor sensitivity analysis. The sensitive variable is
modeled as uncertain value while all other variables are held at baseline values (stable)."
A. Tornado
B. Cause-and-effect
C. Influence
D. GERT
variables.
Answer option B is incorrect. Cause-and-effect diagrams are also known as fishbone or Ishikawa
diagrams. They are useful for identifying causes of risks.
Answer option C is incorrect. Influence diagrams are graphical representations of situations

showing causal influences, time ordering of events, and other relationships among variables and
outcomes.
Answer option D is incorrect. A GERT chart uses branching, loop backs, and project scenarios to
show advancement in the project workflow.

Q91: What is the expected monetary value of a risk with an impact of $4,500 and probability of
85%?
A. $1,625
B. $2,375
C. $3,475
D. $3,825
For calculating the expected monetary value, multiply the impact by the probability. In this case,
multiply $4,500 by 85% to get $3,825.
Q92: You are the project manager of the HJK project for your organization. You and your
project team have created risk responses for many of the risk events in the project. Where should
you document the proposed responses and the current status of all identified risks?
A. Stakeholder management strategy

B. Risk register
C. Lessons learned documentation
Risks and the corresponding responses are documented in the risk register for the project.
risk register.

Answer option C is incorrect. The outcome of risk events and the corresponding risk responses
may be documented in the project's lessons learned documented, but the best answer is to
document the risk responses as part of the risk register.
Answer option D is incorrect. The risk management plan defines how risks will be identified and
analyzed, the available responses, and the monitoring and controlling of the risk events. The
actual risk responses are included in the risk register.
Answer option A is incorrect. The stakeholder management strategy defines how stakeholders
and their threats, perceived threats, opinions, and influence over the project objectives will be
addressed and managed.

Q93: You are the project manager of a new project in your organization. You and the project
team have identified the project risks, completed risk analysis, and are planning the most
appropriate risk responses. Which of the following tools is most effective to choose the most
appropriate risk response?
A. Project network diagram

B. Delphi technique
C. Decision tree analysis
D. Cause-and-effect diagram
Decision tree analysis is the most effective tool to choose the most appropriate risk response.
The decision tree analysis is a risk analysis tool that can help the project manager to determine
the best risk response. The tool can be used to measure probability, impact, and risk exposure
and how the selected risk response can affect the probability and/or impact of the selected risk
event. It helps to form a balanced image of the risks and rewards connected with each possible
course of action. This makes them mostly useful for choosing between different strategies,
projects, or investment opportunities particularly when the resources are limited. A decision tree
is a decision support tool that uses a tree-like graph or model of decisions and their possible
consequences, including chance event outcomes, resource costs, and utility.
Answer option D is incorrect. Cause-and-effect diagrams are useful for identifying root causes
and risk identification, but they are not the most effective ones for risk response planning.
Answer option A is incorrect. Project network diagrams help the project manager and
stakeholders visualize the flow of the project work, but they are not used as a part of risk
response planning.
Answer option B is incorrect. The Delphi technique can be used in risk identification, but
generally is not used in risk response planning. The Delphi technique uses rounds of anonymous
surveys to identify risks.

Q94: Which of the following is used to identify risks, ideas, or solutions to issues by using a
group of team members or subject matter expert?
A. Expert judgment
B. Meeting minute
C. Variance analysis
D. Brainstorming
Brainstorming is a technique used for collecting general data. It is used by a group of team
members or subject matter expert for identifying risks, ideas, or solutions to issues. It is also a
group creativity technique that is used for providing other benefits, such as boosting morale,
enhancing work enjoyment, and improving team work.
Answer option A is incorrect. Expert judgment is a technique that is based on a set of criteria that
has been acquired in a particular knowledge area or product area. It is acquired when the project
manager or project team needs specialized knowledge that they do not possess. It includes people
most familiar with the work of creating estimates. Preferably, the project team member who will
be doing the task should complete the estimates. Expert judgment is applied when performing
administrative closure activities and experts should ensure the project or phase closure is
performed to the appropriate standards.
Answer option B is incorrect. Meeting minute is one of the most common documentation
techniques that could be as simple as someone taking detailed and thorough meeting notes.
Meetings could range from weekly development or project status update meetings, planning
meetings, post mortem meetings, or even expert interview meetings, as a means for gathering
data.
Answer option C is incorrect. Variance analysis is a technique used for measuring how closely a
project adheres to the scope, time, and cost estimates made during the planning phase. It also
determines the dissimilarities between the planned and the actual budget or schedule for
discovering unacceptable risks to the budget, schedule, quality, or scope of the project.
Q95: You are the project manager of the NGQQ project for your company. To help you
communicate project status to your stakeholders, you're going to create a stakeholder register.
All of the following information should be included in the stakeholder register except for which
one?
A. Stakeholder classification of their role in the project

B. Identification information for each stakeholder
C. Assessment information of the stakeholders' major requirements, expectations, and potential
influence
D. Stakeholder management strategy
The stakeholder management strategy is generally not included in the stakeholder registry
because it may contain sensitive information that should not be shared with project team
members or certain other individuals that could see the stakeholder register.
The stakeholder register is a project management document that contains a list of the
stakeholders associated with the project. It assesses how they are involved in the project and
identifies what role they play in the organization. The information in this document can be very
perceptive and is meant for limited exchange only. It also contains relevant information about the
stakeholders, such as their requirements, expectations, and influence on the project.
Answers B, C, and A are incorrect because these should be included in the stakeholder register.
399
Q96: You are the project manager of the GHY project for your organization. You are working
with your project team to begin identifying risks for the project. As part of your preparation for
identifying risks within the project, you will need thirteen inputs for the process. Which one of
the following is NOT an input to the identify risks process?
A. Stakeholder register
B. Cost management plan
C. Quality management plan
D. Procurement management plan
The procurement management plan is not one of the thirteen inputs for the identify risks process.
The thirteen inputs to this process are risk management plan, activity cost estimates, activity
duration estimates, scope baseline, stakeholder register, cost management plan, schedule
management plan, quality management plan, human resource management plan, project
documents, enterprise environmental factors, procurement documents, and organizational
process assets.
What is the procurement management plan?

The procurement management plan defines more than just the procurement of team members, if
needed. It defines how procurements will be planned and executed, and how the organization and
the vendor will fulfill the terms of the contract.
Answer options A, B, and C are incorrect. These are inputs to the identify risks process.

Q97: You work as a project manager for uCertify Inc. You're working on a project and have
identified multiple negative risk events within the project. Maria, a new project team member
wants to know that how many strategies are available for dealing with the negative risk events.
What answer will you give to Maria?
A. Four
B. Five
C. Six
D. Three
You'll reply Maria that there are four strategies available for dealing with the negative risk
events: avoid, transfer, mitigate, and accept. Here are the four strategies for dealing with the
negative risk events:
 Avoid: To avoid a risk means you will evade it altogether by eliminating the cause of the
risk event or by changing the project management plan to protect the project objectives
from the risk event.
 Transfer: The idea behind a risk transfer is to transfer the risk and the consequences of
that risk to a third party.
 Mitigate: When you mitigate a risk, you attempt to reduce the probability of a risk event
occurring or reduce its impacts to an acceptable level.
 Accept: The accept/acceptance strategy is used when you are not able to eliminate all the
threats on the project.

Q98: Which of the following indicates that the project team has decided not to change the
project management plan to deal with a risk, or is unable to identify any other suitable response
strategy?
A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk transference
It indicates that the project team has decided not to change the project management plan to deal
with a risk, or is unable to identify any other suitable response strategy.
Answer option B is incorrect. It is a technique for a threat which creates changes to the project
management plan that are meant to either eliminate the risk or to protect the project objectives
from this impact.
Answer option A is incorrect. It is a list of specific actions being taken to deal with specific risks
associated with the threats, and it seeks to reduce the probability of occurrence or impact of risk
below an acceptable threshold.
Answer option D is incorrect. It is used to shift the impact of a threat to a third party, together
with the ownership of the response.
Q99: You are the project manager of the XYZ project. You have identified several project risks.
You have adopted alternatives to deal with these risks which do not attempt to reduce the
probability of a risk event or its impacts. Which of the following strategies have you
implemented?
A. Contingent response
B. Mitigation
C. Acceptance
D. Avoidance
The contingency risk response strategy is also known as the contingency plan. The contingency
risk response strategy works in the improvement of different courses of actions that include
changes in schedule, resources, or contract. Contingency planning is taken into consideration
when the risk events happen in the project. This means that one should prepare and plan the
contingencies in advance before the threats occur. After the risks have been acknowledged and
quantified, contingency plans should be planned, developed, and kept organized. Contingency
allowances or the reserves are the general contingency responses.
Answer option B is incorrect. Risk mitigation attempts to reduce the probability of a risk event
and its impacts to an acceptable level.
particular risk; loss is accepted if it occurs.
Answer option D is incorrect. Risk avoidance means to evade risk altogether, eliminate the cause
of the risk event, or change the project plan to protect the project objectives from the risk event.
Q100: You are the project manager of the NHQ project for your company. Management has told
you that you must implement an agreed upon contingency response if the cost performance index
in your project is less than 0.90. Consider that your project has a budget at completion of
$250,000 and is 60 percent complete. You are scheduled to be however, 75 percent complete,
and you have spent $165,000 to date. What is the cost performance index for this project to
determine if the contingency response should happen?
A. 0.91
B. 0.80
C. 0.88
D. -$37,500
The cost performance index is 0.90, so the contingency response does not need to be
implemented. You can find the cost performance index by dividing the earned value by the
actual costs. In this instance, it is:
CPI = 150,000/165,000
= 0.91
Answer option D is incorrect. -$37,500 is the project's schedule variance.
Answer option B is incorrect. 0.80 represents the project's schedule performance index.
Answer option C is incorrect. 0.88 is not a valid earned value management calculation.

Q101: Which of the following techniques is used to gauge how closely a project adheres to the
scope, time, and cost estimates made during the planning phase?
A. Sensitivity analysis
B. Variance analysis
C. Trend analysis
D. SWOT analysis
Variance analysis is used to gauge how closely a project adheres to the scope, time, and cost
estimates made during the planning phase. It examines the dissimilarities between the planned
and the actual budget or schedule to discover unacceptable risks to the budget, schedule, quality,
or scope of the project.
Answer option C is incorrect. Trend analysis helps in detecting new risks.
Answer option A is incorrect. Sensitivity analysis is used to determine which risk has the greatest
impact on the project.
Answer option D is incorrect. SWOT analysis (strengths, weaknesses, opportunities, and threats)
is a technique that examines the project from each of these viewpoints.

Q102: Maria works as a project manager for uCertify Inc. She's conducted a meeting with her
team members for identifying risks in the project. In the meeting, she shows how the various
project elements interrelate using a diagram. Which diagramming technique is Maria using to aid
in the process of gathering risks?
A. Pareto
B. Scatter
C. Process flow chart
D. Cause-and-effect
Maria is using process flow chart (also known as stratification chart), which shows the logical
steps needed to accomplish an objective, how the elements of a system relate to each other, and
what actions cause what responses.
Answer option D is incorrect. The Cause-and-effect diagram shows the relationship between the
effects of problems and their causes.
Answer option A is incorrect. The Pareto diagram is displayed as histogram that rank-order the
most important factors such as delays, costs, and defects; for example, by their frequency over
time.
Answer option B is incorrect. Scatter diagrams, also known as correlation charts, display the
relationship between the two elements as points on a graph. This relationship is analyzed to
prove or disprove cause-and-effect relationships.

Q103: Which positive risk response best describes a teaming agreement?

A. Enhance
B. Share
C. Exploit
D. Venture
Sharing is a positive risk response where a positive risk is shared with another entity through a
teaming agreement, joint venture, or other partnership arrangement. Sharing response is where
two or more entities share a positive risk. Risk sharing deals with sharing of responsibility and
accountability with others to facilitate the team with the best chance of seizing the opportunity.
Teaming agreements are good example of sharing the reward that comes from the risk of the
opportunity.
Answer option C is incorrect. Exploiting is a positive risk response where the organization
ensures that the positive risk benefits are realized. Amongst all the strategies used to negate risks
or threats that appear in a project, exploit response is one that may be selected for risks with
Exploiting a risk event provides opportunities for positive impact on a project. Assigning more
talented resources to the project to reduce the time to completion is an example of exploit
response.
Answer option A is incorrect. Risk enhancement raises the probability of an opportunity to take
place by focusing on the trigger conditions of the opportunity and optimizing the chances.
Identifying and maximizing input drivers of these positive-impact risks may raise the probability
of their occurrence.
Answer option D is incorrect. Venture is not a valid positive risk response.

Q104: A project team member has just identified a new project risk. The risk event is determined
to have significant impact but a low probability in the project. Should the risk event happen, it
will cause the project to be delayed by three weeks, which will cause new risk in the project.
What should the project manager do with the risk event?
A. Add the identified risk to a quality control management control chart.

B. Add the identified risk to the risk register.
C. Add the identified risk to the low-level risk watchlist.
D. Add the identified risk to the issues log.
Explanation: Answer B is correct.
All identified risks, their characteristics, responses, and their status should be added and
monitored as part of the risk register. A risk register is a document that contains results of
qualitative and quantitative risk analyses and risk response planning. Description, category,
cause, probability of occurrence, impact on objectives, proposed responses, owner, and current
status of all identified risks are entered in the risk register.
Answer C is incorrect. Risks that have a low probability and a low impact may go on the low-
level risk watchlist.
Answer D is incorrect. This is a risk event and should be recorded in the risk register.
Answer A is incorrect. Control charts are not where risk events are recorded.
Reference: The Project Management Body of Knowledge, Fifth edition, 7.2.1.5, Page 203
Q105: Shelly is the project manager of the BUF project for her company. In this project, Shelly
needs to establish some rules to reduce the influence of risk bias during the qualitative risk
analysis process. What method can Shelly take to best reduce the influence of risk bias?
A. Group stakeholders according to positive and negative stakeholders, and then complete the risk
analysis.
B. Establish risk boundaries.
C. Determine the risk root cause rather than the person identifying the risk events.
D. Establish definitions of the level of probability and impact of risk event.
By establishing definitions for the level of probability and impact, a project manager can reduce
the influence of bias.
Answer option B is incorrect. This is not a valid statement for reducing bias in the qualitative
risk analysis.
Answer option A is incorrect. Positive and negative stakeholders are identified based on their
position towards the project goals and objectives, not necessarily risks.
Answer option C is incorrect. Root cause analysis is a good exercise, but it would not determine
risk bias.

Q106: Which of the following processes addresses the risks by their priorities, schedules the
project management plan as required, and inserts resources and activities into the budget?
A. Control risks
B. Plan risk response
C. Identify risks
follows:
Answer option C is incorrect. Identify risks is the process of determining which risks may affect
the project. It also documents risks' characteristics. It is part of the project risk management
knowledge area. As new risks may evolve or become known as the project progresses through its
life cycle, identify risks is an iterative process. The process should involve the project team so
that they can develop and maintain a sense of ownership and responsibility for the risks and
associated risk response actions. Risk register is the only output of this process.
Answer option A is incorrect. Control risk is the process of implementing risk response plans,
tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk
process effectiveness throughout the project. It can involve choosing alternative strategies,
executing a contingency or fallback plan, taking corrective action, and modifying the project
management plan.
Answer option D is incorrect. Perform qualitative risk analysis is the process of prioritizing risks
for further analysis and action. It combines risks and their probability of occurrences and ranks
them accordingly. It enables organizations to improve the project's performance by focusing on
high-priority risks. Perform qualitative risk analysis is usually a rapid and cost-effective means
of establishing priorities for plan risk responses. It also lays the foundation to perform

Q107: Which of the following are tree-based techniques in risk analysis?
A. Preliminary risk analysis

B. Fault-tree analysis
C. Cause-consequence analysis
D. Event-tree analysis
Explanation: Answer options B, C, and D are correct.
Tree-based techniques in risk analysis are as follows:
 Fault-tree analysis (FTA)

 Event-tree analysis (ETA)
 Cause-consequence analysis (CCA)
 Management oversight risk tree (MORT)
 Safety management organization review technique (SMORT)
Answer option A is incorrect. Risk analysis methodologies are as follows:
 Preliminary risk analysis

 Hazard and operability studies (HAZOP)
 Failure mode and effects analysis (FMEA/FMECA)
Q108: Rob is the project manager of the IDLK project for his company. This project has a
budget of $5,600,000 and is expected to last 18 months. Rob has learned that a new law may
affect how the project is allowed to proceed - even though the organization has already invested
over $750,000 in the project. What risk response is the most appropriate for this instance?
A. Enhance
B. Acceptance
C. Mitigation
D. Transference
At this point, all that Rob can likely do is accepting the risk event. Since this is an external risk,
there is little that Rob can do other than document the risk and share the new law with
management and the project stakeholders. If the law is passed, Rob can choose the most
appropriate way for the project to continue.
Answer option C is incorrect. Mitigation aims to lower the probability and/or impact of the risk
event.
Answer option D is incorrect. Transference transfers the ownership of the risk event to a third
party, usually through a contractual agreement.
Answer option A is incorrect. Enhance is a risk response that tries to increase the probability
and/or impact of the positive risk event.

Q109: John is the project manager for his company. He has identified a risk event in his project
that will have a high probability and a high impact. Based on the requirements of the project, he
has asked to change the project scope to remove the associated requirement and the associated
risk. What type of risk response is this?
A. Avoidance
B. Not a risk response, but a change request
C. Transference
D. Exploit
Risk avoidance involves changing the project management plan to eliminate the threat entirely.
The project manager may also isolate the project objectives from the risk's impact or change the
objective that is in jeopardy. Examples of this include extending the schedule, changing the
strategy, or reducing the scope. The most radical avoidance strategy is to shut down the project
entirely. Some risks that arise early in the project can be avoided by clarifying requirements,
obtaining information, improving communication, or acquiring expertise.
Answer option D is incorrect. Exploit risk response is used for positive risk or opportunity, not
for negative risk.
Answer option C is incorrect. Transference allows the risk to be transferred, not removed from
the project, to a third party. Transference usually requires a contractual relationship with the third
party.
Answer option B is incorrect. This risk response does require a change request, in some
instances, but it's the avoidance risk response and not just a change request.

Q110: Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit
of its mission. What are the major factors to be considered while deciding the risk appetite level?
A. Capacity of the enterprise's objective to absorb loss

B. Amount of loss the enterprise wants to accept
C. Risk-aware decisions
D. Alignment with risk culture
Explanation: Answer options B and A are correct.
Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit of its
mission. This is the responsibility of the board to decide risk appetite of an enterprise. When
considering the risk appetite levels for the enterprise, the following two major factors should be
taken into account:
 The enterprise's objective capacity to absorb loss, e.g., financial loss, reputation damage,
etc.
 The culture towards risk taking - cautious or aggressive. In other words, the amount of
loss the enterprise wants to accept in pursuit of its objective fulfillment.
Answer option D is incorrect. Alignment with risk culture is also one of the factors but is not as
important as these two.
Answer option C is incorrect. Risk-aware decision is not the factor, but is the result which uses
risk appetite information as its input.
Question Bank - 2
Q1: Which of the following are tools and techniques of perform quantitative risk analysis?
A. Risk urgency assessment

B. Decision tree
C. Simulation
Explanation: Answer options C and B are correct.
The following are tools and techniques of the perform quantitative risk analysis process:
 Techniques for data gathering and data presentation (interviewing, probability

distribution)
 Techniques for quantitative risk analysis and modeling
 Expert judgment
Answer options A and D are incorrect. The tools and techniques for qualitative risk analysis
process are as follows:
urgent to address.

Q2: You work as a project manager for BlueWell Inc. You are performing the quantitative risk
analysis for your project. One of the project risks has a 50 percent probability of happening, and
it will cost the project $55,000 if the risk happens. What will be the expected monetary value of
this risk event?
A. Negative $27,500
B. Negative $26,000
C. Negative $55,000
D. Zero - the risk event has not yet occurred
The expected monetary value of the risk is found by multiplying the risk probability times the
impact. In this instance, the expected monetary value is negative $26,000.
EMV = Risk probability * Impact

= .50 * 55,000
= 27,500 (since it is a risk, it will be a negative value for EMV)
= - $27,500
used within decision tree analysis. The EMV of opportunities are positive values, and risks are
negative values.

Q3: You are a project manager for Tech Perfect Inc. While studying the project, you find that
there are too many stakeholders in the project. You are concerned about some influencing
stakeholders. Which of the following process groups can be highly affected by stakeholder
influence?
A. Closing
B. Monitoring and controlling
C. Planning
D. Initiating
The Initiating process group can be highly affected by the stakeholders of the project. This is the
stage where project is not clear and deliverables are not exactly identified. This is the stage
where stakeholders can influence the project outcomes. Project stakeholders are those entities
within or without an organization, who sponsor a project or have an interest or a gain upon a
successful completion of a project.
The project management team must identify the stakeholders, determine their requirements and
expectations, and to the extent possible manage their influence in relation to the requirements to
ensure a successful project.
Answers C, B, and A are incorrect. Although stakeholder influence can affect all process groups,
Initiating process group is highly affected.
Q4: As a part of monitoring and controlling the project, the project manager should update the
risk register. The project manager should update the risk register with information on risk
reassessment, risk audits, and periodic risk reviews. What other information should the project
manager update the risk register with?
A. Actual cost of risk events

B. Actual outcomes of risk management duties by the project team
C. Actual outcomes of the project's risks and of the risk responses
D. Actual costs and schedule delays of risk events
The project manager should document the actual outcomes of the project's risks and how well the
risk responses worked in the project.
Answer option A is incorrect. This information may be included as a part of the outcome of risks
and risk responses, but it is not the best choice for the question asked.
Answer option D is incorrect. Costs and schedule delays can be documented, but the best answer
includes the experience and outcome of the project's risk and risk responses.
Answer option B is incorrect. This is not the best choice for the question and the project team is
not responsible for risk management, the project manager is.

Q5: Billy is the project manager of the HAR Project and is in month six of the project. The
project is scheduled to last for 18 months. Management asks Billy how often the project team is
participating in risk reassessment in this project. What should Billy tell management if he is
following the best practices for risk management?
A. Project risk management happens at every milestone.

B. Project risk management is scheduled for every month in the 18-month project.
C. Project risk management has been concluded with the project planning.
D. At every status meeting, the project team project risk management is an agenda item.
Risk management is an ongoing project activity. It should be an agenda item at every project
status meeting.
Answer option A is incorrect. Milestones are good times to do reviews, but risk management
should happen frequently.
Answer option B is incorrect. This answer would only be correct if the project has a status
meeting just once per month in the project.
Answer option C is incorrect. Risk management happens throughout the project as does project
planning.
Q6: John works as a project manager for uCertify Inc. He's working on a project with his team
members for completing a project activity. For the activity, the team members notified John that
this activity is most likely to be completed in 15 days. However, in the worst case, it might take
25 days, and if all conditions are favorable, it might be completed in 10 days. What is the PERT
estimate of the activity?
A. 23
B. 16
C. 11
D. 13
Here's the PERT estimate of the activity:

[Optimistic + Pessimistic + 4*(Most Likely)] / 6
[10 + 25 + 4*(15)] / 6. The answer is 15.83; when rounded to the nearest whole number, the
correct answer becomes 16 days.

Q7: You work as a project manager for BlueWell Inc. You would like to utilize the sensitivity
analysis in your project, but management does not understand how this will be displayed. What
type of chart is usually used with the sensitivity analysis to show the relative effect of risks on
the project?
A. Ishikawa chart
B. Force field analysis chart
C. GERT Chart
D. Tornado diagram
A tornado diagram is usually created when using the sensitivity analysis in project management.
variables.
Answer option A is incorrect. An Ishikawa diagram, also known as a cause-and-effect diagram,

is not used as part of the sensitivity analysis.
Answer option B is incorrect. Force field analysis is used in stakeholder analysis to chart forces,
usually stakeholders, which are in favor of the project or opposed to the project.
Answer option C is incorrect. A GERT chart uses branching, loop backs, and project scenarios to

Q8: Which of the following is the process of implementing risk response plans, tracking
identified risks, monitoring residual risk, identifying new risks, and evaluating risk process
effectiveness throughout the project?
A. Control risks
C. Identify risks
monitoring residual risk, identifying new risks, and evaluating risk process effectiveness
throughout the project. It can involve choosing alternative strategies, executing a contingency or
fallback plan, taking corrective action, and modifying the project management plan.
Answer option D is incorrect. This is the process of prioritizing risks for further analysis or
action by accessing and combining their probability of occurrence and impact.
Answer option C is incorrect. This is the process of determining which risks may affect the
project and documenting their characteristics.
Answer option B is incorrect. This is the process of numerically analyzing the effect of identified
Q9: Which of the following risk management methods is the conversion of risk data into risk
decision-making information?
A. Track
B. Identify
C. Analyze
D. Plan
Following are the risk management methods:

 Identify: It identifies and characterizes threats.
 Analyze: It is the conversion of risk data into risk decision-making information.
 Plan: It involves developing actions for addressing individual risks, prioritizing risk
actions, and creating an integrated risk management plan.
 Track: It consists of monitoring the status of risks and the actions taken to enhance them.
 Control: It corrects deviations from planned risk actions.
 Communicate: It is the process of exchanging information and views about risks.

Q10: Risk mitigation involves taking early action to reduce the probability and impact of a risk
occurring on the project. What are the ways of risk mitigation?
A. Eliminating the source of the risk

B. Alter the physical environment
C. Modify the technical environment
D. Add fault tolerance
Explanation: Answer options B, C, and D are correct.
Risk mitigation involves the identification, planning, and conduct of actions aimed at reducing
risk to an acceptable level. Hence risk can be reduced by reducing vulnerabilities, and risk
mitigation is the primary strategy in this process. Risk mitigation is also known as reduction or
treatment.
Vulnerabilities can be reduced by implementing controls or countermeasures. The cost of a

control should not exceed the benefit.
Some ways of risk mitigation are:
 Alter the physical environment: Replacement of hubs with switches. Locate servers in
locked server rooms.
 Change procedures: Implement a backup plan. Store a copy of backup offsite, and test
the backups.
 Train employees: Giving technical training to personnel on how to implement controls.
Train end users on social engineering tactics.
 Modify the technical environment: Increasing security on the firewalls, adding
intrusion detection systems, and keeping antivirus software up to date.
 Add fault tolerance: Using Redundant Array of Independent Disks (RAID) for storing
important data on disks. Using failover clusters to protect servers.
Answer option A is incorrect. One of the methods to manage risk is to simply avoid it. The
primary reason to avoid a risk is that the impact of the risk outweighs the benefit of the asset.
Sometimes, the cost of risk avoidance is more substantial than accepting the risk.
An organization can avoid risk by:
 Eliminating the source of the risk: In this method of risk avoidance, the organization
stops the risky activity. For example, an organization may have a wireless network that is
vulnerable to attacks. The risk could be avoided by removing the wireless network, but
keeping in mind that wireless network should not an important asset in the organization.
 Eliminating the exposure of assets to the risk: The organization can move the asset.
For example, a helpdesk could be at risk because it is located where earthquakes are
common. It could be moved to an earthquake-free zone to eliminate this risk. The cost to
move the helpdesk will be high. However, if the risk is unacceptable then it makes sense
to move it somewhere else.
Q11: Bill is the project manager of the JKH project. He and the project team have identified a
risk event in the project with a high probability of occurrence and the risk event has a high cost
impact on the project. Bill discusses the risk event with Virginia, the primary project customer,
and she decides that the requirements surrounding the risk event should be removed from the
project. The removal of the requirements does affect the project scope, but it can release the
project from the high risk exposure. What risk response has been enacted in this project?
A. Acceptance
B. Mitigation
C. Transference
D. Avoidance
This is an example of the avoidance risk response. As the project plan has been changed to avoid
the risk event, it is considered the avoidance risk response.
Answer option A is incorrect. Acceptance is used when the stakeholders acknowledge the risk
event and they accept that the event could happen and could have an impact on the project.
Acceptance is usually used for risk events that have low risk exposure or risk events in which the
project has no control, such as a pending law or weather threats.
Answer option B is incorrect. Mitigation is involved with the actions to reduce an included risk's
probability and/or impact on the project's objectives. As the risk was removed from the project,
this scenario describes avoidance, not mitigation.
Answer option C is incorrect. Transference is used when the risk is still within the project, but
the ownership and management of the risk event is transferred to a third party - usually for a fee.

Q12: You are the project manager for your organization. You are working with your key
stakeholders in the qualitative risk analysis process. You understand that there is certain bias
towards the risk events in the project that you need to address, manage, and ideally reduce. What
solution does the PMBOK recommend to reduce the influence of bias during qualitative risk
analysis?
A. Involve all stakeholders to vote on the probability and impact of the risk events.
B. Provide iterations of risk analysis for true reflection of a risk probability and impact.
C. Establish the definitions of the levels of probability and impact.
D. Isolate the stakeholders by project phases to determine their risk bias.
The PMBOK recommends establishing definitions of the levels of probability and impact to
reduce the influence of bias. Successful risk assessment needs explicit identification and
management of the risk attitudes of key participants in the qualitative risk analysis process. Here
the risk attitudes bring up biasing into the assessment of identified risks. Attention should be paid
towards evaluating the bias in the risk events and correcting the assessment accordingly.
Answer option A is incorrect. This is not a valid answer for this question.
Answer option B is incorrect. Risk identification should move through iterations. When new
risks are identified, qualitative analysis is often needed.
Answer option D is incorrect. Isolating the stakeholders by their involvement in the project does
not necessarily reduce or address their bias towards the project risk.

Q13: Linda is the project manager of the NAB project. One of the risks her project team has
identified is too dangerous for the project team to manage internally, so she has hired a vendor to
complete this portion of the project and to manage the identified risk. What risk response has
Linda used in this instance?
A. Mitigation
B. Contractual
C. Avoidance
D. Transference
Transference happens when Linda assigns the risk event to a third party. Transference often, as
in this case, includes a contractual relationship.
Answer option C is incorrect. Risk avoidance is a technique used for threats. It creates changes to
the project management plan that are meant to either eliminate the risk completely or to protect
the project objectives from its impact. Risk avoidance removes the risk event entirely either by
adding additional steps to avoid the event or reducing the project scope requirements. It may
seem the answer to all possible risks, but avoiding risks also means losing out on the potential
gains that accepting (retaining) the risk might have allowed.
Answer option A is incorrect. Mitigation is a risk response planning technique associated with
threats that seeks to reduce the probability of occurrence or impact of a risk to below an
acceptable threshold. Risk mitigation involves taking early action to reduce the probability and
impact of a risk occurring on the project. Adopting less complex processes, conducting more
tests, or choosing a more stable supplier are examples of mitigation actions.
Answer option B is incorrect. Contractual is not a valid risk response. While there is often a
contractual risk response through transference, this is not a valid answer.

Q14: Which of the following theories states that there are certain factors in the workplace that
cause job satisfaction, while a separate set of factors cause dissatisfaction?
A. Achievement Theory
B. Expectancy Theory
C. Herzberg's Motivation Theory
D. Hygiene Theory
Herzberg's Motivation Theory (also known as two-factor theory) states that there are certain
factors in the workplace that cause job satisfaction, while a separate set of factors cause
dissatisfaction. It is also often referred to as Herzberg's Motivator-Hygiene theory.
Answer option D is incorrect. Frederick Herzberg came up with the Hygiene Theory, also known
as the Motivation-Hygiene Theory. He postulates that two factors contribute to motivation:
hygiene factors and motivators. Hygiene factors deal with work environment issues. Motivators
deal with the substance of the work itself and the satisfaction one derives from performing the
functions of the job.
Answer option A is incorrect. The Achievement Theory, attributed to David McClelland, says
that people are motivated by the need for three things: achievement, power, and affiliation.
Answer option B is incorrect. The Expectancy Theory, first proposed by Victor Vroom, says that
the expectation of a positive outcome drives motivation.
Q15: For successful and timely completion, a project includes five phases. Which of the
following phases defines internal and external stakeholders who will interact and influence the
overall project outcome?
A. Closing
C. Executing
D. Initiating
The initiating phase defines a new project, or a new phase of an existing project, by obtaining
authorization to start the project or phase. Initiating processes define an initial scope and commit
initial financial resources. These processes also define internal and external stakeholders who
will interact and influence the overall project outcome.
Answer option C is incorrect because the executing phase completes the work defined in the
project management plan to satisfy project specifications.
Answer option B is incorrect because the monitoring and controlling phase tracks, reviews, and
regulates project progress and performance, identifies any areas in which changes to the plan are
required, and initiates any corresponding changes.
Answer option A is incorrect because the closing phase finalizes all activities of all process
groups to formally close the project or phase.
Q16: Mary is the project manager of the PKT project. In Mary's project, there are certain
enterprise environmental factors that require Mary to use modeling and simulation techniques to
predict the likelihood of achieving cost and schedule objectives in the project. Mary is using a
technique for which the cost estimates are chosen at random for each iteration of the analysis,
such as pessimistic, most likely, and worst-case scenarios. What type of analysis is Mary using in
this project?
A. Monte Carlo analysis

B. Qualitative analysis
C. Risk distribution
D. Quantitative analysis
Monte Carlo analysis is a technique that can simulate conditions within the project to predict the
most likely mean of the project's performance. It often provides iterations of analysis on most
likely, pessimistic, and optimistic predictions of the project's events to predict a possible
outcome for the project's time, cost, risk, or completion date.
Answer option B is incorrect. Qualitative analysis is a fast and cost-effective approach to analyze
risk events.
Answer option D is incorrect. Monte Carlo analysis is part of quantitative risk analysis, but this
is not the most specific answer for the question, so it is incorrect.
Answer option C is incorrect. Risk distribution describes the occurrence of risk events within the
project and their probability, impact, and effect on the project's ability to reach project
objectives.

Q17: The only output of the "perform qualitative risk analysis" process are risk register updates.
When a project manager updates a risk register, he'll need to include all of the following except
for which one?
A. Risk scores
B. Risk probability-impact matrix
C. Watchlist of low-priority risks
D. Trends in qualitative risk analysis
The risk matrix is not included as part of the risk register updates. The goal of "perform
qualitative risk analysis" process is to rank risks and determine which need further analysis and,
eventually, risk response plans. The output of this process is project documents updates, which
involves updating the risk register. According to the PMBOK guide, the risk register is updated
with the following information:
 Risk ranking (or priority) for the identified risks
 Risk scores
 Updated probability and impact analysis
 Risk urgency information
 Causes of risk
 List of risks requiring near-term responses
 List of risks that need additional analysis and response
 Watch list of low-priority risks
 Trends in qualitative risk analysis results

Q18: Which of the following is defined as the acceptable variation relative to the achievement of
an objective?
A. Risk tolerance
B. Risk appetite
C. Risk trigger
D. Risk culture
The acceptable variation relative to the achievement of an objective is termed as risk tolerance.
In other words, risk tolerance is the acceptable deviation from the level set by the risk appetite
and business objectives.
Risk tolerance is defined at the enterprise level by the board and clearly communicated to all
stakeholders. A process should be in place to review and approve any exceptions to such
standards.
Answer option B is incorrect. Risk appetite is the amount of risk a company or other entity is
willing to accept in pursuit of its mission. This is the responsibility of the board to decide risk
appetite of an enterprise. When considering the risk appetite levels for the enterprise, the
following two major factors should be taken into account:
etc.
Answer option D is incorrect. Risk culture is made up of a conceptual framework and an

associated unit of experimental results that seek to explain societal conflict over risk.
Components of risk are discussed openly and acceptable levels of risk are understood and
maintained by a setting offered by a risk-aware culture. It begins at the top, with board and
business executives, who set direction, communicate risk-aware decision making, and reward
effective risk management behaviors.
Answer option C is incorrect. It is an indication that a risk has occurred or is about to occur.
Q19: Which of the following are the data gathering and representation techniques of the perform
quantitative risk analysis process?
A. Simulation
B. Decision tree analysis
C. Interviewing
D. Probability distribution
Explanation: Answer options C and D are correct.
Here are the data gathering and representation techniques of the perform quantitative risk
analysis process:
 Interviewing
 Probability distribution
Answer options A and B are incorrect because simulation and decision tree analysis are the
quantitative risk analysis and modeling techniques of the perform quantitative risk analysis
process.

Q20: You work as a project manager for BlueWell Inc. You and your team are using a method
or a (technical) process that conceives the risks even if all theoretically possible safety measures
would be applied. One of your team members wants to know the meaning of residual risk. What
will you reply to your team member?
A. It is a risk that will remain no matter what type of risk response is offered.
B. It is a risk that remains after planned risk responses are taken.
C. It is a risk that remains because no risk response is taken.
D. It is a risk that cannot be addressed by a risk response.

Residual risks are generally smaller risks that remain in the project after larger risks have been
addressed.
Residual risk is the risk or danger of an action or an event, a method or a (technical) process that
still conceives these dangers even if all theoretically possible safety measures would be applied.
The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is
(threats vulnerability).
Answer options D, A, and C are incorrect. These are not valid statements about residual risks.

Q21: Which of the following are components of risk?
A. Positive risk
B. Detection risk
C. Control risk
D. Residual risk
E. Inherent risk
Explanation: Answer options E, D, C, and B are correct.
Following are the various components of risk:
 Inherent risk: The risk level or exposure without applying controls or other management
actions into account is termed as inherent risk.
 Residual risk: The risk that remains after applying controls is termed as residual risk.
 Control risk: The risk that could occur in an area of investigation and could be material
is termed as control risk. It sometimes cannot be prevented, or detected and corrected on
a timely basis by the internal control system.
 Detection risk: The risk that the prescribed substantive testing procedures will not detect
an error and that could be material, individually or in combination with other errors is
termed as detection risk.
Q22: Which of the following documents is described in the statement below?
"It is developed along with all processes of risk management. It contains the results of qualitative
risk analysis, quantitative risk analysis, and risk response planning."
B. Risk register
C. Project charter
D. Quality management plan
risk register. The risk register contains the following elements:

official part of the register. Risk register is developed along with all processes of risk
management from plan risk management through monitor and control risks.
Answer option D is incorrect. A quality management plan is a component of the project

management plan. It describes how the project team will implement their organization's quality
policy.
Answer option A is incorrect. The risk management plan includes roles and responsibilities, risk
analysis definitions, timing for reviews, and risk threshold. The plan risk responses process takes
input from the risk management plan and risk register to define the risk response.
Answer option C is incorrect. The project charter is the document that formally authorizes a
project. The project charter provides the project manager with the authority to apply
organizational resources to project activities.
327
Lesson: Risk management plannin
Q23: You are the program manager for your organization. Management is considering a new
program, but they are worried about the program risks that may affect the program success. You
know that there are three positive risk responses and three negative risk responses that each risk
can have. Management asks you which risk response would be most appropriate for a large risk
event if they wanted to hire a third party to own the risk event for the program. What risk event
is most appropriate?
A. Avoidance
B. Transference
C. Mitigation
D. Sharing
This is an example of the negative risk response of transference. Transference usually involves a
contractual relationship with another entity to own the risk event. For example, a dangerous risk
event could be dealing with electricity, so the risk is transferred to a licensed electrician.
Transference
Answer option C is incorrect. Mitigation involves actions that are taken to eliminate or reduce
the probability or impact of a risk event.
Answer option D is incorrect. Sharing is a positive risk response where two or more parties share
an opportunity in the program or project.
Answer option A is incorrect. Avoidance is when additional activities are taken to avoid a risk
event or things are removed from the scope to avoid the risk event.
Reference: "The Guide to the Project Management Body of Knowledge"

Q24: Which of the following techniques is used to collect data for assessing the probability of
achieving specific project objectives?
A. Interviewing
C. Sensitivity analysis
The interviewing technique is used to collect data for assessing the probability of achieving
specific project objectives. Project team members, stakeholders, and subject-matter experts are
main candidates for risk interviews. They are asked for their experiences on past projects and
about working with the types of technology or processes they will use during the project.
Answer option D is incorrect. The probability distribution includes normal, lognormal,

uncertain events.
Answer option C is incorrect. The sensitivity analysis is the study of how the variation
(uncertainty) in the output of a mathematical model can be apportioned, qualitatively or
quantitatively, to different sources of variation in the input of a model.
Answer option B is incorrect. The decision tree analysis is a risk analysis tool that can help the
project manager determine the best risk response.

Q25: You are the project manager of the GGH project in your company. Your company is
structured as a functional organization and you report to the functional manager that you are
ready to move onto the quantitative risk analysis process. What things will you need as inputs for
quantitative risk analysis of the project in this scenario?
A. Quantitative risk analysis does not happen through the project manager in a functional
structure.
B. You will need the risk register, risk management plan, permission from the functional manager,
and any relevant organizational process assets.
C. You will need the risk register, risk management plan, outputs of qualitative risk analysis, and
any relevant organizational process assets.
D. You will need the risk register, risk management plan, cost management plan, schedule
management plan, enterprise environmental factors, and any relevant organizational process
assets.
Quantitative risk analysis happens through the project manager regardless of the organizational
structure. Quantitative risk analysis is a process to assess the probability of achieving particular
project objectives, to quantify the effect of risks on the whole project objective, and to prioritize
the risks based on the impact to overall project risk. The quantitative risk analysis process
analyzes the effect of a risk event deriving a numerical value. It also presents a quantitative
approach to build decisions in the presence of uncertainty.
Answer options A, C, and B are incorrect. These are not valid answers for this question.

Q26: Which of the following steps of risks decides how a user can protect the project from the
consequences of risks?
A. Assess the potential effects of those risks on the project.
B. Inform key audiences of all risks involved with the project.
C. Monitor the status of the project's risks throughout performance.
D. Develop plans for mitigating the effects of the risks.
Following are the steps to determine, evaluate, and manage the risks that may affect the project:
 Identify risks: This step determines which aspects of plan or project environment may
change.
 Assess the potential effects of those risks on the project: This step considers what can
happen if those aspects do not work out the way a user envisioned.
 Develop plans for mitigating the effects of the risks: This step decides how a user can
protect the project from the consequences of risks.
 Monitor the status of the project's risks throughout performance: This step
determines whether existing risks are still present, whether the likelihood of these risks is
increasing or decreasing, and whether new risks are arising.
 Inform key audiences of all risks involved with the project: This step explains the
status and potential effect of all project risks, i.e., from the initial concept to the project's
completion.
Q27: Virginia is the project manager for her organization. She has hired a subject matter expert
to interview the project stakeholders on certain identified risks within the project. The subject
matter expert will assess the risk event with what specific goal in mind?
A. To determine the bias of the risk event based on each person interviewed
B. To determine the probability and schedule of the risk event
C. To determine the level of probability and impact for each risk event
D. To determine the validity of each risk event
During the risk assessment process, the goal is to determine the level of probability and impact
for each risk event.
Answer option D is incorrect. The validity of each risk event is not a valid result of the risk
probability and assessment technique.
Answer option A is incorrect. The bias towards certain risk events may come to light during the
risk assessment technique, but this is not the primary goal of the process.
Answer option B is incorrect. The probability and impact are determined, not the probability and
schedule during the risk assessment technique.

Q28: Which of the following are the leadership styles?
A. Laissez-faire
B. Situational
C. Legitimate
D. Autocratic
Here are the various leadership styles:
 Autocratic
 Laissez-faire
 Democratic
 Situational
 Transactional and transformational
Answer option C is incorrect. Legitimate is one of the types of power.

Contents: "Stakeholder communication and engagement"
Q29: Which of the following are the processes with the project risk management knowledge
area?

B. Identify risks
C. Plan risk assessment
Explanation: Answer options A, D, and B are correct.
Here are the processes within the project risk management knowledge area:
 Plan risk management
 Identify risks
 Perform qualitative risk analysis
 Perform quantitative risk analysis
 Plan risk responses
 Control risks

Contents: "Project and risk management framework"
Q30: David is manager of the HGF project for his company. He, his project team, and several
key stakeholders have completed risk identification and are ready to move into qualitative risk
analysis. Tracy, a project team member, doesn't understand why they need to complete a
qualitative risk analysis. Which of the following is the best description of qualitative risk
analysis?
A. All risks must pass through quantitative risk analysis before qualitative risk analysis.
B. It's a cost-effective means of establishing probability and impact for project risks.
C. It's a rapid and cost-effective means of establishing priorities for plan risk responses and lays a
foundation for quantitative analysis.
D. It helps segment project risks, create a risk breakdown structure, and create fast and accurate
risk responses.
Of all the choices, this is the most accurate. Qualitative risk analysis is fast and cost-effective,
and it helps establish risk priorities for responses. Qualitative analysis almost always precedes
quantitative analysis.
Qualitative risk analysis uses the likelihood and impact of identified risks in a fast and cost-
effective manner. It establishes a basis for a focused quantitative analysis or risk response plan
by evaluating precedence of risks that could have an impact on project scope, cost, schedule, and
quality objectives. Qualitative risk analysis is conducted at any point in a project life cycle. The
primary goal of qualitative risk analysis is to determine proportion of effect and theoretical
response.
Answer option B is incorrect because, although this statement is true, it doesn't answer the
question fully.
Answer option A is incorrect because quantitative risk analysis happens after qualitative risk
analysis.
Answer option D is incorrect because qualitative risk analysis doesn't segment project risks or
create a risk breakdown structure. It can, however, help identify risk responses.
Q31: Todd is the project manager of the EST project for his company. His organization has
established certain rules in the enterprise environmental factors which affect the approach that
Todd takes in managing his project. One of the rules requires Todd to consider the risk attitude
of the stakeholders participating in risk analysis. Why must risk attitude be considered as a part
of risk analysis?
A. Risk attitude can establish a stakeholder's influence over project decisions.

B. Risk attitude establishes stakeholders as positive or negative stakeholders.
C. Risk attitude identifies stakeholders that are hygiene seekers or motivation seekers.
D. Risk attitude can affect the measurement of probability and impact.
The best answer is that risk attitude must be considered because it can affect the risk probability
and impact. This can incorrectly skew a risk priority in the project.
Answer option B is incorrect. Positive and negative stakeholders are identified based on their
opinion of the project, not of the risks within the project.
Answer option C is incorrect. This option hints at Herzberg's theory of motivation, which is not
relevant to this question.
Answer option A is incorrect. Stakeholders do have some influence over project decisions, but it
is not based solely on risk attitude.

Q32: There are seven risks responses that a project manager can choose from. Which risk
response is appropriate for both positive and negative risk events?
A. Mitigation
B. Acceptance
C. Transference
D. Sharing
Only acceptance is appropriate for both positive and negative risk events. Often sharing is used
for low probability and low impact risk events regardless of the positive or negative effects the
risk event may bring the project.
Answer option D is incorrect. Sharing is a positive risk response that shares an opportunity for
all parties involved in the risk event.
Answer option C is incorrect. Transference is a negative risk event that transfers the risk
ownership to a third party, such as vendor, through a contractual relationship.
Answer option A is incorrect. Mitigation is a negative risk event that seeks to lower the
probability and/or impact of a risk event.

Q33: You work as the project manager for BlueWell Inc. You are monitoring the project
performance. You want to make a decision to change the project plan to eliminate a risk in order
to protect the project objectives. Which of the following strategies will you use to tackle the risk?
A. Risk acceptance
B. Risk transference
C. Risk mitigation
D. Risk avoidance
You are changing the plan to eliminate the risk. You are avoiding risk from occurring. This is an
example of risk avoidance.
Answer option A is incorrect. The acceptance strategy indicates that the project team has decided
not to change the project management plan to deal with a risk.
Answer option B is incorrect. Transference is a strategy to mitigate negative risks or threats. In

this strategy, consequences and ownership of risk is transferred to a third party. This strategy
doesn't eliminate risk but transfers responsibility of its management to another party. Insurance is
an example of transference.
Answer option C is incorrect. Mitigation is a risk response planning technique associated with

Q34: Which of the following steps of risk explains the status and potential effect of all project
risks?
A. Assess the potential effects of those risks on the project.

B. Identify risks.
C. Monitor the status of project risks throughout performance.
D. Inform key audiences of all risks involved with the project
change.
completion.

Q35: John works as a project manager for uCertify Inc. In the project status meeting, he's
discussing the identification of new risks with his team members. In which of the following
processes is the project currently?
A. Plan risk responses

B. Identify risks
C. Control risks
D. Plan risk management
The project is in the control risks process because John is conducting the project status meeting.
Status meetings are held once the project work has already been executed, which indicates only
the control risks process as an option.
throughout the project.

Q36: You are the project manager of the GHY project for your company. You need to complete
a project management process that will be on the lookout for new risks, changing risks, and risks
that are now outdated. Which project management process is responsible for these actions?
A. Control risks
B. Plan risk management
D. Identify risks
Control risks is responsible for identifying new risks, determining the status of risks that may
have changed, and determining which risks may be outdated in the project.
Answer option D is incorrect. Identify risks is a process that identifies risk events in the project.
Answer option B is incorrect. Plan risk management creates the risk management plan and
determines how risks will be identified, analyzed, monitored and controlled, and responded to.
Answer option C is incorrect. Plan risk responses prepare a risk response plan for increasing the
Q37: John works as a project manager for uCertify Inc. He's working on a project and finds that
there are multiple risks that will affect several stakeholder requirements. He needs to prioritize
the list of identified risks as high risk, moderate risk, or low risk. Which of the following tools
and techniques will John use to classify the list of identified risks?
A. Risk data quality assessment

B. Risk urgency assessment
C. Probability and impact matrix
D. Risk probability and impact assessment
John will use the probability and impact matrix tool and technique. The outcome of a probability
and impact matrix is an overall risk rating for each of the project's identified risks. The
combination of probability and impact results in a classification expressed as high, medium, or
low. High risks are considered a red condition, medium risks are considered a yellow condition,
and low risks are considered a green condition.
Answer option D is incorrect. Risk probability refers to the likelihood that a risk will occur, and
impact refers to the effect the risk will have on a project objective if it occurs.
Answer option B is incorrect. Risk urgency assessment is a risk prioritization technique based on
time urgency. For example, a risk going to occur now is more urgent to address than a risk that
might occur a month from now.
Answer option A is incorrect. Risk data quality assessment involves determining the usefulness
of the data gathered to evaluate risk.

Q38: You are the project manager of the GHG project. You are preparing for the quantitative
risk analysis process. You are using organizational process assets to help you complete the
quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize
organizational process assets as a part of the quantitative risk analysis process?
A. You will use organizational process assets for risk databases that may be available from industry
sources.
B. You will use organizational process assets for studies of similar projects by risk specialists.
C. You will use organizational process assets for information from prior similar projects.
D. You will use organizational process assets to determine costs of all risks events within the
current project.
Of all the given choices, this is the most likely answer. Organizational process assets cannot
really tell the costs of all risks events within the current project because each project is slightly
different. While organizational process assets can identify probable risk events and their costs, it
is unlikely that organizational process assets can forecast the costs of all risk events within a
given project.
Answer options C, B, and A are incorrect. These are true statements about organizational process
assets, so these are not valid answers for this question.

Q39: You are the project manager for the NHH project. You are working with your project team
to examine the project from four different defined perspectives to increase the breadth of
identified risks by including internally generated risks. What risk identification approach are you
using in this example?
A. Root cause analysis

B. SWOT analysis
C. Assumptions analysis
D. Influence diagramming techniques
This is an example of SWOT analysis. SWOT analysis examines the strengths, weaknesses,
opportunities, and threats within the project and generated from within the organization.
SWOT stands for Strengths, Weaknesses, Opportunities, and Threats. It is a part of business
policy that helps an individual or a company to make decisions. It includes the strategies to build
the strength of a company and use the opportunities to make the company successful. It also
includes the strategies to overcome the weaknesses of and threats to the company.
Answer option C is incorrect. Assumptions analysis does not use four pre-defined perspectives
for review.
Answer option A is incorrect. Root cause analysis examines causal factors for events within the
project.
Answer option D is incorrect. Influence diagramming techniques examines the relationships

between things and events within the project.
Q40: Mary is a project manager in her organization. On her current project, she is working with
her project team and other key stakeholders to identify risks within the project. She is currently
aiming to create a comprehensive list of project risks, so she is using a facilitator to help generate
ideas about project risks. What identify risks method is Mary likely using?
A. Checklist analysis
B. Expert judgment
C. Delphi technique
D. Brainstorming
Mary is using brainstorming in this example. Brainstorming attempts to create a comprehensive

list of risks and often is led by a moderator or facilitator to move the process along.
Brainstorming is a technique to gather general data. It can be used to identify risks, ideas, or
solutions to issues by using a group of team members or subject matter expert. Brainstorming is
a group creativity technique that also provides other benefits, such as boosting morale, enhancing
work enjoyment, and improving team work.
Answer option A is incorrect. Checklist analysis uses historical information and information
from similar projects within the organization's experience.
Answer option C is incorrect. The delphi technique uses rounds of anonymous surveys to
generate a consensus on the identified risks.
Answer option B is incorrect. Expert judgment is not the best answer for this; projects experts
generally do the risk identification, in addition to the project team.

Q41: Risk acceptance is a response strategy appropriate for both positive and negative risks.
What is an example of risk acceptance?
A. Developing a contingency plan or fallback plan

B. Eliminating the source of the risk
C. Eliminating the exposure of assets to the risk
D. Outsourcing the activity
Risk acceptance is a response strategy appropriate for both positive and negative risks. It entails
taking no immediate action until the risk occurs. An organization can accept risk by:
Developing a contingency plan or fallback plan: A contingency plan or fallback plan may be
developed for risks that are planned to accept.
Answer options B and C are incorrect. One of the methods to manage risk is to simply avoid it.
The primary reason to avoid a risk is that the impact of the risk outweighs the benefit of the
asset. Sometimes, the cost of risk avoidance is more substantial than accepting the risk.
Answer option D is incorrect. In this method of risk management, transfer of risk to another
entity is done, i.e., shifting responsibility to another party. This is most commonly done by
purchasing insurance. It can also be done by outsourcing the activity.
Some ways of risk transfer:
 Insurance: Purchasing of insurance is done to protect the company from a loss. If a loss
occurs, the insurance covers it. Many types of insurance are available, including fire
insurance.
 Outsourcing the activity: The company hires an outsider to manage risks. For example,
a company may want to host a Web site on the Internet. The company can host the Web
site with a Web hosting provider. The company and the provider can agree on who
assumes responsibility for security, backups, and availability.
Q42: Which of the following is concerned with the expected value of one or more results of one
or more future events in a project?
A. Project risk
B. Risk communication
C. Project issue
D. Risk governance
Project risk is concerned with expected value of one or more results of one or more future project
events. It's an uncertain condition that, if it occurs, has an effect on at least one project objective.
Objectives can be scope, schedule, cost, or quality. Project risk is always projected into the
future.
Answer option D is incorrect. It is concerned with the translation of matter and foundation
principles of governance to the perspective of risk and risk-related decision-making.
Answer option C is incorrect. Project issue is a problem related to a project that is about to occur
or is currently occurring. It should be resolved as soon as possible, otherwise it will have
detrimental effects on the project. It is a problem that is causing a project problem now and needs
an action plan to be resolved.
Answer option B is incorrect. It is the process of exchanging information and views about risks
among stakeholders, such as groups, individuals, and institutions.
Q43: Lisa is the project manager of the FKN project for her organization. She is working with
Sam, the CIO, to discuss a discount the vendor has offered the project based on the amount of
materials that is ordered. Lisa and Sam review the offer and agree that while their project may
qualify for the discounted materials, the savings is nominal and they would not necessarily
pursue the savings. Lisa documents this positive risk response in the risk register. What risk
response is this?
A. Transference
B. Acceptance
C. Enhance
D. Share
Acceptance is a risk response for both positive and negative risks. In this instance, Lisa and Sam
will allow the discount to happen, but they would not pursue the discount by ordering more
materials than what the project needs.
Answer option A is incorrect. Transference is a strategy to mitigate negative risks or threats. In

Answer option C is incorrect. Enhance happens when the project manager manages the
conditions of the project and tries to make a positive risk event occur.Risk enhancement raises
the probability of an opportunity to take place by focusing on the trigger conditions of the
opportunity and optimizing the chances. Identifying and maximizing input drivers of these
positive-impact risks may raise the probability of their occurrence.
Answer option D is incorrect. Sharing happens through partnerships, joint ventures, and teaming
agreements. Sharing response is where two or more entities share a positive risk. Risk sharing
deals with sharing of responsibility and accountability with others to facilitate the team with the
best chance of seizing the opportunity. Teaming agreements are good example of sharing the
reward that comes from the risk of the opportunity.

Q44: John works as a project manager for uCertify Inc. He has just developed the contingency
response strategy and plans. The project is currently in which of the following project risk
management processes?

In the plan risk responses process, contingency response strategy and plans are created and added
to the risk register.
Contingency reserves also called buffers or time reserves in the PMBOK guide; means a portion
of time added to the schedule to account for risk or uncertainty. Contingency reserves are
calculated for known risks that have documented contingency or mitigation response plans to
deal with the risk event should it occur, but you don't necessarily know how much time it will
take to implement the mitigation plan and potentially perform rework.
Q45: Mark works as a project manager of the NNH project. In this project, he has created a
contingency response that the cost performance index should be less than 0.91. The NHH project
has a budget at completion of $950,000 and is 43 percent complete though the project should be
50 percent complete. The project has spent $470,897 to reach the 43 percent complete milestone.
What is the project's cost performance index?
A. 0.95
B. 0.87
C. 0.91
D. 0.80
The cost performance index is found by dividing the earned value by the actual costs. In this
example, it is:
CPI = 408,500/470,897
= 0.87(approx)

Q46: Which of the following processes must be repeated after plan risk responses, as well as part
of the monitor and control risks, to determine if the overall project risk has been satisfactorily
decreased?
A. Risk limitation
B. Identify risk
Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on
overall project objectives. This process generally follows the qualitative risk analysis process. It
is performed on risks that have been prioritized by the qualitative risk analysis process as
potentially and substantially impacting the project's competing demands. The quantitative risk
analysis process should be repeated after plan risk responses, as well as part of monitor and
control risks, to determine if the overall project risk has been decreased.
Answer option C is incorrect. Perform qualitative risk analysis is the process of prioritizing risks
Answer option B is incorrect. This is the process of determining which risks may affect the
project, and documenting their characteristics.
Answer option A is incorrect. Risk limitation is the method used to restrict the risk by
implementing controls, which decreases the unfavorable impact of a threat that would exercise a
threat. When a risk assessment is completed then the risk limitation process must be worked out.
Through establishing risk levels, identifying threats, and selecting reasonable and prudent
controls, management is limiting risk exposure.

Q47: Frank is the project manager of the NHL project for his company and he is starting the risk
identification process for the project. Frank needs to ensure that the correct stakeholders are
interviewed as part of risk identification. What document will help Frank communicate and
solicit inputs of the project stakeholders during risk identification?
A. Risk register
B. Project charter
C. Requirements management plan
D. Stakeholder register
The stakeholder register is the primary document that Frank should use to contact and involve all
of the project stakeholders.
Answer option A is incorrect. The risk register is an output of the identify risks process.
Answer option B is incorrect. The project charter authorizes Frank, the project manager, and it is
not the best choice for identifying and contacting the project stakeholders.
Answer option C is incorrect. The requirements management plan will not help Frank to
communicate with the project stakeholders as directly as the stakeholder register.

Q48: Fill in the blank with the appropriate documenting technique.
______________includes all project data, probability, impact, and risk level as well as other crucial,
detailed project information.
Explanation: Risk register is one of the documentation techniques that focus heavily on risks.
Risk register includes all project data, probability, impact, and risk level as well as other crucial,
detailed project information. It can be detailed in project management software or platform, a
spreadsheet, or even in word processing format. The outputs for risk register are either
maintained in hard copy or electronic copy format.

Q49: Which of the following is a review of the effectiveness of the risk responses, as well as of
the risk management process?
A. Variance analysis
C. Risk assessment
D. Risk audit
Risk audit is a method to test the overall risk management process and the planned risk
responses. It is a review of the effectiveness of the risk responses in dealing with identified risks
and their root causes, as well as the effectiveness of the risk management process. Risk audits are
carried out during the entire life of the project by risk auditors.
Answer option C is incorrect. Risk assessment is used to analyze the value of assets to the
business, identify threats to those assets, and evaluate how vulnerable each asset is to those
threats. Risk assessment can be quantitative or qualitative.
Answer option A is incorrect. Variance analysis is used to gauge how closely a project adheres to
the scope, time, and cost estimates made during the planning phase.
Answer option B is incorrect. Technical performance measurement compares actual versus

planned parameters related to the overall technical progress of the project.

Q50: Which of the following are the outputs of the control stakeholder engagement process?
A. Work performance data

B. Work performance information
C. Change request
D. Project documents
Explanation: Answer options B and C are correct.
Here are the outputs of the control stakeholder engagement process:
 Work performance information

 Change request
 Project management plan updates
 Project documents updates
 Organizational process assets updates
Answer options D and A are incorrect because project documents and work performance data are
the inputs of the control stakeholder engagement process.

Q51: You are project manager for the ABD project. You, with your team, are working on the
following activities:
 Probabilistic analysis of a project.

 Probability of achieving cost and time objectives.
 Trends in quantitative risk analysis results.
Which of the following processes are you working in?
A. Identify risks
Explanation: Answer C is correct.
Perform quantitative risk analysis is the process of numerically analyzing the effect of identified
risks on overall project objectives. This process generally follows the qualitative risk analysis
process. It is performed on risks that have been prioritized by the qualitative risk analysis process
as potentially and substantially impacting the project's competing demands. The quantitative risk
control risks, to determine if the overall project risk has been decreased. The following activities
are a part of the perform quantitative risk analysis process:
 Probabilistic analysis of a project.

 Probability of achieving cost and time objectives.
 Prioritized list of quantified risks.
 Trends in quantitative risk analysis results.
Answers D, B, and A are incorrect. The activities given in the question are not parts of these
processes.
Q52: The identify risks process determines the risks that affect the project and document their
characteristics. Why should the project team members be involved in the identify risks process?
A. They are the individuals that are most affected by the risk events.
B. They are the individuals that will need a sense of ownership and responsibility for the risk
events.
C. They are the individuals that will most likely cause and respond to the risk events.
D. They are the individuals that will have the best responses for identified risk events within the
project.
The project team members should be involved in the risk identification so that they will develop
a sense of ownership and responsibility for the risk events and the associated risk responses.
Identify risks is the process of determining which risks may affect the project. It also documents
risks' characteristics. It is part of the project risk management knowledge area. As new risks may
evolve or become known as the project progresses through its life cycle, identify risks is an
iterative process. The process should involve the project team so that they can develop and
maintain a sense of ownership and responsibility for the risks and associated risk response
actions. Risk register is the only output of this process.
Answer options A, D, and C are incorrect. These are not the valid answers for this question.

Q53: You are the project manager for the ABC organization. Your current project has 75 internal
stakeholders and 245 external stakeholders. Many of the risks within your project will only affect
internal stakeholders, but several of the identified risk events will affect external stakeholders.
Management would like to know the total number of communication channels in the project.
How many communication channels exist in this project?
A. 51,040
B. 245
C. 320
D. 102,080
To find the communication channels, use the formula n (n-1)/2, where n represents the number
of stakeholders.
Total stakeholders (n) = number of internal stakeholder + number external stakeholder
= 75 + 245
= 320
Total number of communication channels = n x (n-1) / 2
= 320 x (320 - 1) / 2
= (320 x 319)/2
= 102080 / 2
= 51040
The total number of communication channels affects the risk management planning and
communication of risk events. Communication channels are paths of communication with
stakeholders in a project. The number of communication channels shows the complexity of a
project's communication.
Answer C is incorrect because 320 is the total number of stakeholders.
Answer B is incorrect because 245 is the total number of external stakeholders.
Answer D is incorrect because 102,080 is only part of the communications channels formula: n
(n-1). To complete the formula, you have to divide the answer by two.
291
Q54: Rex is the project manager of the BDF project. This project will last for two years and has
a budget of $2,345,000. Management has instructed Rex that the project must not go over
budget, as funds are very tight in the organization. During the project planning, Rex and the
project team discover a positive risk event to save $75,000. Rex wants to make certain that this
risk event happens, so which risk response method is most appropriate?
A. Exploit
B. Mitigation
C. Enhance
D. Share
The exploit positive risk response allows Rex to take actions within the project to ensure that the
risk event does happen. The exploit response tries to eliminate uncertainty surrounding the
positive risk event and promote the probability of the risk event.
Answer option D is incorrect. Share allows the risk event to be shared with any entity, such as
through a teaming agreement or partnership.
Answer option C is incorrect. Enhance tries to increase the probability and/or impact of the
opportunity.
Answer option B is incorrect. Mitigation is a negative risk response to reduce the probability
and/or impact of a risk event.

Q55: In which type of organizational authority does the project manager have the highest level
of control over the project?
A. Strong matrix
B. Functional
C. Projectized
D. Weak Matrix
In a projectized organizational structure, a project manager enjoys a high level of autonomy and
responsibility for projects. They usually work full time on projects and have a full time
administrative staff to expedite project delivery.
Answer option B is incorrect. A functional organization represents a hierarchy where every

member has one leader, and the employees are grouped by the area of expertise like engineering,
accounting, production, marketing, etc., at the top level. A hierarchy represents an arrangement
where a leader leads other individual members of the organization. Every department in a
functional organization performs its duties independent of other departments.
Answer option A is incorrect. This organizational structure equates to a strong project manager.
Answer option D is incorrect. In this organizational structure, the project team may come from
different departments but the project manager reports directly to the functional manager.
Q56: John works as a project manager for uCertify Inc. He's working on a project and has
identified multiple issues along with their causes. He wants to demonstrate the causes and effects
of the risk to his team members in a meeting. Which of the following tools and techniques will
John use to accomplish the task?
A. Decision tree analysis
B. Process flow chart
C. lshikawa diagram
D. Pareto diagram
John will use the Ishikawa diagram, which shows the relationship between the effects of
problems and their causes. This diagram depicts every potential cause and subcause of a problem
and the effect that each proposed solution will have on the problem. This diagram is also called a
fishbone diagram.
Answer option D is incorrect. The Pareto diagram is displayed as histogram that rank-order the
time.
Answer option B is incorrect. A process flow chart shows the logical steps needed to accomplish
an objective, how the elements of a system relate to each other, and what actions cause what
responses.
Answer option A is incorrect. Decision tree analysis is used when there are multiple possible
outcomes with different threats or opportunities with certain probabilities assigned to them.

Q57: John is the project manager of project for a client. The client has promised him that if the
project is completed early, the company will get a bonus. After studying the project work, John
decided to crash the project in order to realize the early end date of the project. This is an
example of what type of risk response?
Negative risk response, as crashing will add risks
Negative risk response, as crashing will add costs
Positive risk response, as crashing is an example of exploiting
Positive risk response, as crashing is an example of enhancing
This is a positive risk response, as crashing is an example of enhancing. You are enhancing the
probability of finishing the project early to realize the reward of bonus. Enhancing doesn't ensure
positive risks, but it does increase the likelihood of the event.
Answer option B is incorrect. Crashing does add costs, but in this instance, crashing is an
example of the positive risk response of enhancing.
Answer option A is incorrect. Crashing is a positive risk response. Generally, crashing doesn't
add risks and is often confused with other predominant schedule compression techniques of fast
tracking which does add risks.
Answer option C is incorrect. This is not an example of exploiting. Exploiting is an action to take
advantage of a positive risk response that will happen.

Q58: A part of a project deals with the hardware work. As a project manager, you've decided to
hire a company to deal with all hardware work on the project. Which type of risk response is
this?
A. Transference
B. Mitigation
C. Exploit
D. Avoidance
When you hire a third party to own the risk, it is known as transference risk response.
Answer option B is incorrect. The act of spending money to reduce a risk probability and impact
is known as mitigation.
Answer option C is incorrect. Exploit is a strategy that may be selected for risks with positive
impacts where the organization wishes to ensure that the opportunity is realized.
Answer option D is incorrect. When extra activities are introduced into the project to avoid the
risk, this is an example of avoidance.
345
Q59: Which PMO (project management office) organizational type have a low degree of control
and influence within an organization?
A. Directive
B. Supportive
C. Controlling
D. Functioning
The PMO (project management office) is a centralized organizational unit that oversees the
management of projects and programs throughout the organization. Here are the PMO
organizational types:
Level of
PMO type Role
control
Supportive Consulting: templates project repository Low
Compliance: Project management framework conformance to
Controlling Moderate
methodologies
Directive Controlling: PMO manages projects High

Q60: Which of the following is the amount of budget planned to be used at a given point in the
project?
A. Planned value
B. Earned value
C. Budget at completion
D. Actual cost
The key terms that should be understood to calculate earned value technique are as follows:
 Earned value (EV): It is the value of work performed.

 Planned value (PV): It is the amount of budget planned to be used at a given point in the
project.
 Actual cost (AC): It is the actual cost of the project to date.
 Budget at completion (BAC): It is an expression of the total budget for the project.

Q61: You are the project manager for the GHY project and are working to create a risk response
for a negative risk. You and your project team have identified the risk that the project may not
complete on time, as required by the management, due to the creation of the user guide for the
software you're creating. You have elected to hire an external writer in order to satisfy the
requirements and to alleviate the risk event. What type of risk response have you elected to use
in this instance?
A. Sharing
B. Transference
C. Avoidance
D. Exploiting
This is an example of transference, as you have transferred the risk to a third party. Mostly
transference is done with a negative risk event and it usually requires a contractual relationship.
Transference
Answer option C is incorrect. When extra activities are introduced into the project to avoid the
Answer option A is incorrect. Sharing is a positive risk response, such as receiving a discount for
a purchase if the quantity, you're purchasing, is large enough. In this instance, you might share
the risk with another project that also needs the item you're purchasing so you can both seize the
opportunity. The sharing risk response can also describe a teaming agreement or short-term
partnership between two entities to capture an opportunity.
Answer option D is incorrect. Exploiting is a positive risk response that takes advantage of an
opportunity, such as selling a byproduct, an opportunity in a market window, or other risk that
can be profitable, offer a time-savings, or reduce costs.
345
Q62: You are working with your project stakeholders to identify risks within JKP Project. You
want to use an approach to engage stakeholders to increase the breadth of identified risks by
including internally generated risks. Which identify risks approach is best suited for this goal?
A. Assumptions analysis
B. Brainstorming
C. SWOT analysis
D. Delphi technique
SWOT analysis examines the strengths, weaknesses, opportunities, and threats of the
organization and how it affects the project's ability to achieve its objectives. As in the above
scenario, SWOT analysis is used to increase the breadth of identified risks by including
internally generated risks.
SWOT stands for Strengths, Weaknesses, Opportunities, and Threats. It is a part of business
policy that helps an individual or a company to make decisions. It includes the strategies to build
the strength of a company and use the opportunities to make the company successful. It also
includes the strategies to overcome the weaknesses of and threats to the company.
Answer option D is incorrect. Delphi technique uses rounds of anonymous surveys to generate a
consensus on project risks.
Answer option A is incorrect. Assumptions analysis is an information gathering technique of the

identify risks process. It is based on the set of hypothesis and scenarios.
Answer option B is incorrect. Brainstorming aims at creating a broad listing of all identified
risks.

Q63: You work as a project manager for BlueWell Inc. You are about to complete the
quantitative risk analysis process for your project. You can use three available tools and
techniques to complete this process. Which one of the following is NOT a tool or technique that
is appropriate for the quantitative risk analysis process?
A. Organizational process asset

B. Data gathering and representation techniques
C. Quantitative risk analysis and modeling techniques
D. Expert judgment
Organizational process asset is not a tool and technique, but an input to the quantitative risk
analysis process. Quantitative risk analysis is a process to assess the probability of achieving
particular project objectives, to quantify the effect of risks on the whole project objective, and to
prioritize the risks based on the impact to overall project risk. The quantitative risk analysis
process analyzes the effect of a risk event deriving a numerical value. It also presents a
quantitative approach to build decisions in the presence of uncertainty.
Answer option B is incorrect. Data gathering and representation technique is a tool and technique
for the quantitative risk analysis process.
Answer option C is incorrect. Quantitative risk analysis and modeling techniques is a tool and
technique for the quantitative risk analysis process.
Answer option D is incorrect. Expert judgment is a tool and technique for the quantitative risk
analysis process.

Q64: Risk analysis is used in risk management to clarify the threats that are relevant to the
operational processes and to identify the risks. Which of the following are the various types of
risk analysis?
A. Quantitative
B. Qualitative
C. Internal
D. External
Risk analysis is used in risk management to clarify the threats that are relevant to the operational
processes and to identify the risks. The types of risk analysis are as follows:
1. Qualitative risk analysis

2. Quantitative risk analysis
Q65: When does the identify risks process take place in a project?
A. At the initiating stage

B. At the planning stage
C. At the executing stage
D. Throughout the project life cycle
Answers A, B, and C are incorrect. The identify risks process takes place at all the stages of a
project.
Q66: Which of the following is the process that involves determining the communication needs
of stakeholders by defining the types of information needed, the format for communicating the
information, how often it's distributed, and who prepares it?
A. Manage communications
B. Project communication
C. Control communications
D. Plan communications management
The plan communications management process involves determining the communication needs
of stakeholders by defining the types of information needed, the format for communicating the
information, how often it's distributed, and who prepares it. All of this is documented in the
communications management plan, which is an output of this process.
Answer option A is incorrect. The manage communications process is concerned with gathering,
creating, storing, distributing, retrieving, and disposing of project communications. One of the
primary functions of this process is distributing information about the project to stakeholders in a
timely manner. This can come about in several ways: status reports, project meetings, review
meetings, and so on. Status reports inform stakeholders about where the project is today in
regard to project schedule and budget, for example. They also describe what the project team has
accomplished to date. This might include milestones completed to date, the percentage of
schedule completion, and what remains to be completed. The manage communications process
describes how this report and other information are distributed and to whom.
In the manage communications process, the communications management plan that was defined
during the Plan Communication Management process is put into action. This plan is a subsidiary
of the project management plan, which is an input to this process.
Answer option C is incorrect. Control communications is the process that monitors and controls
communications throughout the life of the project. Control communications is part of the project
communications management knowledge area. This knowledge area is concerned with
collecting, distributing, storing, archiving, and organizing project communications. Therefore, it
plays a key role in collecting information regarding project progress and project
accomplishments and reporting it to stakeholders. This information might also be reported to
project team members, the management team, and other interested parties through the monitor
and control project work process. Reporting might include information concerning project
quality, costs, scope, project schedules, procurement, and risk, and it can be presented in the
form of status reports, progress measurements, or forecasts. As with other processes in the
monitoring and controlling process group, control communications may produce changes that
will require a trip back through plan communications management and/or the manage
communications process.
Answer option B is incorrect. Communication is a process in which information is passed from

one person to another. A manager asks his subordinates to accomplish the task assigned to them.
He should successfully pass the information to his subordinates. It is a means of motivating and
guiding the employees of an enterprise.
Q67: Which of the following is used for discovering high-impact risk types?
A. Failure mode and effects analysis

B. Delphi technique
Failure mode and effects analysis is used in discovering high-impact risk types. It is one of the
tools used within the six sigma methodology to design and implement a robust process to:
 Identify failure modes

 Establish a risk priority so that corrective actions can be put in place to address and
reduce the risk
Answer options D and C are incorrect. These two are the methods of analyzing risk, but not
specifically for high-impact risk types. Hence, these are not the best answers.
Answer option B is incorrect. Delphi is a technique to identify potential risk. In this technique,
the responses are gathered via a questionnaire from different experts and their inputs are
organized according to their contents. The collected responses are sent back to these experts for
further input, addition, and comments. The final list of risks in the project is prepared after that.
The participants in this technique are anonymous and therefore it helps prevent a person from
unduly influencing the others in the group. The Delphi technique helps in reaching the consensus
quickly.
Q68: What type of organization structure allows the project manager to have almost total control
over the project decisions?
A. Projectized
B. Balanced Matrix
C. Functional
D. Strong Matrix
A projectized structure allows the project manager to have high to almost total control over the
project team.
Answer option C is incorrect. A functional structure gives the project manager very little power
over project decisions. The functional manager has autonomy over project decisions.
Answer option B is incorrect. A project manager in a balanced matrix shares power with
functional management.
Answer option D is incorrect. A strong matrix gives more power to the project manager, but the
project manager must still share some decisions with functional management.
there are multiple risks that will affect several stakeholder requirements. Which of the following
will he use to share all information on the project risks to stakeholders?
A. Procurement management plan

B. Communications management plan
D. Stakeholder management plan
John will use the communications management plan for sharing all information on the project
risks to stakeholders. It is a document that contains all information required by stakeholders. It
involves planning for all the communications with project stakeholders. It also documents when
and how the information should be distributed. It describes the information delivery needs, its
format, and level of detail.
Answer option C is incorrect because the risk management plan is a document arranged by a
project manager to estimate the effectiveness, predict risks, and build response plans to mitigate
them.
Answer option A is incorrect because the procurement management plan defines more than just
the procurement of team members, if needed. It defines how procurements will be planned and
executed, and how the organization and the vendor will fulfill the terms of the contract.
Answer option D is incorrect because the stakeholder management plan identifies the
management strategies required to engage stakeholders.

Q70: Della works as a project manager for uCertify Inc. She is prioritizing the risks for more
analysis by evaluating and joining their probability of occurrence and impact. Which of the
following tools and techniques will Della use to accomplish the task?
A. Risk categorization
B. Risk data quality assessment
C. Risk probability and impact assessment
D. Data gathering and representation technique
Explanation: Answer options C, B, and A are correct.
Della is using the qualitative risk analysis process to prioritize the risks for more analysis by
evaluating and joining their probability of occurrence and impact.
urgent to address.
Answer option D is incorrect. Data gathering and representation technique is used in the
quantitative risk analysis process.

Q71: Your project has several risks that may cause serious financial impact should they happen.
You have studied the risk events and made some potential risk responses for the risk events, but
management wants you to do more. They would like you to create some type of a chart that
identifies the risk probability and impact with a financial amount for each risk event. What is the
likely outcome of creating this type of chart?
A. Contingency reserve
B. Quantitative analysis
C. Risk response plan
D. Risk response
This chart is a probability-impact matrix in a qualitative analysis process. The probability and
financial impact of each risk is learned through research, testing, and subject matter experts. The
probability of the event is multiplied by the financial impact to create a risk event value for each
risk. The sum of the risk event values will lead to the contingency reserve for the project.
Answer D is incorrect because, although risk responses are needed, this chart doesn't help the
project manager create them.
Answer C is incorrect because the risk response plan is based on risk responses, not the risk
probability-impact matrix.
Answer B is incorrect because this chart is created as part of qualitative analysis.

Q72: What is the three-point estimate of an activity with a pessimistic estimate of 28, an
optimistic estimate of 15 and a most likely estimate of 19?
A. 13
B. 19
C. 20
D. 21
Here's the three-point estimate of an activity:

correct answer becomes 20.

Q73: Harry is the project manager of the MMQ construction project. In this project, Harry has
identified a supplier who can create stained glass windows for 1,000 window units in the
construction project. The supplier is an artist who works by himself, but creates windows for
several companies throughout the United States. Management reviews the proposal to use this
supplier and while they agree that the supplier is talented, they do not think the artist can fulfill
the 1,000 window units in time for the project's deadline. Management asked Harry to find a
supplier who can fulfill the completion of the windows by the needed date in the schedule. What
risk response has management asked Harry to implement?
A. Avoidance
B. Mitigation
C. Transference
D. Acceptance
This is an example of mitigation. By changing to a more reliable supplier, Harry is reducing the
probability the supplier will be late. It's still possible that the vendor may not be able to deliver
the stained glass windows, but the more reputable supplier reduces the probability of the
lateness.
Answer option C is incorrect. Transference is when the risk is transferred to a third party, usually
for a fee. While this question does include a contractual relationship, the risk is the lateness of
the windows. Transference focuses on transferring the risk to a third party to manage the risk
event. In this instance, the management of the risk is owned by a third party; the third party
actually creates the risk event because of the possibility of the lateness of the windows.
Answer option A is incorrect. Avoidance changes the project plan to avoid the risk. If the project
manager and management changed the window-type to a standard window in the project
requirements, then this would be avoidance. Risk avoidance is a technique used for threats. It
creates changes to the project management plan that are meant to either eliminate the risk
completely or to protect the project objectives from its impact. Risk avoidance removes the risk
event entirely either by adding additional steps to avoid the event or reducing the project scope
requirements. It may seem the answer to all possible risks, but avoiding risks also means losing
out on the potential gains that accepting (retaining) the risk might have allowed.
Answer option D is incorrect. Acceptance accepts the risk that the windows could be late and
offers no response.
Q74: You are the project manager of a large construction project. Part of the project involves the
wiring of the electricity in the building your project is creating. You and the project team
determine the electrical work is too dangerous to perform yourself, so you hire an electrician to
perform the work for the project. This is an example of what type of risk response?
A. Acceptance
B. Transference
C. Mitigation
D. Avoidance
Whenever the risk is transferred to someone else, it is an example of the transference risk
response. Transference usually has a fee attached to the service provider that will own the risk
event.
Transference
Answer option C is incorrect. Mitigations are activities to reduce the probability and/or impact of
a risk event.
Answer option A is incorrect. Acceptance is when the risk event is accepted and allowed to
happen. This response is typical for smaller risk events.
Answer option D is incorrect. Avoidance is action to avoid the risk event. This example is not
avoidance because the danger of electricity does not go away, as the electrician now owns the
risk event.
344
Q75: Which of the following is the measure of schedule efficiency on a project?

A. EAC
B. CPI
C. SPI
D. SV
Schedule performance index (SPI) is the measure of project schedule efficiency. It s used in
trend analysis to predict future performance. SPI is the ratio of earned value to planned value and
is calculated using the formula:
SPI = Earned value (EV) / Planned value (PV)
If the SPI is greater than 1, performance is better than expected; if less than 1, it's poorer than
expected. An SPI of 1 indicates the project is right on target.
Answer option A is incorrect. Estimate at completion (EAC) is an estimate of the total cost for
the project, utilizing current project performance and work that still needs to be completed. The
formula used to calculate this estimate is as follows:
Answer option B is incorrect. It is used to calculate performance efficiencies.
Answer option D is incorrect. It is a measure of schedule performance on a project.

Q76: Which of the following risk response strategies for negative risks requires shifting some or
all of the negative effects of a threat including the ownership of response, to a third party?
A. Avoid
B. Accept
C. Mitigate
D. Transfer
The risk response strategies for negative risks are:
 Avoid: It involves altering the project management plan to remove the threats
completely.
 Transfer: It requires shifting some or all of the negative effects of a threat including the
ownership of response, to a third party.
 Mitigate: It implies a drop in the probability and impact of an unfavorable risk event to
be within suitable threshold limits.
 Accept: It delineates that the project plan will not be changed to deal with the risk.
Management may develop a contingency plan if the risk occurs. It is used for both
negative and positive risks.

Q77: You are the project manager of the GHY project for your company. You have completed
risk response planning with your project team. You now need to update the WBS. Why would
the project manager need to update the WBS after the risk response planning process? Choose
the best answer.
A. Because of work that was omitted during the WBS creation

B. Because of risks associated with work packages
C. Because of risk responses that are now activities
D. Because of new work generated by the risk responses
Risk responses can generate new work that needs to be reflected in the WBS. So, the WBS needs
to be updated to reflect the changes that occurred.
Answer option A is incorrect. Errors and omissions in requirements can cause the WBS to be
updated to reflect these missing requirements, but this is not the best choice for the question.
Answer option B is incorrect. Risks are documented in the risk register, not in the WBS.
Answer option C is incorrect. Risk responses that become activities are added to the risk
register's risks, the risk response plan, and the activities list - not the WBS.

the project is not running according to project plans. He needs to examine the existing project
plans for determining whether they were consistent with the project requirements. Which of the
following techniques will John use to accomplish the task?
A. Brainstorming
B. Checklist analysis
C. Process flow chart
D. Documentation reviews
John will use the documentation reviews technique. It involves reviewing project plans,
assumptions, procurement documents, and historical information from previous projects from
both a total project perspective and an individual deliverables and activities level. This technique
helps the project team identify risks associated with the project objectives.
Answer option C is incorrect. A process flow chart shows the logical steps needed to accomplish
responses.
Answer option A is incorrect. Brainstorming involves getting subject matter experts, team
members, risk management team members, and anyone else who might benefit the process in a
room and asking them to start identifying possible risk events.
Answer option B is incorrect. Checklist analysis is an organized approach built on the past
knowledge incorporated in checklist questions. It is used for high-level or comprehensive
analysis, as well as for root cause analysis.

Q79: Your organization has a project that is expected to last 20 months, but the customer would
really like the project completed in 18 months. You have worked on similar projects in the past
and believe that you could fast track the project and reach the 18-month deadline. What increases
when you fast track a project?
A. Resources
B. Communication
C. Risks
D. Costs
Fast tracking allows phases of a project to overlap and this increases risks within the project.
Fast-tracking is a technique frequently used to compress a project's schedule. It's often the most
effective way to shorten project duration. You fast-track a project by rescheduling tasks
originally scheduled to run in sequence to run in parallel. This technique shortens the project
schedule without reducing its scope or compromising its quality.
The problem with fast-tracking is that there's no "free lunch." Additional resources—even
"seasoned" ones—pulled in to take on the parallel tasks might make mistakes, skip crucial steps,
or make assumptions because results from the required parallel step were as yet unavailable. If
something goes wrong, your schedule could slip or its quality, scope, or budget suffer.
In general, the risks of fast-tracking are small. However, to make the most of this technique, first
look at the longest tasks on the critical path. These provide the largest potential decrease in
duration with the fewest number of risks to manage.Fast tracking constantly involves risk which
leads to increase the cost and some modifications to be done later in the project.
Answer option D is incorrect. Costs generally do not increase when fast tracking happens. It may
increase due to the risk involved in the project.
Answer option A is incorrect. Crashing adds resources to the project, but fast tracking does not.
Answer option B is incorrect. Communication is an ongoing need in any project and this is not as
accurate of a choice as risks.

Q80: Which of the following processes utilizes interpersonal skills as a tool and technique?
A. Control stakeholder engagement

B. Manage stakeholder engagement
C. Identify stakeholders
D. Plan stakeholder management
The manage stakeholder engagement process allows a project manager to increase support and
minimize resistance from stakeholders, significantly increasing the chances to achieve project
success. Here are the tools and techniques of the manage stakeholder engagement process:
 Communication methods
 Interpersonal skills
 Management skills

Q81: Which of the following is the best risk response to treat a risk, such as a natural disaster
that has a low probability and a high impact level?
A. Risk acceptance
B. Risk elimination
C. Risk transfer
D. Implement countermeasures
Typically, when the probability of a risk event is low, but its impact is high, then it would be best
to transfer risk to some insurance companies. This type of risks includes hurricanes, tornados,
and earthquakes. While an enterprise cannot technically transfer risk, transferring risk describes a
risk response in which an enterprise assures against the impact of the realized risk.
Answer option B is incorrect. Eliminating the risk may not be possible, as risk can only be
reduced to a lower level.
Answer option A is incorrect. Accepting the risk would leave the enterprise vulnerable to a
catastrophic disaster that could cripple or ruin the organization.
Answer option D is incorrect. Implementing countermeasures may not be as cost-effective as

transferring risk. It would be more cost-effective to pay recurring insurance cost than to be
affected by a disaster from which the enterprise cannot financially recover.
Q82: During qualitative risk analysis, you want to define the risk urgency assessment. All of the
following are indicators of risk priority except for which one?
A. Warning signs
B. Symptoms
C. Cost of the project
D. Risk rating
The cost of the project is not an indicator of risk urgency. The effect of the risk on the overall
cost of the project may be considered, but it is not the best answer.
Answer option B is incorrect. Symptoms are an indicator of the risk urgency.
Answer option A is incorrect. Warning signs are an indicator of the risk urgency.
Answer option D is incorrect. The risk rating can be an indicator of the risk urgency.
Q83: Which of the following examines the dissimilarities between the planned and the actual
budget or schedule in order to discover unacceptable risks to the budget, schedule, quality, or
scope of the project?
A. Reserve analysis
B. Variance analysis
C. Trend analysis
D. Technical performance measurement
Variance analysis is a technique used for measuring how closely a project adheres to the scope,
time, and cost estimates made during the planning phase. It also determines the dissimilarities
between the planned and the actual budget or schedule for discovering unacceptable risks to the
budget, schedule, quality, or scope of the project.
Answer option C is incorrect. Trends analysis helps in detecting new risks. Trend in project
performance need to be reviewed on a regular basis as the project execution progresses. These
trends can be determined by analyzing the performance data depending upon various
performance control techniques, such as variance and earned value analysis.
Answer option D is incorrect. Technical performance measurement is a technique used for

comparing actual versus planned parameters associated with the overall technical progress of the
project. The deviation determines the degree to which system requirements are met in terms of
performance, cost, schedule, and progress in implementing risk handling.
Answer option A is incorrect. Contingency reserves or reserve analysis is defined as an estimated

costs used at the discretion of the project manager to deal with anticipated, but not certain,
events. These events are "known unknowns" and are part of the project scope and cost baselines.
The contingency reserve is calculated by multiplying the probability and the impact for the risk
event value for each risk event. The sum of the risk events equals the contingency reserve for the
project.

Q84: David is the project manager of the HRC project. He concluded that if he adopts e-
commerce, his project can be more fruitful. However, he did not engage in e-commerce so that
he would escape from risk associated with that line of business. What type of risk response had
he adopted?
A. Acceptance
B. Enhance
C. Avoidance
D. Exploit
As David did not engage in e-commerce in order to avoid risk, he is following the risk avoidance
strategy.
Risk avoidance
Answer option B is incorrect. The enhance strategy closely watches the probability or impact of
the risk event to assure that the organization realizes the benefits. This is adopted in case of
positive risk and not for negative risk.
Answer option D is incorrect. Exploiting happens when the project manager eliminates the
uncertainty of the risk to ensure that positive risk will happen.
Answer option A is incorrect. David had not accepted the risk associated with e-commerce.
Q85: Which of the following are the tools and techniques of the plan risk responses process?
A. Strategies for positive risks

B. Risk reassessment
C. Contingent response strategies
D. Strategies for negative risks
Explanation: Answer options C, A, and D are correct.
The following are the tools and techniques of the plan risk responses process:
 Strategies for negative risks

 Strategies for positive risks or opportunities
 Contingent response strategies
 Expert judgment
Answer option B is incorrect. This is the tool and technique for the control risks process.

Q86: John works as a project manager for uCertify Inc. He needs to determine all possible
completion dates of the project schedule using values selected at random. Which of the following
techniques will John use to accomplish the task?
B. SWOT analysis
C. Monte Carlo analysis
D. Decision tree analysis
John will use the Monte Carlo analysis technique. This technique simulates schedule and cost
variables many times to calculate a distribution of probable cost or duration results.
Answer option D is incorrect. Decision tree analysis is used when there are multiple possible
Answer option A is incorrect. Checklist analysis is an organized approach built on the past
knowledge incorporated in checklist questions.
Answer option B is incorrect. SWOT analysis (strengths, weaknesses, opportunities, and threats)

Q87: John works as a project manager for uCertify Inc. He's assessing the probability of
identified risks to occur in a project. The project is in which of the following processes?

B. Plan risk responses
C. Identify risks
John is currently utilizing the risk probability and impact assessment tool and technique of the
perform qualitative risk analysis process. Risk probability refers to the likelihood that a risk will
occur, and impact refers to the effect the risk will have on a project objective if it occurs. The
probability for each risk and the impact of each risk on project objectives, such as cost, quality,
scope, and time, must be assessed.

Q88: You are the project manager of a large construction project. You're evaluating the
strengths, weaknesses, opportunities, and threats involved in a project. Which of the following
processes are you in?
A. Plan Risk Responses

B. Plan Risk Management
C. Define Scope
D. Identify Risks
You are on the identify risks process of project management. According to the PMBOK, the
SWOT analysis is used as a tool/technique in the identify risks process. SWOT analysis is a
strategic planning method used to evaluate the strengths, weaknesses, opportunities, and threats
involved in a project or in a business venture. It involves specifying the objective of the business
venture or project and identifying the internal and external factors that are favorable and
unfavorable to achieve that objective. The technique is credited to Albert Humphrey, who led a
research project at Stanford University in the 1960s and 1970s using data from Fortune 500
companies.
Reference: "The Project Management Body of Knowledge, Fifth edition, Section 11.2, Page
319"
Q89: You are the project manager for BlueWell Inc. Your current project is a high priority and
high profile project within your organization. You want to identify the project stakeholders that
will have the most power in relation to their interest on your project. This will help you plan for
project risks, stakeholder management, and ongoing communication with the key stakeholders in
your project. In this process of stakeholder analysis, what type of a grid or model should you
create based on these conditions?
A. Salience model
B. Influence/impact grid
C. Stakeholder register
D. Stakeholder power/interest grid
The power/interest grid groups stakeholders based on their level of authority (power) and their
level of interest in your project.
The power/interest grid forms a group of the stakeholders based on their level of authority
(power) and their level of interest in the project. Interest accounts to what degree the
stakeholders are affected by examining the project or policy change, and to what degree of
interest or concern they have about it. Power accounts for the influence the stakeholders have
over the project or policy, and to what degree they can help to accomplish, or block, the
preferred change.
Stakeholders, who have high power and interests associated with the project, are the people or
organizations that are fully engaged with the project. When trying to generate strategic change,
this community is the target of any operation.
Answer option C is incorrect. The stakeholder register is a listing of stakeholder information and
communication requirements.
Answer option A is incorrect. The salience model groups the stakeholders based on their power,
urgency, and legitimacy in the project.
Answer option B is incorrect. The influence/impact grid charts is based on the stakeholders
involvement and ability to effect changes to the project's planning and execution.

Q90: Consider a project with a budget at completion of $1,345,000 and it is supposed to be

completed by today, but it is only 80 percent complete. This project has spent $1,250,000 to
reach this point of completion. What is the schedule variance for this project?
A. -$269,000
B. 20 percent
C. -$217,500
D. -$174,000
The schedule variance is the earned value minus the planned value. In this instance, the schedule
variance is significant as the project is to be complete. Here, it is
SV= EV - PV
= (0.80*1,345,000) - 1,345,000
= 1076000 - 1,345,000
= -$269,000
Answer option C is incorrect. This is the projected variance at completion for the project.
Answer option B is incorrect. While there is a twenty percent difference in the project timing of
where the project is and where the project should be, the best answer is the actual financial
amount of -$269,000.
Answer option D is incorrect. This is the cost variance for the project.
Q91: You work as a project manager for uCertify Inc. You have to measure the probability,
impact, and risk exposure. Then, you have to measure how the selected risk response can affect
the probability and impact of the selected risk event. Which of the following tools will help you
accomplish the task?
A. Project network diagrams

B. Delphi technique
C. Cause-and-effect diagrams
The decision tree analysis is a risk analysis tool that can help the project manager to determine
the best risk response. The tool can be used to measure probability, impact, and risk exposure
and how the selected risk response can affect the probability and/or impact of the selected risk
event. It helps to form a balanced image of the risks and rewards connected with each possible
course of action. This makes them mostly useful for choosing between different strategies,
projects, or investment opportunities particularly when the resources are limited. A decision tree
is a decision support tool that uses a tree-like graph or model of decisions and their possible
consequences, including chance event outcomes, resource costs, and utility.
Answer option C is incorrect. Cause-and-effect diagrams are useful for identifying root causes
and risk identification, but they are not the most effective ones for risk response planning.
Answer option A is incorrect. Project network diagrams help the project manager and
stakeholders visualize the flow of the project work, but they are not used as a part of risk
response planning.
Answer option B is incorrect. The delphi technique can be used in risk identification, but
generally is not used in risk response planning. The delphi technique uses rounds of anonymous
surveys to identify risks.

identified a risk that will have negative consequences on the project. You and your risk
management team are not able to mitigate that risk from the project. Which response strategy
will you take to deal with this risk?
A. Accept
B. Transfer
C. Reject
D. Avoid
The accept or acceptance strategy is used when you're not able to eliminate all the threats on the
project. Acceptance of a risk event is a strategy that can be used for risks that pose either threats
or opportunities to the project.
Answer option B is incorrect because the idea behind a risk transfer is to transfer the risk and the
consequences of that risk to a third party. The risk has not gone away, but the responsibility for
the management of that risk now rests with another party.
Answer option C is incorrect because there is no such response strategy.
Answer option D is incorrect because with risk avoidance, you essentially eradicate the risk by
eliminating its cause. Risks that occur early in the project might easily be avoided by improving
communications, refining requirements, assigning additional resources to project activities,
refining the project scope to avoid risk events, and so on.

Q93: You are the project manager for the NHQ project. This project requires that you install 140
copies of design software onto your department's computers. The vendor offers you a twenty
percent discount on the software if your company will purchase 150 or more copies of the
software. You communicate this offer with other departments in your firm to see if anyone else
would need 10 copies of the software to save your project a significant amount of funds. What is
this risk response called?
A. Sharing
B. Transference
C. Avoidance
D. Exploiting
This is an example of sharing a positive risk opportunity. By communicating the opportunity,

you may be able to create a positive impact for your project.
Answer option B is incorrect. Transference is a negative risk response where a third party may
have a contractual agreement to manage the risk event.
Transference
Answer option D is incorrect. Exploiting is a positive risk response where your project would
take advantage of a risk event that would typically generate income for the organization.
Exploit response
Answer option C is incorrect. Avoidance is a negative risk response that takes steps to avoid the
risk event.

Q94: You work as a project manager for uCertify Inc. You want to calculate the average
outcome in your project when the future includes scenarios that may or may not happen. What
sort of analysis will you perform to accomplish the above task?
A. Reserve analysis
B. Expected monetary value (EMV) analysis
D. Make-or-Buy analysis
used within decision tree analysis. The expected monetary value of the risk is found by
multiplying the risk probability times the impact.
Answer option C is incorrect. The sensitivity analysis is the study of how the variation
quantitatively, to different sources of variation in the input of a model. In other words, it is a
technique for systematically changing parameters in a model to determine the effects of such
changes. The sensitivity analysis is useful for computer modelers for a range of purposes,
including:
Answer option A is incorrect. The reserve analysis determines whether the remaining funds in
the reserve are adequate for the identified risks remaining in the project.
Answer option D is incorrect. A make-or-buy analysis is used to verify whether a particular work
can best be accomplished by the project team or must be purchased from outside sources. Budget
constraints can influence make-or-buy decisions; thus, make-or-buy analysis must consider all
related costs, both direct and indirect support costs.

Q95: Which one of the following statements best describes an operation and not a project?
A. It is constrained by limited resources.

B. It is performed by people.
C. It is planned, executed, and controlled.
D. It is ongoing and repetitive.
Operations are ongoing and repetitive, while projects are temporary and unique.
Answer B is incorrect. Projects as well as operations are performed by people.
Answer A is incorrect. Projects and operations are both constrained by resources.
Answer C is incorrect. Projects as well as operations are planned, executed, and controlled.
Q96: You work as a project manager for BlueWell Inc. You are working with Nancy, the COO
of the company on several risks within the project. Nancy understands that through qualitative
analysis, you have identified 80 risks that have a low probability and low impact as the project is
currently planned. Nancy's concern, however, is that the impact and probability of these risk
events may change as conditions within the project may change. She would like to know where
you will document and record these 80 risks that have low probability and low impact for future
reference. What should you tell Nancy?
A. All risks, regardless of their assessed impact and probability, are recorded in the risk log.
B. All risks are recorded in the risk management plan.
C. Risks with low probability and low impact are recorded in a watchlist for future monitoring.
D. Risk identification is an iterative process, so any changes to the low probability and low impact
risks will be reassessed throughout the project life cycle.
Low probability and low impact risks are recorded in a watchlist as part of qualitative risk
analysis.
The watchlist of low priority risks is prepared for monitoring the risks that are not assessed as
important in the perform qualitative risk analysis process. The output of perform qualitative risk
analysis process is an updated risk register, which contains the relative ranking of risks and
watchlists of low priority risks.
Answer option A is incorrect. Risks are recorded in the risk register, not the risk log.
Answer option D is incorrect. While risks assessment and identification happens throughout the
project, this answer does not give information about where the risks will be documented.
Answer option B is incorrect. Risks are recorded in the risk register and the watchlist, not the
risk management plan.

Q97: Which of the following statements are true about the project lifecycle?
A. It can range along a continuum from predictive or plan-driven approaches at one end to
adaptive or change-driven approaches at the other.
B. It can be determined or shaped by the unique aspects of the organization, industry, or
technology employed.
C. It is a series of phases that a project passes through from its initiation to its closure.
D. It is also known as the change-driven or agile method.
It is a series of phases that a project passes through from its initiation to its closure. It can be
determined or shaped by the unique aspects of the organization, industry, or technology
employed. It can range along a continuum from predictive or plan-driven approaches at one end
to adaptive or change-driven approaches at the other.
Answer option D is incorrect. The adaptive life cycle is also known as the change-driven or agile
method.
Q98: Kelly is the project manager of the NNQ project for her company. This project will last for
one year and has a budget of $350,000. Kelly is working with her project team and subject
matter experts to begin the risk response planning process. When the project manager begins the
plan risk response process, what two inputs will she need?
A. Risk register and the risk response plan

B. Risk register and the risk management plan
C. Risk register and power to assign risk responses
D. Risk register and the results of risk analysis
The only two inputs for risk response planning are the risk register and the risk management
plan.
follows:
Answer option A is incorrect. Kelly will not need the risk response plan until monitoring and
controlling the project.
Answer option D is incorrect. The results of risk analysis will help Kelly prioritize the risks, but
this information will be recorded in the risk register.
Answer option C is incorrect. Kelly needs the risk register and the risk management plan as the
input. The power to assign risk responses is not necessarily needed by Kelly.
Q99: You are the project manager of the NHJ project for your company. This project has a
budget at completion of $1,650,000 and you are 60 percent complete. According to the project
plan, however, the project should be 65 percent complete. In this project, you have spent
$995,000 to reach this point of completion. There is a risk that this project may be late, so you
have taken some measures to recover the project schedule. Management would like to know,
based on current performance, what the estimate at completion for this project will be. What is
the estimate at completion?
A. $663,333
B. $1,650,000
C. $1,666,667
D. -$8,333
The estimate at completion uses the formula of BAC/CPI. The CPI is the cost performance index
and is found by dividing the earned value by the actual costs. Here, it is
CPI = EV/AC
= (0.60*1,650,000)/995,000
= 990000/995,000
= 0.99
EAC = BAC/CPI
= 1,650,000/0.99
= 1,666,667
Estimate at Completion (EAC) is a field that displays the final cost of the project including the
actual costs and the forecast of remaining costs based on the cost performance index (CPI) so far.
The formula used to calculate estimate at completion are as follows:
EAC = BAC/CPI
This formula is used when you thought your original estimates were solid but there has been a
variation in the cost and you expect that cost variation to continue as the project progresses. This
formula projects your current performance against your original budget.
EAC = AC + (BAC-EV)
This formula is used when something unexpected happened in the project and you need to
account for the atypical event but you want to assume that the remaining project performance
will not change.
EAC = AC + Bottom Up Estimate to Completion (ETC)
This formula is used when you are recreating the cost baseline of the project to figure out where
the project is going to be at the end.
EAC = AC+ (BAC-EV) / (CPI * SPI)
This formula is used when there are substantial variations in both the cost and the schedule and
you are going to expect both of these to continue for the remainder of the project.
Answer option B is incorrect. This is current budget at completion, not the estimated at
completion based on current performance.
Answer option A is incorrect. This value is the estimate to complete.
Answer option D is incorrect. This is the variance at completion for the project based on current
conditions.

Q100: Your project uses a piece of equipment that if the temperature of the machine goes above
450 Degree Fahrenheit, the machine will overheat and have to be shut down for 48 hours. Should
this machine overheat even once, it will delay the project's end date. You work with your project
to create a response that should the temperature of the machine reach 430 Degree Fahrenheit, the
machine will be paused for at least an hour to cool it down. The temperature of 430 Degree
Fahrenheit is called what?
A. Risk trigger
B. Risk response
C. Risk event
D. Risk identification
A risk trigger is a warning sign or condition that a risk event is about to happen.
Answer option C is incorrect. The risk event is the 450 Degree Fahrenheit temperature of the
machine.
Answer option D is incorrect. Risk identification is the part of the identify risks process. The
process identifies the risk events that could affect the project for positive or negative.
Answer option B is incorrect. The risk response is the pausing of the equipment.
348
Q101: Which risk analysis provides the project manager with a risk ranking?
A. SWOT analysis
B. Utility function
C. Qualitative
D. Quantifiable
keep bias at a minimal level. The risk ranking is based on the very high, high, medium, low, and
very low attributes of the identified risks.
Answer option D is incorrect. It is not relevant to the question.
Answer option B is incorrect. It describes an organization's tolerance for risk.
Answer option A is incorrect. It is a part of risk identification.
Q102: You are the project manager of the NNN project for your company. You and the project
team are working together to plan the risk responses for the project. You feel that the team has
successfully completed the risk response planning and now you must initiate what risk process it
is. Which of the following risk processes is repeated after the plan risk responses to determine if
the overall project risk has been satisfactorily decreased?
A. Identify risks
B. Risk response implementation
The perform quantitative risk analysis process is repeated after the plan risk responses to
determine if the overall project risk has been satisfactorily decreased.
Answer option C is incorrect. Perform qualitative risk analysis is not repeated after the plan risk
response process.
Answer option A is incorrect. Identify risks is an ongoing process that happens throughout the
project.
Answer option B is incorrect. Risk response implementation is not a project management

process.
Q103: Marsha is manager of the NHQ project. There is a risk that her project team has
identified, which could cause the project to be late by more than a month. Marsha does not want
this risk event to happen, so she devises extra project activities to ensure that the risk event will
not happen. The extra steps, however, will cost the project an additional $10,000. What type of
risk response is this approach?
A. Mitigation
B. Transference
C. Exploiting
D. Enhancing
This is an example of risk mitigation. By taking extra steps and spending the extra funds, Marsha
and her project team are ensuring that the risk event will not happen in her project.
Answer option B is incorrect. Marsha has not hired a vendor to manage the risk for her project.
Answer option C is incorrect. Exploiting is when there is a positive risk the project manager
wants to take advantage of.
Answer option D is incorrect. Enhancing is when there is a positive risk and the project manager
tries to make the risk event happen.
345
Q104: Which of the following risk responses is likely to be used for the risk event force
majeure?
A. Acceptance
B. Enhance
C. Transference
D. Mitigation
Force Majeure in French means "superior force". It is a common clause in contracts, which
essentially frees both parties from liability or obligation when an extraordinary event or
circumstance beyond the control of the parties, such as a war, strike, riot, crime, or an event
described by the legal term "act of God" (e.g., flooding, earthquake, volcano), prevents one or
both parties from fulfilling their obligations under the contract. However, force majeure is not
intended to excuse negligence or other malfeasance of a party, as where non-performance is
caused by the usual and natural consequences of external forces (e.g., predicted rain stops an
outdoor event), or where the intervening circumstances are specifically contemplated.
Answer option D is incorrect. Mitigation is not the best choice, as this lowers the probability
and/or impact of the risk event.
Answer option A is incorrect. Acceptance means that no action is taken relative to a particular
risk; loss is accepted if it occurs.
Answer option B is incorrect. Enhance is used for a positive risk event, not for force majeure.

Q105: Lisa is the project manager of the SQL project in a company. She has completed risk
response planning with her project team and is now ready to update the risk register to reflect the
risk response. Which of the following statements best describes the level of detail Lisa should
include with the risk responses she has created?
A. The level of detail is set by project risk governance.

B. The level of detail must define exactly the risk response for each identified risk.
C. The level of detail should correspond with the priority ranking.
D. The level of detail is set by the historical information.
The risk register is not a detailed definition of the risk response, but the level of detail should
correspond with the priority ranking for the risk. In other words, the higher the risk priority, the
more detail the risk will need.
Answer option A is incorrect. This is not a valid statement about the level detail for the risk
response.
Answer option D is incorrect. Risk detail, planning, and response could be based on the historical
information, but this is not the best choice.
Answer option B is incorrect. Not all risks should have a documented risk response as some risks
have low impact and low probability.

Q106: You are completing the qualitative risk analysis process with your project team and are
relying on the risk management plan to help you determine the budget, schedule for risk
management, and risk categories. You discover that the risk categories have not been created.
When should the risk categories have been created?
A. Define scope process

B. Create work breakdown structure process
C. Identify risks process
D. Plan risk management process
The plan risk management process is when risk categories were to be defined. If they were not
defined, as in this instance, it is acceptable to define the categories as part of the qualitative risk
analysis process.
Answer options A, B, and C are incorrect. Risk categories are not defined through the define
scope, create work breakdown structure, and identify risks processes.

Q107: Which of the following are the types of power utilized by a project manager to get a
contingency response plan approved?
A. Reward
B. Referent
C. Expert
D. Informal
E. Formal
Explanation: Answer options E, A, B, and C are correct.
Here are the types of power utilized by a project manager to get a contingency response plan
approved:
 Punishment
 Expert
 Formal or legitimate
 Referent
 Reward

Q108: You are the project manager for a construction project. The project involves casting of a
column in a very narrow space. Because of lack of space, casting it is highly dangerous. High
technical skill will be required for casting that column. You decide to hire a local expert team for
casting that column. Which of the following types of risk response are you following?
A. Avoidance
B. Acceptance
C. Transference
D. Mitigation
According to the question, you're hiring a local expert team for casting the column. As you have
transferred your risk to a third party, this is the transference risk response that you have adopted.
Answer option D is incorrect. Mitigation is a risk response planning technique associated with
Answer option A is incorrect. Avoidance involves changing the project management plan to
eliminate the threat entirely.
Answer option B is incorrect. Acceptance response is a part of risk response planning.

Acceptance response indicates that the project plan will not be changed to deal with the risk.
Management may develop a contingency plan if the risk does occur. Acceptance response to a
risk event is a strategy that can be used for risks that pose either threats or opportunities.
344
Q109: A risk register is a document that contains the results of qualitative risk analysis,
quantitative risk analysis, and risk response planning. Which of the following is the first step in
creating a risk register?
A. Analyzing the risk

B. Listing the risks
C. Categorizing the risks
D. Measuring exposure
The process of creating risk register involves:
 Listing the risks: The very first step in creating a risk register is to list down the number
of risks. The number of risks involved is typically dependent on size and nature of the
business.
 Categorizing the risks: As the number of risks can be overwhelming, groups of risk are
created and categorized.
 Measuring exposure: Measuring exposure begins with determining what the risk affects.
Measuring the exposure of risk on the earnings of a company is the simplest level while
changes in the value of firm are a broader measurement. Both qualitative and quantitative
approaches are used to measure risk exposure.
 Analyzing the risk: A risk analysis involves identifying the most probable threats to an
organization and analyzing the related vulnerabilities of the organization to these threats.
Q110: Which of the following techniques is used to measure the impact of alternative options in
the risk management decision-making?
A. Cause-benefit analysis
B. Sensitivity analysis
C. Expected monetary value (EMV) analysis
Cause-benefit analysis is one of the two quantitative tools used in risk analysis and science-based
decision-making. It is used to measure the impact of alternative options in risk management
decision-making. The other quantitative tool is risk assessment that is used in risk analysis and
science-based decision-making.
Answer option B is incorrect. The sensitivity analysis is the study of how the variation
quantitatively, to different sources of variation in the input of a model. In other words, it is a
technique for systematically changing parameters in a model to determine the effects of such
changes. The sensitivity analysis is useful for computer modelers for a range of purposes,
including:

Answer option C is incorrect. The expected monetary value (EMV) analysis is a technique used
for computing the expected value of an outcome when different possible scenarios exist for
different values of the outcome with some probabilities assigned to them. It is calculated by
multiplying the probability of the risk by its impact for two or more potential outcomes and then
adding the results of the potential outcomes together.
Answer option D is incorrect. The decision tree analysis is a risk analysis tool that can help the
project manager to determine the best risk response. The tool can be used to measure probability,
impact, and risk exposure and how the selected risk response can affect the probability and/or
impact of the selected risk event. It helps to form a balanced image of the risks and rewards
connected with each possible course of action. This makes them mostly useful for choosing
between different strategies, projects, or investment opportunities particularly when the resources
are limited. A decision tree is a decision support tool that uses a tree-like graph or model of
decisions and their possible consequences, including chance event outcomes, resource costs, and
utility.
Question Bank – 3
Q1: Kelly is the project manager of the BHH project for her organization. She is completing the
risk identification process for this portion of her project. Which one of the following is the only
thing that the identify risks process will create for Kelly?
A. Risk register updates

B. Risk register
C. Change requests
D. Project document updates
The risk register is the only output of the identify risks process.
risk register.

Answer options A, D, and C are incorrect. These are not valid outputs for the identify risks
process.

Q2: Which of the following are key components of the communication model?
A. Decode
B. Message
C. Transfer
D. Encode
The communication model shows the traversal of information between two hosts, known as the
sender and the receiver. The key components of the model are as follows:
 Encode: It is used to encrypt or code the message into a language that is understood by
others.
 Decode: It is used to decrypt the message back into the meaningful codes.
 Message and feedback message: It is the output of encoding.
 Noise: It is referred to anything, which interferes with the transmission and
understanding of the message.
 Medium: It is the method used to convey the message.
In the communication process, it is the duty of the sender to send clear and complete information
to the receiver so that it is properly received by the receiver, and for confirming that it is properly
understood. The duty of the receiver is to make sure that the information received is understood
and acknowledged properly. A failure in communication can negatively impact the project.

Q3: Which of the following is the first step of the end to end plan risk response process?
A. Developing contingency plans or risk response plans

B. Identifying risk owners during the identify risks activity
C. Identifying all risks in the risk register
D. Developing fallback plans
An overview of the end to end plan risk response process is as follows:
 Firstly, all risks should be identified in the risk register. Generally, responses are
developed for those risks listed on the urgent list.
 Risk owners are identified initially during the identify risks activity and they are
confirmed during the plan risk responses activity.
 Risk owners develop contingency plans or risk response plans. They also identify
potential risk triggers. A risk trigger is a warning sign or condition that a risk event is
about to happen.
 Risk owners develop fallback plans, which are implemented if the contingency plan does
not provide the desired response.
 Risk owners monitor all risks they are assigned as owners for. They provide periodic
status updates as required and respond to risks when required. They team with risk action
owners when responding.
The diagram for the end to end plan risk response process is given below:
Q4: In what portion of a project are risk and opportunities greatest and require intense planning
and anticipation of risk events?
A. Closing
B. Initiating
C. Planning
D. Executing
During the early phases of the project, the greatest margin for risk and opportunity is prevalent.
The closer a project moves to project completion, the lower the odds of negative risks and the
higher the odds of completing the project.
Initiating Process Group

Initiating is a process group or stage that occurs at the beginning of the project. It determines the
nature and scope of the development. If this stage is not performed well, it is unlikely that the
project will be successful in meeting the business needs. The initiating stage should include a
cohesive plan that encompasses the following areas:
 Study analyzing the business needs in measurable goals

 Review of the current operations
 Conceptual design of the operation of the final product
 Equipment and contracting requirements including an assessment of 'long-lead' items
 Financial analysis of the costs and benefits including a budget
 Stakeholder analysis, including users, and support personnel for the project
 Project charter including costs, tasks, deliverables, and schedule
The key project controls needed here are an understanding of the business environment and
ensuring that all necessary controls are incorporated into the project. Any deficiencies should be
reported and a recommendation should be made to fix them.
Answer option C is incorrect. Planning is the contingent response to the risk of the unknown in
the project. Planning aims to define the work, the metrics for measurement, and anticipation of
all risks within the project.
Answer option D is incorrect. Executing corresponds with the monitoring and controlling of risk
events. As the project work is completing, negative risk events begin to diminish.
Answer option A is incorrect. Closing has the least amount of risk exposure because the project
work has been completed.

Q5: Adrian is the project manager of the NHP project. In her project, there are several work
packages that deal with electrical wiring. Rather than to manage the risk internally, she has
decided to hire a vendor to complete all work packages that deal with the electrical wiring. By
removing the risk internally to a licensed electrician, Adrian feels more comfortable with project
team being safe. What type of risk response has Adrian used in this example?
A. Acceptance
B. Mitigation
C. Transference
D. Avoidance
This is an example of transference. When the risk is transferred to a third party, usually for a fee,
it creates a contractual relationship for the third party to manage the risk on behalf of the
performing organization.
Risk-response planning is a method of developing options to decrease the amount of threat and
make the most of opportunities. A risk response should align with risk consequence and cost-
effectiveness. This planning documents the processes for managing risk events and addresses the
owners and their responsibilities, risk identification, results from qualification and quantification
processes, budgets and times allotted for responses, and contingency plans. Here are the risk-
response planning techniques:
 Risk acceptance: Indicates that a project team has decided not to change their project
management plan to deal with a risk, or are unable to identify any other suitable response
strategy.
 Risk avoidance: A technique for changing the project management plan to either
eliminate the risk or protect project objectives from its impact.
 Risk mitigation: Listing specific actions for dealing with specific risks associated with
threats and seeking to reduce risks' probability of occurrence or impact to a level below
an acceptable threshold.
 Risk transference: Shifting threat impact to a third party, together with ownership of the
response to it.

Q6: Which of the following processes enables organizations to improve the project's
performance by focusing on high-priority risks?

D. Identify risks
Answer option B is incorrect. Perform quantitative risk analysis is a process of numerically

analyzing the effect of identified risks on overall project objectives.
Answer option C is incorrect. Plan risk responses is a method of developing options to decrease
the amount of threats and make the most of opportunities.
Answer option D is incorrect. Identify risks is a process of determining which risks may affect
the project. It also documents risks' characteristics.
Q7: You are the project manager of the GHG project in a company. You have identified the
project risks, completed qualitative and quantitative analysis, and created risk responses. You
also need to document how and when risk audits will be performed in the project. Where will
you define the frequency of risk audits?
A. Risk response plan

C. Quality management plan
D. Schedule management plan
Risk audits and their characteristics are defined in the risk management plan.
The risk management plan is a document arranged by a project manager to estimate the
effectiveness, predict risks, and build response plans to mitigate them. It also consists of the risk
assessment matrix.
Risks are built in with any project, and project managers evaluate risks repeatedly and build
plans to address them. The risk management plan consists of analysis of possible risks with both
high and low impacts, and the mitigation strategies to facilitate the project and avoid being
derailed through which the common problems arise. Risk management plans should be timely
reviewed by the project team in order to avoid having the analysis become stale and not
reflective of actual potential project risks. Most critically, risk management plans include a risk
strategy for project execution.
Answer option A is incorrect. The risk response plan defines the responses to the risks, not the
audits.
Answer option D is incorrect. The schedule management plan defines how the schedule will be
planned, created, executed, and controlled.
Answer option C is incorrect. The quality management plan defines the quality assurance
program, quality control activities, and the overall planning of quality.

Q8: You're the project manager of a project for BlueWell Inc. You and your project team have
identified a risk event in this project that could have a financial impact of $450,000 on it.
Occurrence of this risk event in the project has a 70 per cent chance. The project identifies a
solution that will reduce its probability to 10 per cent, but it will cost $260,000 to implement.
Management agrees with the solution and asks you to include the risk response in the project
plan. What risk response is this?
A. This is transference because of the $260,000 cost of the solution.

B. This is not a risk response, but a change request.
C. This is avoidance because the risk response caused the project plan to be changed.
D. This is mitigation because the response reduces the probability.
Mitigation reduces the probability and/or impact of a risk event. In this example, the probability
has been reduced to 10 per cent due to the costs of the $260,000 implementation.
Answer option C is incorrect because avoidance removes the risk altogether. In this instance, the
risk still has a ten percent chance of happening, so it's mitigation, not avoidance.
Answer option A is incorrect because transference transfers the ownership and management of
the risk event to a third party; there's no evidence that the risk has been transferred.
Answer option B is incorrect because this is a risk response, as the solution directly addresses the
risk event.
Q9: Which of the following risk responses is acceptable for both positive and negative risk
events?
A. Transferring
B. Enhancing
C. Acceptance
D. Sharing
Acceptance is a positive risk response that is appropriate for both positive and negative events.
Answer option B is incorrect. Enhancing is only used for positive risk events.
Answer option A is incorrect. Transference is only used for negative risk events.
Answer option D is incorrect. Sharing is only used for positive risk events.
344
Q10: Which of the following is an approach that is appropriate to decision tree analysis for the
calculation of expected values, and also for the assessment of results from sensitivity and
probability analyses?
A. Decision theory
B. Utility theory
C. Delphi
D. OCTAVE
It is an approach that is appropriate to decision tree analysis for the calculation of expected
values, and also for the assessment of results from sensitivity and probability analyses.
Answer option D is incorrect. It is a strategic assessment based on risk identified. It is also used
as the planning technique for security.
Answer option C is incorrect. It is a group of experts who used to rate independently and rate
business risk of an organization. Each expert analyzes the risk independently and then prioritizes
the risk, and the results are combined into a consensus.
Answer option A is incorrect. It is a technique for assisting in reaching decisions under

uncertainty and risk.
Q11: Which of the following theories suggests that once a lower-level need has been met, it no
longer serves as a motivator and the next higher level becomes the driving motivator in a
person's life?
A. Theory Z
B. Maslow's hierarchy of needs
C. Expectancy
D. Herzberg's motivation
The Maslow's hierarchy of needs theory suggests that once a lower-level need has been met, it no
longer serves as a motivator and the next higher level becomes the driving motivator in a
person's life. Maslow conjectures that humans are always in one state of need or another.
Answer option A is incorrect. Theory Z is concerned with increasing employee loyalty to their
organizations.
Answer option D is incorrect. The Herzberg's motivation theory (also known as two-factor
theory) states that there are certain factors in the workplace that cause job satisfaction, while a
separate set of factors cause dissatisfaction.
Answer option C is incorrect. The Expectancy theory, first proposed by Victor Vroom, says that
the expectation of a positive outcome drives motivation.

Q12: John works as a project manager for uCertify Inc. He's determining some variance figures
for his project. He wants to show the variance between the task's estimated progress versus its
actual progress. Which of the following formulas will John use to accomplish the task?
A. SV = EV - AC
B. SV = EV / AC
C. SV = EV / PV
D. SV = EV – PV
John will use SV (schedule variance), which is calculated by subtracting the PV (planned value)
from the EV (earned value). The formula for calculating SV (schedule variance) is:
Schedule variance = Earned value - Planned value.
Answer option C is incorrect because SPI (schedule performance index) = Earned value /
Planned value.
Answer option A is incorrect because CV (cost variance) = Earned value - Actual cost.
Answer option B is incorrect because CPI (cost performance index) = Earned value / Actual cost.

Q13: Fill in the blank with the appropriate technique.

A is a decision support tool that uses a tree-like graph or model of decisions and
their possible consequences, including chance event outcomes, resource costs, and utility.
Explanation: The decision tree analysis is a risk analysis tool that can help the project manager
to determine the best risk response. The tool can be used to measure probability, impact, and risk
exposure and how the selected risk response can affect the probability and/or impact of the
selected risk event. It helps to form a balanced image of the risks and rewards connected with
each possible course of action. This makes them mostly useful for choosing between different
strategies, projects, or investment opportunities particularly when the resources are limited. A
decision tree is a decision support tool that uses a tree-like graph or model of decisions and their
possible consequences, including chance event outcomes, resource costs, and utility.

Q14: You are the project manager of the BJA project for your company. Management is worried
about one of the identified risks in your project. The risk event has a probability of 90 percent
and a cost impact of $85,000. Management and you discuss possible solutions to address the risk.
You share with them that for $75,000 you can reduce the probability of the risk event to 15
percent and the impact to $25,000. This solution will add three weeks to the project schedule.
Management thinks this is a good idea and they would like you to add the time and cost additions
to your project plan. What type of risk response is used?
A. Mitigation
B. Avoidance
C. Exploit
D. Acceptance
Mitigation aims to reduce the probability and/or impact of a risk event. In this instance, the
$75,000 cost and the three-week addition to the project schedule reduce the probability to 15
percent and the impact to $25,000.
Answer option B is incorrect. Avoidance removes the risk threat entirely by changing the project
plan. Risk avoidance is a technique used for threats. It creates changes to the project
management plan that are meant to either eliminate the risk completely or to protect the project
objectives from its impact. Risk avoidance removes the risk event entirely either by adding
additional steps to avoid the event or reducing the project scope requirements. It may seem the
answer to all possible risks, but avoiding risks also means losing out on the potential gains that
accepting (retaining) the risk might have allowed.
Answer option D is incorrect. Acceptance simply accepts the risk event. Acceptance response is
a part of risk response planning. Acceptance response indicates that the project plan will not be
changed to deal with the risk. Management may develop a contingency plan if the risk does
occur. Acceptance response to a risk event is a strategy that can be used for risks that pose either
threats or opportunities. Acceptance response can be one of two types:
Answer option C is incorrect. Exploit is a positive risk response where the organization wants to
ensure the risk benefits are realized. Amongst all the strategies used to negate risks or threats that
appear in a project, exploit response is one that may be selected for risks with positive impacts
where the organization wishes to ensure that the opportunity is realized. Exploiting a risk event
provides opportunities for positive impact on a project. Assigning more talented resources to the
project to reduce the time to completion is an example of exploit response.

Q15: Your project is an agricultural-based project that deals with plant irrigation systems. You
have discovered a byproduct in your project that your organization could use to make a profit. If
your organization seizes this opportunity, it would be an example of what risk response?
A. Exploiting
B. Enhancing
C. Positive
D. Opportunistic
This is an example of exploiting a positive risk. A by-product of a project is an excellent

example of exploiting a risk. Amongst all the strategies used to negate risks or threats that appear
in a project, exploit response is one that may be selected for risks with positive impacts where
the organization wishes to ensure that the opportunity is realized. Exploiting a risk event
Answer D is incorrect. Opportunistic is not a valid risk response.
Answer C is incorrect. This is an example of a positive risk, but positive is not a risk response.
Answer B is incorrect. Enhancing is a positive risk response that describes actions taken to
increase the odds of a risk event to happen.
346
identified multiple risks that can have a significant impact on a project if they occur. He has
determined the impact of the risks by examining all the uncertain elements at their baseline
values. He wants to display this information to his team members in a meeting. Which of the
following diagrams will John use to accomplish the task?
A. lshikawa
B. Influence
C. Pareto
D. Tornado
John will use the Tornado diagram, which is used to display data resulting from sensitivity
analysis. Sensitivity analysis is used to determine which risk has the greatest impact on the
project. It is a quantitative method of analyzing the potential impact of risk events on the project
and determining which risk event (or events) has the greatest potential for impact by examining
all the uncertain elements at their baseline values.
Answer option A is incorrect. The Ishikawa diagram shows the relationship between the effects
of problems and their causes.
Answer option C is incorrect. The Pareto diagram is displayed as histogram that rank-order the
time.
Answer option B is incorrect. The Influence diagram is a graphical representation of situations

that display relationships among various variables and outcomes, such as causal influences and
time ordering of events.

Q17: Which of the following reflects an organization's work ethics and work hours?
A. Policies
B. Financial results
C. Work environment
D. Values and vision
The following are the elements included in the organizational culture:
 Work environment: It reflects the work ethics and work hours.

 Management style: It reflects the authority relationships.
 Policies: It reflects the organizational policies, methods, and procedures.
 Values and vision: It reflects the set of values, norms, beliefs, and expectations shared
within the organization.
Q18: Wendy is the project manager of the NNJ project for her company. As part of the variance
and trend analysis tool and technique for risk governance, she is using earned value management.
In this approach, Wendy wants to track and compare the cost and schedule variances. What is the
point of this tool and technique in regard to risk?
A. Wendy can forecast deviation of the project cost and schedule for completion targets.
B. Wendy can review quality performance on baselines.
C. Wendy can determine a true project completion date.
D. Wendy can track the cost and schedule variances.
Earned value management can help Wendy forecast potential deviation of the project at
completion from cost and schedule targets.
Earned value management

EVM is a technique used to assess project progress in an objective manner. It has the unique
ability to combine measurements of scope, schedule, and cost in a single, integrated system.
When properly applied, EVM provides an early warning of performance problems. Additionally,
it promises to enhance the definition of project scope, prevent scope creep, communicate
objective progress to stakeholders, and keep the project team focused on progress.
Answer option C is incorrect. Earned value management and its analysis do not help with
schedule completion forecasting.
Answer option D is incorrect. While Wendy can track cost and schedule variances, this is not the
best answer in light of risk management.
Answer option B is incorrect. Earned value management can help Wendy perform some quality
analysis, but this is not the best choice for the question to be answered.

Q19: Rachel is the project manager of the KJH project for her company. She needs a method to
create a quick and simple approach to risk identification to communicate the project risk with the
stakeholders. Which one of the following approaches to risk identification should Rachel choose
to provide a quick and simple listing of project risks?
B. Assumptions analysis
C. Brainstorming
D. Delphi technique
The best answer is the checklist analysis because this approach, while not in-depth, is quick and
simple for risk identification. The checklist analysis approach is a risk identification process. It's
an organized approach built on past knowledge incorporated in checklist questions. Checklist
analysis is used for high-level or comprehensive analysis, as well as for root-cause analysis. It's
relevant to any activity or system, including equipment and human factors issues, and is
generally performed by an individual trained to understand the checklist questions. Checklist
analysis is sometimes performed by a small group, and not only by risk analysis experts.
Answer option B is incorrect. Assumptions analysis is an identify risks process that can be
exhaustive and lengthy, depending on the number of assumptions within the project.
Answer option C is incorrect. Brainstorming can be a lengthy process, as its goal is to create a
comprehensive listing of project risks.
Answer option D is incorrect. Delphi technique is not a quick and simple approach, but rather
uses rounds of anonymous surveys to generate a consensus on project risks.

Q20: Fill in the blank with the appropriate phrase.

is the study of how the variation (uncertainty) in the output of a mathematical model
can be apportioned, qualitatively or quantitatively, to different sources of variation in the input of
a model.
Explanation: The sensitivity analysis is the study of how the variation (uncertainty) in the
output of a mathematical model can be apportioned, qualitatively or quantitatively, to different
sources of variation in the input of a model. In other words, it is a technique for systematically
changing parameters in a model to determine the effects of such changes. The sensitivity analysis
is useful for computer modelers for a range of purposes, including:

Q21: What approach can a project manager use to improve the project's performance during
A. Focus on high-priority risks.

B. Create a risk breakdown structure and delegate the risk analysis to the appropriate project
team members.
C. Analyze as many risks as possible regardless of who initiated the risk event.
D. Focus on near-term risks first.
According to the PMBOK, organizations can improve the project's performance by focusing on
high-priority risks.
Answer option C is incorrect. This is not the best answer for the question, as not all risks need to
be analyzed.
Answer option B is incorrect. It is good to identify as many risks as possible, but not all risks
need to be analyzed.
Answer option D is incorrect. A good strategy is to respond to risk events that are in the near-
term, more so than risk events that may happen later in the project, but this is not the best answer
for this question.
Q22: Which of the following formulas is used to calculate estimate to completion (ETC)?
A. Actual cost (AC) + Estimate to completion (ETC)

B. EAC (Estimate at completion) - AC (Actual cost)
C. Earned value (EV)/Actual cost (AC)
D. Earned value (EV) - Actual cost (AC)
Estimate to complete (ETC) is the expected cost required for completing all the remaining work
for a scheduled activity, a group of activities, or the project. This technique helps project
managers to find what the final cost of the project will be upon completion. The formula used to
calculate this estimate is as follows:
ETC = EAC (Estimate at completion) - AC (Actual cost)
Answer option D is incorrect. Cost variance (CV) is an earned value technique used for
measuring the cost performance on a project. The variance signifies whether costs are higher
than budgeted or lower than budgeted. The cost variance is calculated based on the following
formula:
CV = Earned value (EV) - Actual cost (AC)
Answer option C is incorrect. The CPI is the ratio of earned value to actual cost. It is used to
calculate performance efficiencies, as well as predict future performance in trend analysis. The
CPI is calculated using the following formula:
Answer option A is incorrect. Estimate at completion (EAC) is an estimate of the total cost for
the project, utilizing current project performance and work that still needs to be completed. The
formula used to calculate this estimate is as follows:

Q23: John works as a project manager for uCertify Inc. He's working on a project and wants to
determine which project areas are most exposed to uncertainty. Which of the following
A. Monte Carlo analysis

C. Risk categorization
D. Risk urgency assessment
John will use the risk categorization technique. This technique is used in the perform qualitative
risk analysis process, which involves grouping risks by common root cause to determine which
project areas are most exposed to uncertainty.
Answer option D is incorrect. Risk urgency assessment is a risk prioritization technique based on
time urgency. This technique determines which risks require a near-term response.
Answer option B is incorrect. Decision tree analysis is used when there are multiple possible
Answer option A is incorrect. Monte Carlo analysis simulates schedule and cost variables many
times to calculate a distribution of probable cost or duration results.

Q24: Which of the following are updates made to the risk register resulting from qualitative risk
analysis?
A. Probability of achieving cost and time objectives

B. Probabilistic analysis of the project
C. List of risks requiring near-term responses
D. Watch list of low-priority risks
Explanation: Answer options D and C are correct.
Here are the updates made to the risk register resulting from qualitative risk analysis:

 Risk scores
 Causes of risk
Answer options B and A are incorrect. Here are the updates made to the risk register resulting
from quantitative risk analysis:
 Probabilistic analysis of the project

 Probability of achieving cost and time objectives
 Prioritized list of quantified risks
 Trends in quantitative risk analysis results

Q25: Which one of the following is the only output for the perform qualitative risk analysis
process?
A. Enterprise environmental factors

B. Organizational process assets
C. Risk register updates
Risk register updates is the only output of the choices presented for the perform qualitative risk
analysis process. The five inputs for the perform qualitative risk analysis process are the risk
register, risk management plan, scope baseline, enterprise environmental factors, and

Q26: Which of the following techniques are used for data gathering and data presentation?
A. Simulation
C. Interviewing
Explanation: Answer options C and D are correct.
The following are tools and techniques of the perform quantitative risk analysis process:
 Techniques for data gathering and data presentation (interviewing, probability

distribution)
 Techniques for quantitative risk analysis and modeling
 Expert judgment
Answer options A and B are incorrect. These are techniques for quantitative risk analysis and
modeling.

Q27: You are the project manager of the NNH project. In this project, you have created a
contingency response that the schedule performance index should be less than 0.93. The NHH
Project has a budget at completion of $945,000 and is 45 percent complete though the project
should be 49 percent complete. The project has spent $455,897 to reach the 45 percent complete
milestone. What is the project's schedule performance index?
A. 1.06
B. 0.93
C. 0.92
D. -$37,800
The schedule performance index can be found by dividing the earned value by the planned value.
In this scenario, it would be:
SPI= 425,250/463,050
= 0.92.
Schedule performance index (SPI) is the measure of project schedule efficiency. It s used in
trend analysis to predict future performance. SPI is the ratio of earned value to planned value and
is calculated using the formula:
Answer option B is incorrect. 0.93 is the cost performance index for this project.
Answer option A is incorrect. 1.06 is the to-complete performance index.
Answer option D is incorrect. -$37,800 is the schedule variance.

Q28: Fill in the blank with the appropriate term.
A is a decision support tool that uses a tree-like graph, or model of decisions and
Explanation: A decision tree is a decision support tool that uses a tree-like graph, or model of
decisions and their possible consequences, including chance event outcomes, resource costs, and
utility. Decision trees are commonly used in operations research, specifically in decision
analysis, to help identify a strategy most likely to reach a goal.

Q29: You work as a project manager for TechSoft Inc. You, the project team, and the key
project stakeholders have completed a round of quantitative risk analysis. You now need to
update the risk register with your findings so that you can communicate the risk results to the
project stakeholders including management. You will need to update all of the following
information except for which one?
A. Probabilistic analysis of the project

B. Probability of achieving cost and time objectives
C. Trends in quantitative risk analysis
D. Risk distributions within the project schedule
Risk distributions are ideal for planning, but they are not updated as an output of the perform
quantitative analysis process.
Project documents are updated with information resulting from quantitative risk analysis. For
instance, risk register updates could include:
 Probabilistic analysis of the project: This contains the estimates of the project schedule
and cost with a confidence level attached to each estimate. It is the forecasted results of
the project schedule and costs as determined by the outcomes of risk analysis. These
results include projected completion dates and costs, along with a confidence level
associated with each.
 Probability of achieving cost and time objectives: This helps in assigning a probability
of achieving the cost and time objectives of the project.
 Prioritized list of quantified risks: This list helps in prioritizing the response plan
efforts to eliminate (or minimize) the impact of the threats and capitalize on the
opportunities. This list is similar to the list produced during the perform qualitative risk
analysis process. The list of risks includes those that present the greatest risk or threat to
the project and their impacts. It also lists those risks that present the greatest opportunities
to the project. This list should also indicate which risks are most likely to impact the
critical path and those that have the largest cost contingency.
 Trends in quantitative risk analysis results: A trend for specific risks can be
recognized by repeating the analysis several times and by examining the results.
Answer options A, B, and C are incorrect. These all are parts of the risk register which should be
updated.

Q30: You are the project manager of a large construction project. This project will last for 18
months and will cost $750,000 to complete. You are working with your project team, experts,
and stakeholders to identify risks within the project before the project work begins. Management
wants to know why you have scheduled so many risk identification meetings throughout the
project rather than just initially during the project planning. What is the best reason for the
duplicate risk identification sessions?
A. The iterative meetings allow all stakeholders to participate in the risk identification
processes throughout the project phases.
B. The iterative meetings allow the project manager to communicate pending risks events
during project execution.
C. The iterative meetings allow the project manager to discuss the risk events which have
passed the project and which did not happen.
D. The iterative meetings allow the project manager and the risk identification participants
to identify newly discovered risk events throughout the project.
Identify risks is an iterative process because new risks may evolve or become known as the
project progresses through its life cycle.
Identify Risks
Answer option B is incorrect. The primary reason for iterations of risk identification is to identify
new risk events.
Answer option C is incorrect. Risk identification focuses on discovering new risk events, not the
events which did not happen.
Answer option A is incorrect. Stakeholders are encouraged to participate in the identify risks
process, but this is not the best choice for the question.

Q31: Which of the following is a risk response planning technique associated with threats that
seek to reduce the probability of occurrence or impact of a risk below an acceptable threshold?
A. Avoidance
B. Exploit
C. Mitigation
D. Transference
Answer option D is incorrect because when you hire a third party to own the risk, it is known as
transference risk response.
Answer option B is incorrect because exploit is a strategy that may be selected for risks with
Answer option A is incorrect because when extra activities are introduced into the project to
avoid the risk, it is called avoidance.
Q32: What project management plan is most likely to direct the quantitative risk analysis process
for a project in a matrix environment?
A. Human resource management plan
B. Risk analysis plan
D. Staffing management plan
The risk management plan defines how risks will be identified, analyzed, responded to, and then
monitored and controlled regardless of the structure of the organization.
Answer options A, D, and B are incorrect. These options define how risks will be analyzed.

Q33: You are the project manager for the TTR project. You are in the process of gathering
information for risk identification. You ask experts to participate in the process through their
emails for maintaining anonymity. You collect the responses, summarize them, and then re-
circulate to the experts for further comment. Which of the following techniques are you using for
risk identification?
A. Expert judgment
B. SWOT analysis
C. Delphi
D. Brainstorming
Explanation: Answer C is correct.
Delphi is a technique to identify potential risk. In this technique, the responses are gathered via a
questionnaire from different experts and their inputs are organized according to their contents.
The collected responses are sent back to these experts for further input, addition, and comments.
The final list of risks in the project is prepared after that. The participants in this technique are
anonymous and therefore it helps prevent a person from unduly influencing the others in the
group. The Delphi technique helps in reaching the consensus quickly. In this instance, e-mail
response is used for maintaining anonymity.
Answers D, B, and A are incorrect. These are different techniques for identifying risks. In these
techniques, anonymity is not required.
324
Q34: Which of the following conflict management techniques is achieved when each of the
parties involved in the conflict gives up something to reach a solution?
A. Accommodation
B. Forcing
C. Compromising
D. Avoidance
In the compromising technique, both parties gain something and give up something. This
technique means finding a solution that brings some level of satisfaction to the people involved.
It is a lose-lose technique.
Answer option D is incorrect. An avoidance technique is used by the project manager as a

cooling-off period, to collect more information, or when the issue is not critical.
Answer option A is incorrect. An accommodation technique is a technique in which one party

attempts to meet other party's needs at the expense of their own.
Answer option B is incorrect. Forcing is a win-lose technique, where one party gets what they
want and the other doesn't.

Q35: During which of the following processes is the probability and impact matrix prepared?
A. Control risks
The probability and impact matrix is a technique to prioritize identified risks of the project on
their risk rating. Evaluation of each risk's importance and, hence, priority for attention, is
typically conducted using a look-up table or a probability and impact matrix. This matrix
specifies combinations of probability and impact that lead to rating the risks as low, moderate, or
high priority.
Answer options C, D, and A are incorrect because these processes are part of the project risk
management knowledge area. The probability and impact matrix is prepared during perform
qualitative risk analysis for further quantitative analysis and response based on their risk rating.
Q36: Elizabeth is a project manager for her organization and she finds risk management to be
very difficult for her to manage. She asks you, a lead project manager, at what stage in the
project will risk management become easier. What answer best resolves the difficulty of risk
management practices and the effort required?
A. Risk management only becomes easier the more often it is practiced.

B. Risk management only becomes easier when the project moves into project execution.
C. Risk management is an iterative process and never becomes easier.
D. Risk management only becomes easier when the project is closed.
According to the PMBOK, "Like many things in project management, the more it is done the
easier the practice becomes."
Answer option D is incorrect. This answer is not the best choice for the project.
Answer option B is incorrect. Risk management likely becomes more difficult in project
execution that in other stages of the project.
Answer option C is incorrect. Risk management does become easier the more often it is done.
Q37: Which of the following is the amount of risk a company or other entity is willing to accept
in pursuit of its mission?
A. Appetite
B. Tolerance
C. Aversion
D. Hedging
Risk appetite is the amount of risk a company or other entity is willing to accept in pursuit of its
mission. This is the responsibility of the board to decide risk appetite of an enterprise. When
considering the risk appetite levels for the enterprise, the following two major factors should be
taken into account:
etc.
Answer options C and D are incorrect. Aversion and hedging are related to each other and
represent the avoidance of risk within the organization.
Answer option B is incorrect. The acceptable variation relative to the achievement of an

objective is termed as risk tolerance. In other words, risk tolerance is the acceptable deviation
from the level set by the risk appetite and business objectives.
Risk tolerance is defined at the enterprise level by the board and clearly communicated to all
stakeholders. A process should be in place to review and approve any exceptions to such
standards.
Q38: You work as a project manager for BlueWell Inc. You are working on a project and
management wants a rapid and cost-effective means for establishing priorities for planning risk
responses in your project. Which risk management process can satisfy management's objective
for your project?
A. Quantitative analysis
B. Rolling wave planning
D. Historical information
Qualitative risk analysis is the best answer, as it is a fast and low-cost approach to analyze the
risk impact and its effect. It can promote certain risks onto risk response planning. Qualitative
risk analysis uses the likelihood and impact of the identified risks in a fast and cost-effective
manner. Qualitative risk analysis establishes a basis for a focused quantitative analysis or risk
response plan by evaluating the precedence of risks with a concern to impact on the project's
scope, cost, schedule, and quality objectives. Qualitative risk analysis is conducted at any point
in a project life cycle. The primary goal of qualitative risk analysis is to determine proportion of
effect and theoretical response.
Answer option D is incorrect. The historical information can be helpful in qualitative risk
analysis, but it is not the best answer for the question, as historical information is not always
available (consider new projects).
Answer option A is incorrect. Quantitative risk analysis is in-depth and often requires a schedule
and budget for the analysis.
Answer option B is incorrect. Rolling wave planning is not a valid answer for risk analysis
processes.
identified number of risks. To get proper feedback for the risks, he brought risk experts into the
process. The risk experts participated anonymously by responding to a questionnaire on
important risk information. Which of the following techniques has John used?
A. SWOT analysis
B. Root cause analysis
C. Delphi
D. Process flow chart
John has used the Delphi technique. This technique includes a group of risk experts who
participate anonymously by responding to a questionnaire on important risk information. It is a
lot like brainstorming, except that the people participating in the meeting don't know one
another.
Answer option D is incorrect. A process flow chart shows the logical steps needed to accomplish
responses.
Answer option B is incorrect. Root cause analysis involves digging deeper than the risk itself and
looking at the cause of the risk. This helps define the risk more clearly, and it also helps you later
when it's time to develop the response plan for the risk.
Answer option A is incorrect. SWOT analysis (strengths, weaknesses, opportunities, and threats)
is a technique that examines the project from each of these viewpoints. It also requires examining
the project from the viewpoint of the project itself and from project management processes,
resources, the organization, and so on to identify risks, including those generated internally to the
project.

Q40: Which of the following techniques computes the project model using various inputs, such
as cost or schedule duration, for determining a probability distribution for the variable chosen?
A. Simulation
C. Expected monetary value (EMV) analysis
D. Modeling
Simulation technique computes the project model using various inputs, such as cost or schedule
duration, for determining a probability distribution for the variable chosen. The Monte Carlo
analysis is an example of a simulation technique.
Answer option D is incorrect. It permits a user to translate the potential risks at specific points in
the project into their impacts so that the user can determine how the project objectives are
affected.
Answer option B is incorrect. It is used when there are multiple possible outcomes with different
Answer option C is incorrect. It is used to calculate the expected value of an outcome when
different possible scenarios exist for different values of the outcome with some probabilities
assigned to them.

Q41: John works as a project manager for uCertify Inc. During the project execution, he carries
out an earned value management on a project and determines that the CPI is 1.3 and the SPI is
0.77. What do these figures indicate?
A. The project is under-budget and behind schedule.

B. The project is over-budget and behind schedule.
C. The project is under-budget and ahead of schedule.
D. The project is over-budget and ahead of schedule.
The CPI (cost performance index) measures the value of the work completed at the measurement
date against the actual cost, and the SPI (schedule performance index) measures the progress to
date against the progress that was planned. Since, in this scenario, the CPI is greater than one and
the SPI is less than one, it indicates that the project is over-budget and behind schedule,
respectively.

Q42: Which of the following are the tools and techniques of the manage communications
process?
A. Communication methods
B. Expert judgment
C. Communication technology
D. Communication models
The following are the tools and techniques of the manage communications process:
 Communication technology
 Communication models
 Communication methods
 Information management systems
 Performance reporting
Answer option B is incorrect. It is a tool (technique) of the control communication process.

Q43: Gary, a project manager, and his project team have completed a qualitative risk analysis
and are about to begin quantitative risk analysis. However, Mary, the project sponsor, wants to
know what their quantitative risk analysis will review. Which of the following best defines what
their quantitative risk analysis will review?
A. The results of risk identification and prepare the project for risk response management
B. The true cost and probability of each identified risk event to determine risk exposure
C. The effect of risk events that might substantially impact the project's competing demands
D. Risk events for their probability and impact on project objectives
Once risk events have passed through qualitative risk analysis, they must be reviewed to
determine their effect on the project's competing demands.
Answer option D is incorrect because, although quantitative risk analysis will review risk events
for probability and impact, this statement doesn't answer the question adequately.
Answer option B is incorrect because quantitative risk analysis doesn't review every risk
identified - only those requiring further analysis.
Answer option A is incorrect because quantitative risk analysis doesn't begin the risk response
process. Its goal is to determine the effect of certain risk events on the project's competing
demands.

Q44: John works as a project manager for uCertify Inc. He's starting a new project. He needs to
define the project objectives and develop the course of action required to attain those objectives.
Under which of the following process groups does this come?
A. Executing
C. Initiating
D. Planning
The planning process group is the second process group or stage of a project. After the Initiating
stage, the system is designed. This process group defines the project objectives and develops the
course of action required to attain those objectives.
Answer option C is incorrect. The initiating process group authorizes, starts, and defines a new
project or phase.
Answer option A is incorrect. The executing process group starts after the planning phase of a
project is completed, and consists of the processes used to complete the work defined in the
project management plan and thereby accomplish the project's requirements.
Answer option B is incorrect. The monitoring and controlling process group tracks, reviews, and
regulates the project performance, and identify any necessary changes.

Q45: David is the project manager of the NKL project for his organization. He has been asked to
create a proposal for a construction project for a client. David realizes that there are several
requirements within the SOW and RFP provided by the client that would eliminate his company
from bidding on the construction project. David proposed to management that his organization
create a partnership with a competitor so that together they could bid on the construction project
and qualify for the customer's requirements. What risk response is David proposing to
management?
A. Sharing
B. Exploiting
C. Transference
D. Teaming agreement
Sharing is a positive risk response often seen through partnerships and teaming agreements to
seize an opportunity.
Answer option D is incorrect. The teaming agreement describes the contractual relationship
between the parties involved in the project.
Answer option B is incorrect. Exploiting is a positive risk response to ensure that the opportunity
within a project is realized, such as time or cost savings.
Answer option C is incorrect. Transference is a negative risk response to transfer the risks to a
third party.

Q46: You are the project manager of a large, high-profile project in your organization. You have
realized that politics within your company may affect the true identification of risk events within
the project. You decide that you'd like to use a method to identify risk events through an
anonymous process. Which one of the following risk events will allow you to collect and
distribute risk information without the stakeholders knowing what other stakeholders are
communicating about the project risk events?
B. Delphi technique
C. Monte Carlo technique
D. Surveys
This approach uses rounds of anonymous surveys to generate a consensus of project risks.
group. The delphi technique helps in reaching the consensus quickly.
Answer option A is incorrect. The checklist analysis approach is a risk identification process, but
it doesn't provide an anonymous approach to risk identification.
Answer option C is incorrect. The Monte Carlo technique is not a risk identification approach. It
is a modeling and forecasting approach for probability and impact of risk events, based on the
project conditions.
Answer option D is incorrect. Surveys are not always anonymous, while the Delphi Technique
always uses anonymous surveys.

Q47: Jane is manager of the GBB project for her company. A vendor has offered her a project
with 10 percent discount if a company will order 100 units for the project. It's possible that the
GBB project may need them, but their cost may be an issue. Jane documents the offer and tells
the vendor she'll keep the offer in mind and continue with the project as planned. What risk
response has been given in this project?
A. Sharing
B. Exploiting
C. Acceptance
D. Enhance
Acceptance happens when project risk is acknowledged but not necessarily addressed. Jane will
accept the discount if her project needs the 100 units, but she makes no promise to order them.
risks that pose either threats or opportunities.
Answer option D is incorrect because enhance attempts to increase event probability and/or
impact.
Answer option A is incorrect because sharing happens when a project manager shares ownership
of a positive risk event.
Answer option B is incorrect because exploiting happens when the project manager eliminates
the uncertainty of risk to ensure that positive risk will happen.
Q48: Sam is the project manager of a construction project in south Florida. This area of the
United States is prone to hurricanes during certain parts of the year. As part of the project plan,
Sam and the project team acknowledge the possibility of hurricanes and the damage they could
have on the project's deliverables, the schedule of the project, and the overall cost of the project.
Once Sam and the project stakeholders acknowledge the risk of a hurricane, they go on planning
the project as if the risk is not likely to happen. What type of risk response is Sam using?
A. Mitigation
B. Avoidance
C. Active acceptance
D. Passive acceptance
This is an example of passive acceptance risk response. Passive acceptance requires no action
except documenting the risk strategy. The project team will deal with the risk of the hurricane
when, and if, it occurs.
Answer option A is incorrect. Mitigation involves the steps to lower the probability and/or
impact of the risk event. It's unlikely that Sam or the project team can lower the probability
and/or impact of a hurricane.
Answer option C is incorrect. Active acceptance establishes a contingency reserve. It usually

includes time and a budget for the risk response when, and if, the event occurs.
Answer option B is incorrect. Avoidance changes the project plan to remove the risk altogether
from the project.

Q49: Eric is the project manager of the MTC project for his company. In this project, a vendor
has offered Eric a sizeable discount on all hardware if his order total for the project is more than
$125,000. Right now, Eric is likely to spend $118,000 with vendor. If Eric spends $7,000, his
cost savings for the project will be $12,500, but he cannot purchase hardware if he cannot
implement the hardware immediately due to organizational policies. Eric consults with Amy and
Allen, other project managers in the organization, and asks if they need any hardware for their
projects. Both Amy and Allen need hardware and they agree to purchase the hardware through
Eric's relationship with the vendor. What positive risk response has happened in this instance?
A. Exploiting
B. Transference
C. Sharing
D. Enhancing
This is an example of sharing the positive risks so that all parties involved in the decision can
benefit from the purchase and discount of the hardware.
Answer option D is incorrect. Enhancing is a tempting choice as Eric is enhancing the

probability of receiving the discount from the vendor, but he is sharing the opportunity to receive
the discount - something he would not receive on his own.
Answer option A is incorrect. Exploiting happens when the project manager wants to ensure that
an opportunity is realized. Eric is certain that Amy and Allen will be purchasing the hardware.
Answer option B is incorrect. Transference is a negative risk response that transfers ownership of
a risk event to a third party, such as a vendor.

Q50: Which of the following tools and techniques of the identify risks process is used in order to
test the accuracy of assumptions made in the project?
B. SWOT analysis
Assumption in the project scope statement represents uncertainty. The assumption analysis is
done in order to test the accuracy of assumptions made in the project. It may generate one or
more risks once an assumption proves to be false.
Answer option D is incorrect. Documentation review is a structured review of the relevant parts
of input documents, such as the project scope statement and the project management plan that
will certainly help in identifying risks. The business analysis team helps in reviewing all the
documentation of the requirements, desired future state, correspondence, and project
deliverables.
Answer option A is incorrect. The checklist analysis approach is a risk identification process. It's
an organized approach built on past knowledge incorporated in checklist questions. Checklist
analysis is used for high-level or comprehensive analysis, as well as for root-cause analysis. It's
relevant to any activity or system, including equipment and human factors issues, and is
generally performed by an individual trained to understand the checklist questions. Checklist
analysis is sometimes performed by a small group, and not only by risk analysis experts.
Answer option B is incorrect. SWOT stands for Strengths, Weaknesses, Opportunities, and
Threats. It is a part of business policy that helps an individual or a company to make decisions. It
includes the strategies to build the strength of a company and use the opportunities to make the
company successful. It also includes the strategies to overcome the weaknesses of and threats to
the company.

Q51: You are the project manager for the TTP project. You are in the Identify Risks process.
You have to create the risk register. Which of the following are included in the risk register?
A. List of key stakeholders

B. List of mitigation techniques
C. List of potential responses
D. List of identified risks
Explanation: Answer options D and C are correct.
risk register. Risk register primarily contains the following:
 List of identified risks: A reasonable description of the identified risks is noted in the
risk register. The description includes event, cause, effect, impact related to the risks
identified. In addition to the list of identified risks, the root causes of those risks may
appear in the risk register.
 List of potential responses: Potential responses to a risk may be identified during the
identify risks process. These responses are useful as inputs to the plan risk responses
process.
Answer options B and A are incorrect. List of mitigation techniques and key stakeholders are not
parts of the risk register.
327
Q52: Which of the following is a qualitative technique for identifying and evaluating problems
that may represent risks to personnel or equipment, or prevent efficient operation?
A. PRA
B. HAZOP
C. FMEA
D. FMECA
A hazard and operability study (HAZOP) is a qualitative technique for identifying and evaluating
problems that may represent risks to personnel or equipment, or prevent efficient operation. This
technique is carried out by a multi-disciplinary team (HAZOP team) during a set of meetings.
Answer option A is incorrect. Preliminary risk analysis (PRA) or hazard analysis is a qualitative
risk analysis technique that involves a disciplined analysis of the event sequences that could
transform a potential hazard into an accident. This technique first identifies the possible
undesirable events and then analyzes the events separately. Also, possible improvements or
preventive measures are formulated for each undesirable events or hazards.
Answer options C and D are incorrect. Failure mode and effects analysis (FMEA/FMECA) is a
procedure by which each potential breakdown approach in a system is analyzed to establish its
effect on the system and to classify it according to its severity. When the FMEA is extended by a
criticality analysis, the technique is then called failure mode and effects criticality analysis
(FMECA).
Q53: John is the project manager of the HJK project for his organization. He and his team have
created risk responses for many of the risk events in the project. Which risk response event
usually has a contractual agreement?
A. Mitigation
B. Exploiting
C. Sharing
D. Transference
Transference is the risk response that transfers the risk to a third party, usually for a fee.
Insurance and subcontracting of dangerous works are two common examples of transference
with a contractual obligation.
Answer option A is incorrect. Mitigation is a negative risk response used to lower the probability
Answer option C is incorrect. Sharing is a positive risk response. Sharing may also have
contractual obligations, sometimes called teaming agreements.
Answer option B is incorrect. Exploiting is a positive risk response and not a negative response
and doesn't have contractual obligations.

Q54: What is the best approach to identify all of the project stakeholders?
A. Brainstorm the list of stakeholders

B. Review similar projects for stakeholders
C. Interview stakeholders to identify other stakeholders
D. Ask the project sponsor who the stakeholders are
By interviewing the stakeholders, you can identify other stakeholders. In the interview process,
you should ask if there are other stakeholders that should be involved in the conversation of
requirements. This process helps to capture stakeholders that may have been overlooked.
Answer option A is incorrect. Brainstorming the stakeholders is not the best choice because you
and your team may not know the names of the stakeholders that should be involved in the
requirements gathering process.
Answer option B is incorrect. Reviewing organizational process assets is a good method to

identify the stakeholders, but the best method is to interview the known stakeholders. This is
considered the best method because you may not have previous, similar projects to refer to in
your project.
Answer option D is incorrect. The project sponsor is not the best source of stakeholder
identification, though the project sponsor is considered a key stakeholder.
Q55: You work as a project manager for BlueWell Inc. You are preparing to plan risk responses
for your project with your team. How many risk response types are available for a negative risk
event in the project?
A. Seven
B. Four
C. Three
D. One
There are four risk responses available for a negative risk event.
The risk response strategies for negative risks are:
 Avoid: It involves altering the project management plan to remove the threats
completely.
 Transfer: It requires shifting some or all of the negative effects of a threat including the
ownership of response, to a third party.
 Mitigate: It implies a drop in the probability and impact of an unfavorable risk event to
be within suitable threshold limits.
 Accept: It delineates that the project plan will not be changed to deal with the risk.
Management may develop a contingency plan if the risk occurs. It is used for both
negative and positive risks.
Answer option D is incorrect. There are four responses for negative risk events.
Answer option C is incorrect. There are four, not three, responses for negative risk events. Do
not forget that acceptance can be used for negative risk events.
Answer option A is incorrect. There are seven total risk responses, four of which can be used for
negative risk events.

Q56: You are the project manager for your organization. You have determined that an activity is
too dangerous to complete internally so you hire licensed contractor to complete the work. The
contractor, however, may not complete the assigned work on time which could cause delays in
subsequent work beginning. This is an example of what type of risk event?
A. Pure risk
B. Internal
C. Transference
D. Secondary risk
Secondary risk is created as a result of a risk response. The first risk of the dangerous work is
addressed through transference, but the response creates the possibility of delays within the
project.
Secondary risk is a risk that arises as a straight consequence of implementing a risk response.
The secondary risk is an outcome of dealing with the original risk. Secondary risks are not as
rigorous or important as primary risks, but can turn out to be so if not estimated and planned
properly.
Answer option C is incorrect. Transference is the type of response used to hire the electrician,
but it is not a risk type.
Answer option B is incorrect. The dangerous work is an internal risk, but the risk associated and
controlled by the vendor is an external risk event.
Answer option A is incorrect. The dangerous work in the project could be a pure risk, as pure
risks do not offer any upsides. There is not enough information given to determine if the risk is a
pure risk.

Q57: The Project Risk Management knowledge area focuses on which of the following
processes?
A. Perform quantitative risk analysis

C. Potential risk monitoring
D. Control risks
Explanation: Answer options D, A, B are correct.
The Project Risk Management knowledge area focuses on the following processes:
 Plan risk management
 Identify risks
 Perform qualitative risk analysis
 Perform quantitative risk analysis
 Plan risk responses
 Control risks
Answer option C is incorrect. There is no such process in the Project Risk Management
knowledge area.
Q58: You are the project manager of the GHY project. In your organization, you must follow
certain enterprise environmental factors that establish the rules for risk management. One of the
policies your project must adhere to requires periodic rapid analysis of risks within the project.
These rapid, cost-effective sessions must be documented and performed monthly. What type of
analysis are you required to perform according to your enterprise environmental factors?
A. Brainstorming
B. Delphi technique
C. Qualitative analysis
D. Quantitative analysis
Rapid, cost-effective analysis of risks within your project is called qualitative analysis. This
analysis usually precedes quantitative analysis and should be completed periodically throughout
the project.
Qualitative risk analysis uses the likelihood and impact of the identified risks in a fast and cost-
effective manner. Qualitative risk analysis establishes a basis for a focused quantitative analysis
or risk response plan by evaluating the precedence of risks with a concern to impact on the
project's scope, cost, schedule, and quality objectives. Qualitative risk analysis is conducted at
any point in a project life cycle.
Answer option D is incorrect. Quantitative analysis is an in-depth study of the identified risk to
predict probability and impact on the project's success.
Answer option A is incorrect. Brainstorming is not an analysis, but an idea-generating process.
Answer option B is incorrect. The delphi technique uses rounds of anonymous surveys to build
consensus.

Q59: You are the project manager of the NHQ project for your company. You are working with
your project team to complete a risk audit. A recent issue that your project team responded to,
and the management approved, was to increase the project schedule because there was risk
surrounding the installation time of a new material. Your logic was that with the expanded
schedule, there would be time to complete the installation without affecting downstream project
activities. What type of risk response is being audited in this scenario?
A. Lag time
B. Parkinson's law
C. Avoidance
D. Mitigation
This is an example of the avoidance risk response. By changing the project schedule, you are
attempting to avoid the lateness of the project deliverables.
Answer option A is incorrect. Lag time is the time added between project activities, such as time
waiting for concrete to cure.
Answer option B is incorrect. Parkinson's law states that work expands to fill the amount of time
allotted to it. This is not a risk response.
Answer option D is incorrect. Mitigation is a risk response to lower the probability and/or impact
of a risk event.

Q60: You are the project manager of the GYH project in your organization. Management has
asked you to begin identifying risks and to use an information gathering technique. Which one of
the following risk identification approaches is an information gathering technique?
A. SWOT analysis
Root cause analysis is one of the four information gathering techniques a project manager can
use. The other three information gathering tools are brainstorming, delphi technique, and
interviewing.
Answer options C, D, and A are incorrect. These are risk identification techniques, but these are
not information gathering techniques.

Q61: You work as a project manager for SoftTech Inc. You have implemented the risk action
plan and it was not effective. What type of plan should you as a project manager create for
implementation if a selected risk strategy fails to be fully effective?
A. Mitigation management plan

B. Risk response plan
C. Mitigation plan
D. Fallback plan
A fallback plan can be developed for implementation in case a selected strategy for a risk event
is not as effective as was planned for.
A risk fallback plan is a proper plan devised to identify definite action to be taken if a risk action
plan (risk mitigation plan) is not helpful. The fallback plan is important in risk response
planning; if the contingency plan for a risk is not successful, then the project team implements
the fallback plan. Fall-back planning is intended for a known and specific activity that can fail to
produce a desired outcome. It's related to technical procedures and responsibility of a technical
lead.
Answer option C is incorrect. Mitigations are risk responses for negative risk events to lower the
probability and/or impact of the risk impact.
Answer option B is incorrect. A risk response plan is a generic term to describe the seven risk
responses and the risks within the project.
Answer option A is incorrect. A mitigation management plan is not a valid project management
term.

Q62: Which of the following risks is described in the statement below?
"It is the risk or danger of an action or an event, a method or a (technical) process that still
conceives these dangers even if all theoretically possible safety measures would be applied."
A. Pure risk
B. Residual risk
C. Inherent risk
D. Control risk
Answer option C is incorrect. Inherent risk, in auditing, is the risk that the account or section
being audited is materially misstated without considering internal controls due to error or fraud.
The assessment of inherent risk depends on the professional judgment of the auditor, and it is
done after assessing the business environment of the entity being audited.
Answer option A is incorrect. Pure risk has only a negative effect on the project. Pure risks are
activities that are dangerous to complete and manage such as construction, electrical work, or
manufacturing. It is a class of risk in which loss is the only probable result and there is no
positive result. It is associated to the events that are outside the risk-taker's control. The nature of
the work includes some pure risks. Pure risks can also include things like acts of god (force
majeure), fire, and theft.
Answer option D is incorrect. Control risk occurs when the client's internal control policies and
procedures fall short to detect or prevent a material missed statement from happening.

Q63: You are the project manager for a construction project. The project includes a work that
involves very high financial risks. You decide to insure processes so that any ill happening can
be compensated. Which type of strategies have you used to deal with the risks involved with that
particular work?
A. Mitigate
B. Accept
C. Avoid
D. Transfer
Transfer strategy is one of the four strategies for negative risks or threats. Risk transfer involves
shifting some or all of the negative impact of a threat, along with ownership of the response to a
third party. However, transferring the risk simply gives another party responsibility for its
management, it does not eliminate it.
Answer C is incorrect. Risk avoidance involves changing the project management plan to
eliminate the threat entirely.
Answer A is incorrect. Mitigation of risk implies a reduction in the probability and impact of an
adverse risk event to be within acceptable threshold limits.
Answer B is incorrect. This strategy is adopted because it is seldom possible to eliminate all
threats from a project. This strategy indicates that the team is ready to take the risk.
344
Q64: Which of the following risk response strategies implies a drop in the probability and
impact of an unfavorable risk event to be within suitable threshold limits?
A. Mitigate
B. Share
C. Avoid
D. Exploit
It implies a drop in the probability and impact of an unfavorable risk event to be within suitable
threshold limits.
Answer option C is incorrect. It involves altering the project management plan to remove the
threats completely.
Answer option D is incorrect. It is preferred for risks with positive impacts where the
organization desires to ensure that the opportunity is realized.
Answer option B is incorrect. It deals with sharing of responsibility and accountability with
others to facilitate the team with the best chance of seizing the opportunity.

Q65: Stephen is the project manager of the GBB project for his organization. He has worked
with two subject matter experts and his project team to complete the risk assessment technique.
There are approximately 47 risks that have a low probability and a low impact on the project.
Which of the following options best describes what Stephen should do with these risk events?
A. Stephen should accept the risks because they are low probability and low impact risks.
B. The low probability and low impact risks should be added to the risk register.
C. The low probability and low impact risks should be added to a watchlist for future
monitoring.
D. Risks can be dismissed because they are low probability and low impact risks.
The best answer, according to the PMBOK, is that the low probability and low impact risks
should be added to a watchlist for future monitoring.
Answer option A is incorrect. The risk response for these events may be to accept them, but the
best answer is to first add them to a watchlist.
Answer option D is incorrect. Risks are not dismissed; they are at least added to a watchlist for
monitoring.
Answer option B is incorrect. While the risks may eventually be added to the register, the best
answer is to first add them to the watchlist for monitoring.

Q66: Which of the following best describes the utility of a risk?
A. Usefulness of the risk to individuals or groups

B. Finance incentive behind the risk
C. Mechanics of a risk working
D. Potential opportunity of the risk
The utility of a risk describes the usefulness of a particular risk to an individual. Moreover, the
same risk can be utilized by two individuals in different ways. Financial outcomes are one of the
methods for measuring potential value for taking a risk. For example, if the individual's
economic wealth increases, the potential utility of the risk will decrease.
Answer option C is incorrect. It is not a valid definition.
Answer option B is incorrect. Determining financial incentive is one of the methods to measure
the potential value for taking a risk, but it is not the valid definition for the utility of a risk.
Answer option D is incorrect. It is not a valid definition.

Q67: You work as a project manager for uCertify Inc. You are incorporating a risk response
owner to take the job for each agreed-to and funded risk response. On which of the following
processes are you working?

C. Identify risks
D. Plan risk response
follows:
Answer option C is incorrect. Identify risks is the process of determining which risks may affect
the project. It also documents risks' characteristics. It is part of the project risk management
knowledge area. As new risks may evolve or become known as the project progresses through its
life cycle, identify risks is an iterative process. The process should involve the project team so
that they can develop and maintain a sense of ownership and responsibility for the risks and
associated risk response actions. Risk register is the only output of this process.
Answer option B is incorrect. Quantitative risk analysis is the process of numerically analyzing
the effect of identified risks on overall project objectives. This process generally follows the
qualitative risk analysis process.
Answer option A is incorrect. Perform qualitative risk analysis is the process of prioritizing risks

Q68: You are the project manager of the GHE project. You have identified the following risks
with the characteristics as shown in the following figure:
How much capital should the project set aside for the risk contingency reserve?
A. $41,750
B. $142,000
C. $232,000
D. $23,750
Contingency reserves are estimated costs to be used at the discretion of the project manager to
deal with anticipated, but not certain, events. These events are "known unknowns" and are part
of the project scope and cost baselines. The contingency reserve is calculated by multiplying the
equals the contingency reserve for the project. Note that Risk D is a positive risk amount.
Answer option A is incorrect. This value is the sum of the risk events if you did not include Risk
D as a positive risk value.
Answer option B is incorrect. This is a sum of the risk event.
Answer option C is incorrect. This is a sum of the risk events without including Risk D as a
positive risk event.
206
Q69: Jeff, a key stakeholder in your project, wants to know how the risk exposure for the risk
events is calculated during quantitative risk analysis. He is worried about the risk exposure
which is too low for the events surrounding his project requirements. How is the risk exposure
calculated?
A. The probability of a risk event plus the impact of a risk event determines the true risk
exposure.
B. The risk exposure of a risk event is determined by historical information.
C. The probability and impact of a risk event are gauged based on research and in-depth
analysis.
D. The probability of a risk event times the impact of a risk event determines the true risk
exposure.
The risk impact is multiplied by the risk probability to determine the risk exposure, also called
the expected monetary value, for a risk event.
Risk exposure is a straightforward estimate that gives a numeric value to a risk, enabling
different risks to be compared.
Risk exposure of any given risk = Probability of risk occurring x impact of
risk event
Answer option A is incorrect. The probability and the impact are not added together.
Answer option C is incorrect. While it is true that quantitative analysis determines the most
likely probability and impact, this answer does not define how the risk exposure is determined.
Answer option B is incorrect. Not all projects and risks will have historical information, so this is
not the best choice for the question.

Q70: In addition to monitoring and controlling the project risks for their status and information,
the control risks process accomplishes four key things for a project. Which one of the following
is NOT a determination that is made by the control risks process?
A. Determines if the project assumptions are still valid

B. Determines if the project constraints are still valid
C. Determines if the risk management policies and procedures are being followed
D. Determines if the risk contingency reserves should be modified to be in alignment with
the current risk assessment
The project constraints are not determined to be valid or not through the control risks process.
The four additional purposes of the control risks process are: Determines if the project
assumptions are still valid, determines if the risk management policies and procedures are being
followed, determines if the risk contingency reserves should be modified to be in alignment with
the current risk assessment, and determines if a risk has changed or can be retired.
Answer options A, C, and D are incorrect. These are the valid statements about the control risks
process.

Q71: What is the expected monetary value of a project with a 80% probability of a $45,000 gain
and a 40% probability of a $70,000 loss?
A. $1,690
B. $8,000
C. -$6,500
D. -$7,000
the expected monetary value is calculated for both the positive and negative values and then
summed together. Here's the calculation for expected monetary value:
Expected monetary value of a project = [(EMV = 80% * $45,000)] + [(EMV = 40% * -$70,000)]
The answer is $8,000.

Q72: Which of the following response strategies closely watches the probability or impact of the
risk event to assure that the organization realizes the benefits?
A. Share
B. Exploit
C. Enhance
D. Accept
The enhance strategy closely watches the probability or impact of the risk event to assure that the
organization realizes the benefits. The primary point of this strategy is to attempt to increase the
probability and/or impact of positive risks. This entails watching for and emphasizing risk
triggers and identifying the root causes of the risk to help enhance impacts or probability.
Answer option B is incorrect. When you exploit a risk event, you're looking for opportunities for
positive impacts. This is the strategy of choice when you've identified positive risks that you
want to make certain that will occur on the project.
Answer option A is incorrect. The share strategy is similar to the transfer strategy because you'll
assign the risk to a third-party owner best able to bring about the opportunity the risk event
presents.
Answer option D is incorrect. The acceptance strategy is used when you're not able to eliminate
all the threats on the project. Acceptance of a risk event is a strategy that can be used for risks
that pose either threats or opportunities to the project.

Q73: Which of the following distributions represents possible scenarios in a decision tree,
outcomes of a test, results of a prototype, and other uncertain events?
A. Discrete
B. Triangular
C. Normal
D. Lognormal
The probability distribution includes normal, lognormal, triangular, beta, and uniform
distributions. These distributions are graphically displayed and display both the probability and
time or cost elements.
uncertain events.

Q74: Risk transfer means that impact of risk is reduced by transferring or otherwise sharing a
portion of the risk with an external organization or another internal entity. What are the ways of
risk transfer?
A. Insurance
B. Eliminating the exposure of assets to the risk
C. Eliminating the source of the risk
D. Outsourcing the activity
In this method of risk management, transfer of risk to another entity is done, i.e., shifting
responsibility to another party. This is most commonly done by purchasing insurance. It can also
be done by outsourcing the activity.
Some ways of risk transfer:
 Insurance: Purchasing of insurance is done to protect the company from a loss. If a loss
occurs, the insurance covers it. Many types of insurance are available, including fire
insurance.
 Outsourcing the activity: The company hires an outsider to manage risks. For example,
a company may want to host a Web site on the Internet. The company can host the Web
site with a Web hosting provider. The company and the provider can agree on who
assumes responsibility for security, backups, and availability.
Answer options C and B are incorrect. One of the methods to manage risk is to simply avoid it.
The primary reason to avoid a risk is that the impact of the risk outweighs the benefit of the
asset. Sometimes, the cost of risk avoidance is more substantial than accepting the risk.
Q75: Harold is the project manager of a large project in his organization. He has been actively
communicating and working with the project stakeholders. One of the outputs of the manage
stakeholder engagement process can actually create new risk events for Harold's project. Which
output of the manage stakeholder engagement process can create risks?
A. Change requests
B. Project management plan updates
C. Project documents updates
D. Organizational process assets updates
The manage stakeholder engagement process can create change requests for the project, which
can cause new risk events to enter into the project.
Change requests are requests to expand or reduce the project scope, modify policies, processes,
plans, or procedures, modify costs or budgets or revise schedules. These requests for a change
can be direct or indirect, externally or internally initiated, and legally or contractually imposed or
optional. A project manager needs to ensure that only formally documented requested changes
are processed and only approved change requests are implemented.
Answer option B is incorrect. Project management plan updates do not create new risks.
Answer option C is incorrect. Project documents updates do not create new risks.
Answer option D is incorrect. Organizational process assets updates do not create new risks.
Q76: Ben is the project manager of the CMH project for his organization. He has identified a
risk that has a low probability of happening, but the impact of the risk event could save the
project and the organization with a significant amount of capital. Ben assigns Laura to the risk
event and instructs her to research the time, cost, and method to improve the probability of the
positive risk event. Ben then communicates the risk event and response to management. What
risk response has been used here?
A. Sharing
B. Exploit
C. Enhance
D. Transference
Enhance is a risk response to improve the conditions to ensure the risk event occurs. Risk
enhancement raises the probability of an opportunity to take place by focusing on the trigger
conditions of the opportunity and optimizing the chances. Identifying and maximizing input
drivers of these positive-impact risks may raise the probability of their occurrence.
Answer option D is incorrect. Transference is a strategy to mitigate negative risks or threats. In

Answer option B is incorrect. Amongst all the strategies used to negate risks or threats that
appear in a project, exploit response is one that may be selected for risks with positive impacts
where the organization wishes to ensure that the opportunity is realized. Exploiting a risk event
Answer option A is incorrect. Sharing happens through partnerships, joint ventures, and teaming
agreements. Sharing response is where two or more entities share a positive risk. Risk sharing
deals with sharing of responsibility and accountability with others to facilitate the team with the
best chance of seizing the opportunity. Teaming agreements are good example of sharing the
reward that comes from the risk of the opportunity.

Q77: You are the project manager of the GHY project for your company. This project has a
budget of $543,000 and is expected to last 18 months. In this project, you have identified several
risk events and created risk response plans. In what project management process group will you
implement risk response plans?
A. Planning
B. In any process group where the risk event resides
C. Monitoring and controlling
D. Executing
The monitor and control project risk process resides in the monitoring and controlling project
management process group. This process is responsible for implementing risk response plans,
tracking identified risks, monitoring residual risks, identifying new risks, and evaluating risk
process effectiveness through the project.
Answer option A is incorrect. Risk response plans are not implemented as part of project
planning.
Answer option D is incorrect. Risk response plans are not implemented as part of project
execution.
Answer option B is incorrect. Risk response plans are implemented as part of the monitoring and
controlling process group.

Q78: Which of the following are the classification models used for stakeholder analysis?
A. Influence/Impact grid
B. Salience model
C. Interest/Impact grid
D. Power/Interest grid
E. Power/Influence grid
Explanation: Answer options D, E, A, and B are correct.
Here are the classification models used for stakeholder analysis:
 Power/Interest grid
 Power/Influence grid
 Influence/Impact grid
 Salience model

Q79: John is a new Project Manager for an IT Project. He deals with development of a software
application for one of the company's clients. Since the project duration is long and has many
deliverables, he needs to divide the project into several phases. In this scenario, which of the
following project management process group activities becomes mandatory throughout the
project, to make sure that the project is driven to completion in a controlled manner?
A. Closing process group

B. Monitoring and controlling process group
C. Planning process group
D. Initiating process group
No matter whether the project has a single phase or multi-phases, the monitoring and controlling
process group activities become mandatory in all the phases to make sure that the project is on
the right track. As per PMBOK, because of the integrative nature of the project management, this
process group becomes an integral part of any project throughout the project.
Monitoring and Controlling Process Group

Monitoring and controlling is a process group or stage that starts when the project is in the
executing stage. This process overlaps the executing stage. Monitoring and controlling consists
of those processes that are performed to observe project execution, so that potential problems can
be identified in a timely manner and corrective action can be taken, when necessary, to control
the execution of the project. The key benefit is that project performance is observed and
measured regularly to identify variances from the project management plan. The monitoring and
controlling process includes the following:
 Measuring the ongoing project activities (where we are)

 Monitoring the project variables (cost, effort, etc.) against the project management plan
and the project performance baseline (where we should be)
 Identifying corrective actions to properly address issues and risks (How can we get on
track again)
 Influencing the factors that could circumvent integrated change control, so that only
approved changes are implemented
In multi-phase projects, the monitoring and controlling process also provides feedback between
project phases in order to implement corrective or preventive actions to bring the project into
compliance with the project management plan.
Answer option D is incorrect. Even though the project is multi-phased, and even if it is a good
idea to go through project initiation in each phase, it is very likely to have the project initiation
done only once. However, it is not a MUST to have this process group activities included
Answer option C is incorrect. Even though the project is multi-phased, it is very likely to have
the project planning done only once. Hence, it is not a MUST to have this process group
activities included throughout the project.
Answer option A is incorrect. Even though the project is multi-phased, it is very likely to have
the project closing done only once. There could be a phase-wise closing, but it is the discretion
of the Project Manager and not a MUST to have this process group's activities included
Q80: Risk response is an appropriate procedure for the discovery of an unacceptably high degree
of exposure to one or more risks. Which of the following are the risk response options?
A. Risk mitigation
B. Risk transfer
C. Risk acceptance
D. Risk existence
E. Risk avoidance
Explanation: Answer options E, A, B, and C are correct.
The four key risk response options are used to ensure that the enterprise follows the best possible
risk response strategy and manages its risk environment to gain the positive benefits/opportunity
of risk while minimizing the negative effects/threats. These are:
 Risk avoidance
 Risk mitigation
 Risk transfer
 Risk acceptance
Q81: Which of the following statements best defines quantitative risk analysis?
A. The review of risk events of high probability and highest impact on project objectives
B. The process of prioritizing risks for further analysis or action by assessing and combining
their probability of occurrence and impact
C. The process of numerically analyzing the effect of identified risks on overall project
objectives
D. The planning and quantification of risk responses by probability and impact of each risk
event
Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on
overall project objectives. It's performed on risk that has been prioritized through qualitative risk
analysis.
Answer option B is incorrect because it's actually the definition of qualitative risk analysis.
Answer option A is incorrect because, although somewhat true, it doesn't completely define
Answer option D is incorrect because it's not a valid statement about quantitative risk analysis.
Risk response planning is a separate project management process.
Q82: You work as the project manager for Bluewell Inc. You are working on the NGQQ project
for your company. You have completed the risk analysis processes for the risk events. You and
the project team have created risk responses for most of the identified project risks. Which of the
following risk response planning techniques will you use to shift the impact of a threat to a third
party, together with the responses?
A. Risk mitigation
B. Risk acceptance
C. Risk transference
D. Risk avoidance
Risk transference is a risk response planning technique that is used to shift the impact of a threat
to a third party, together with the ownership of the response.
Risk-response planning is a method of developing options to decrease the amount of threat and
make the most of opportunities. A risk response should align with risk consequence and cost-
effectiveness. This planning documents the processes for managing risk events and addresses the
owners and their responsibilities, risk identification, results from qualification and quantification
processes, budgets and times allotted for responses, and contingency plans. Here are the risk-
response planning techniques:
 Risk acceptance: Indicates that a project team has decided not to change their project
management plan to deal with a risk, or are unable to identify any other suitable response
strategy.
 Risk avoidance: A technique for changing the project management plan to either
eliminate the risk or protect project objectives from its impact.
 Risk mitigation: Listing specific actions for dealing with specific risks associated with
threats and seeking to reduce risks' probability of occurrence or impact to a level below
an acceptable threshold.
 Risk transference: Shifting threat impact to a third party, together with ownership of the
response to it.
345
Q83: Which of the following styles is used with team members who have completed the same
types of tasks in the past and are able to complete the majority of the task at hand on their own?
A. Directive
B. Coaching
C. Delegating
D. Supporting
Supporting is used with team members who have completed the same types of tasks in the past
and are able to complete the majority of the task at hand on their own. They may need to ask a
question or two to obtain guidance along the way.
Answer option A is incorrect. Directive is used when a team member needs to know the step-by-
step procedures for the problem.
Answer option B is incorrect. Coaching is used with team members who have limited experience
with the task at hand. They can perform some minor functions of the task but need direction with
the majority of the task.
Answer option C is incorrect. Delegating is used when team members have performed the same
tasks in the past and are capable of making decisions regarding unexpected issues that may
occur.

Q84: The risk impact/probability chart provides a useful framework that helps in deciding which
risks need attention. Which of the following are the two main dimensions of the risk
impact/probability chart tool?
A. Probability
B. Impact
C. Risk
D. Chart
The risk impact/probability chart provides a useful framework that helps in deciding which risks
need attention. It is based on the principle that a risk has two main dimensions:
 Probability: A risk is defined as an event that may occur. The probability of its
occurrence can range anywhere from just above 0 percent to just below 100 percent.
 Impact: A risk, by its very nature, always shows a negative impact. However, the size of
the impact varies in terms of cost and impact on health, human life, or some other critical
factor.
The chart permits a user to rate potential risks on these two dimensions. The probability that a
risk will occur is represented on one axis of the chart while the impact of the risk, if it occurs, on
the other axis.
Q85: John works as a project manager for uCertify Inc. He's working on a project and has just
contacted the application team for an estimate on their assignments. The application team
notified that the most likely estimate of completion is 29 days, the pessimistic estimate is 38
days, and the optimistic estimate is 15 days. What is the PERT estimate of the assignments?
A. 39
B. 13
C. 21
D. 28
Here's the PERT estimate:

correct answer becomes 28.

Q86: You are the project manager for your organization. You are working with your project
team to complete the qualitative risk analysis process. The first tool and technique you are using
requires that you assess the probability and what other characteristic of each identified risk in the
project?
A. Impact
B. Cost
C. Risk owner
D. Risk category
Risk probability and impact is the team rating of the project's risks and opportunities. All
identified risks should have their cost and impact assessed as a part of qualitative risk analysis.
Answer option B is incorrect. The cost of the risk will be determined through quantitative risk
analysis.
Answer option D is incorrect. The risk categories are not defined through the risk assessment
tool and technique.
Answer option C is incorrect. Risk owners are not determined through risk assessment.

Q87: You're working as project manager in your organization. You're nearing the final stages of
project execution and looking towards the final risk monitoring and controlling activities. For
your project archives, which one of the following is an output of the control risks process?
A. Risk audit
B. Change request
Of all the choices presented, only change request is an output of the control risks process.
Answer options C and D are incorrect because these are the plan risk management processes.
Answer option A is incorrect because risk audit is a control risks process technique.
Q88: Which of the following are the elements of the risk management plan?
A. Lists of risks
B. Revised stakeholder tolerances
C. Probability and impact matrix
D. Budgeting
According to the PMBOK guide, the risk management plan should include the following
elements:
 Methodology: Methodology defines the approaches, tools, and data sources that will be
used to perform risk management on the project.
 Roles and responsibilities: Roles and responsibilities describe the people who are
responsible for managing the identified risks and their responses for each type of activity
identified in the risk management plan. These risk teams might not be the same as the
project team. Risk analysis should be unbiased, which might not be possible when project
team members are involved.
 Budgeting: Budgeting estimates funds needed, based on assigned resources, for inclusion
in the cost baseline and establishes protocols for application of contingency and
management reserves.
 Timing: Timing documents the timing of the risk management processes and includes
the activities associated with risk management in the project schedule.
 Risk categories: Risk categories are a way to systematically identify risks and provide a
foundation for understanding. When determining and identifying risks, the use of risk
categories helps improve the process by giving everyone involved a common language or
basis for describing risk. Risk categories should be identified during this process and
documented in the risk management plan. These categories will assist you in making sure
the next process, Identify Risks, is performed effectively and produces a quality output.
The following list includes some examples of the categories you might consider during
this process:
o Technical, quality, or performance risks: Include risks associated with
unproven technology, complex technology, or changes to technology anticipated
during the course of the project. Performance risks might include unrealistic
performance goals. Perhaps one of the project deliverables concerns a component
manufactured to specific performance standards that have never been achieved.
That's a performance risk.
o Project management risks: Includes improper schedule and resource planning,
poor project planning, and improper or poor project management disciplines or
methodologies.
o Organizational risks: Include resource conflicts because of multiple projects
occurring at the same time in the organization; scope, time, and cost objectives
that are unrealistic given the organization's resources or structure; and lack of
funding for the project or diverting funds from this project to other projects.
o External risks: Includes those aspects that are external to the project, such as
new laws or regulations, labor issues, weather, changes in ownership, and foreign
policy for projects performed in other countries. Catastrophic risks—known as
force majeure—are usually outside the scope of Plan Risk Management and
instead require disaster recovery techniques. Force majeure includes events such
as earthquakes, meteorites, volcanoes, floods, civil unrest, terrorism, and so on.
 Definitions of risk probability and impact: Probability describes the potential for the
risk event occurring, whereas impact describes the effects or consequences the project
will experience if the risk event occurs.
 Probability and impact matrix: A probability and impact matrix prioritizes the
combination of probability and impact scores and helps you determine which risks need
detailed risk response plans.
 Revised stakeholder tolerances: Stakeholders' tolerances, as they apply to the specific
project, may be revised in the plan risk management process.
 Reporting formats: Reporting formats describe the content of the risk register and the
format of this document.
 Tracking: Tracking includes a description of how to document the history of the risk
activities for the current project and how the risk processes will be audited.
Answer option A is incorrect. The lists of risks are documented within the risk register, which is
created in the process following risk management planning. The risk management plan helps in
guiding the processes, including how to go about identifying risks, but does not document the
actual risks.
Q89: Fran is the project manager in her organization. She reports to a project management office
that takes control of the projects. Fran, through the PMO, will directly manage the project. Fran
is a part of what type of PMO?
A. Controlling
B. Directive
C. Functional
D. Supportive
Fran is a part of a directive PMO as the PMO will take charge of the project and manage the
project.
Answer D is incorrect. A supportive PMO follow more of a consultative role to the project
managers than to actually manage the project.
Answer A is incorrect. A controlling PMO provides support, but requires compliance of the
project managers through framework, governance, and templates, forms, and tools.
Answer C is incorrect. There is not such PMO type as functional available.
Reference: The Project Management Body of Knowledge, Fifth edition, Section 1.4.4
Q90: Here are the project risk management processes:
1. Identify risks
2. Control risks
3. Perform quantitative risk analysis
4. Plan risk responses
5. Plan risk management
6. Perform qualitative risk analysis
Which of the following is the correct sequence for the project risk management processes?
A. 4-3-5-1-2-6
B. 1-2-3-4-5-6
C. 1-3-4-2-6-5
D. 5-1-6-3-4-2
Here is the correct sequence for the project risk management processes:
1. Plan risk management

2. Identify risks
3. Perform qualitative risk analysis
4. Perform quantitative risk analysis
5. Plan risk responses
6. Control risks

Q91: What is the expected monetary value of a risk with an impact of $2,500 and probability of
75%?
A. $1,875
B. $925
C. $1,775
D. $2,475
multiply $2,500 by 75% to get $1,875.

Q92: Which of the following techniques is used to calculate the expected value of an outcome
when different possible scenarios exist for different values of the outcome with some
probabilities assigned to them?
A. Expected monetary value (EMV) analysis

The expected monetary value (EMV) analysis is used to calculate the expected value of an
outcome when different possible scenarios exist for different values of the outcome with some
probabilities assigned to them.
Answer option B is incorrect. It is used to determine which risk has the greatest impact on the
project.
Answer option D is incorrect. It can help the project manager determine the best risk response.
Answer option C is incorrect. The probability distribution includes normal, lognormal,

uncertain events.

Q93: Which of the following is a measure of cost performance on a project?
A. SV
B. SPI
C. CPI
D. CV
Cost variance (CV) is an earned value technique used for measuring the cost performance on a
project. The variance signifies whether costs are higher than budgeted or lower than budgeted.
The cost variance is calculated based on the following formula:
CV = Earned value (EV) - Actual cost (AC)
Answer option A is incorrect. Schedule variance (SV) is an earned-value technique used for
measuring project schedule performance. The variance signifies that the schedule is ahead or
behind what was planned at a given time and is calculated by the following formula:
SV = Earned value (EV) – Planned value (PV)
If the resulting value is negative, it indicates that the project is behind schedule. A value greater
than 0 shows that the project is ahead of the planned schedule. A value of 0 indicates that the
project is on schedule.
Answer option B is incorrect. Schedule performance index (SPI) is the measure of project
schedule efficiency. It s used in trend analysis to predict future performance. SPI is the ratio of
earned value to planned value and is calculated using the formula:
Answer option C is incorrect. The CPI is the ratio of earned value to actual cost. It is used to
calculate performance efficiencies, as well as predict future performance in trend analysis. The
CPI is calculated using the following formula:

Q94: You are working in an enterprise. Your project deals with important files that are stored on
the computer. You have identified the risk of the failure of operations. To address this risk of
failure, you have guided the system administrator to take the daily backup. This scenario is an
example of which of the following?
A. Risk mitigation
B. Risk acceptance
C. Risk transference
D. Risk avoidance
Mitigation is the strategy that provides for the definition and implementation of controls to
address the risk described. In this scenario, you are trying to reduce the risk of operation failure
by guiding administrator to take daily backup, hence it is risk mitigation.
Answer option C is incorrect. The scenario does not describe the sharing of risk. Transference is
the strategy that provides for sharing risk with partners or taking insurance coverage.
Answer option D is incorrect. The scenario does not describe risk avoidance. Avoidance is a
strategy that provides for not implementing certain activities or processes that would incur risk.
Answer option B is incorrect. The scenario does not describe risk acceptance. Acceptance is a
strategy that provides for formal acknowledgement of the existence of a risk and the monitoring
of that risk.
Q95: You work as a project manager for uCertify Inc. You and your team are completing the
qualitative risk analysis process. You have gathered the necessary inputs for this process. You
are using risk data quality assessment technique in this process. What is the need to include the
risk data quality assessment technique in the preparation for the qualitative risk analysis process?
A. The risk data quality assessment technique categorizes the risks by sources of risks.
B. The risk data quality assessment technique calculates the degree to which the data about
risks are useful for risk management.
C. The risk data quality assessment technique assesses the risks, which require near-term
responses.
D. The risk data quality assessment technique assesses the probability and impact of risks to
urgent to address.

Q96: There are six inputs to the perform quantitative risk analysis process. Which one of the
following is NOT an input to the perform quantitative risk analysis process?
A. Risk register
C. Cost management plan
D. Project documents updates
The six inputs to the perform quantitative risk analysis process are risk register, risk management
plan, cost management plan, schedule management plan, enterprise environmental factors, and

Q97: What identify risks technique allows participants to identify project risks and to remain
anonymous?
A. Delphi technique
B. Influence diagrams
D. Surveys
The delphi technique uses rounds of anonymous surveys to identify risks and to create a group
consensus on the identified risk events.
group. The delphi technique helps in reaching the consensus quickly.
Answer option D is incorrect. A survey is not a risk identification technique.
Answer option C is incorrect. Assumptions analysis is an important risk identification activity,

but it is not done anonymously.
Answer option B is incorrect. An influence diagram identifies situations within the project,
causal factors, and relationships among events and their outcomes.

Q98: Frances is the project manager of a project in her organization. This project has a budget of
$567,000 and is schedule to last for three years. Frances wants to examine the risk events to
determine which risk events have the most potential impact on the project. Which modeling
technique can help Frances accomplish this goal?
A. Expected monetary value

C. Quantitative risk analysis
D. Modeling and simulation
The sensitivity analysis approach helps project managers determine which risks have the most
potential impact on the project.
The sensitivity analysis is the study of how the variation (uncertainty) in the output of a
mathematical model can be apportioned, qualitatively or quantitatively, to different sources of
variation in the input of a model. In other words, it is a technique for systematically changing
parameters in a model to determine the effects of such changes. The sensitivity analysis is useful
for computer modelers for a range of purposes, including:

Answer option C is incorrect. Quantitative risk analysis does include the review of risk events
and their effect on the project, but not to the extent of the sensitivity analysis.
Answer option A is incorrect. Expected monetary value is a statistical concept to calculate the
average outcome when the future includes scenarios that may, or may not, happen.
Answer option D is incorrect. Modeling and simulation technique translates the specified
uncertainties of the project into their potential impact on project objectives.

Q99: Which of the following are the types of organizational structure?
Each correct answer represents a part of the solution. Choose all that apply.
A. Matrix
B. Regulatory
C. Functional
D. Projectized
From the perspective of structure, organizations are of three types:
1. Functional organizations: In a functional organization, team members are loyal to their

department and report only to their functional manager. The project manager is part-time
on the project and reports to a functional manager; the team members are part-time as
well. The project manager has only limited control over team members because they
report to the functional manager. Overall, a functional organization makes for an
inefficient project organization. Examples of functional organizations include
organizations that are dominated by silos (compartmentalized units such as a sales
department, engineering department, and so on).
2. Projectized organizations: In a projectized organization, team members have no
department they belong to; they are loyal only to the project. Both the project manager
and team members are full-time on the project, and the project manager has control over
team members because they report only to him or her. Overall, a projectized organization
makes for an efficient project organization. An example of a projectized organization
includes all organizations that exist solely to run projects (such as consulting firms or
engineering firms).
3. Matrix organizations: A matrix organization allocates each worker with two bosses in
two different hierarchies. One hierarchy is "functional" and promises that each type of
skilled person in the organization is well-trained, and measured by a boss who is super-
expert in the same field. The other direction is "executive" and tries to get projects
completed using experts. Matrix organizations are a blend of functional and projectized
characteristics. Projects might be organized by products, regions, customer types, or
some other schema.
Answer option B is incorrect. This is a government or industry standard.
Q100: You are the project manager for your organization and you are working with Thomas, a
project team member. You and Thomas have been working on a specific risk response for a
probable risk event in the project. Thomas is empowered with a risk response and will control all
aspects of the identified risk response in which a particular risk event will happen within the
project. What title, in regard to risk, is bestowed on Thomas?
A. Risk coordinator
B. Risk response owner
C. Risk team leader
D. Risk expeditor
The risk response owner is an individual on the project team that is closest to the risk event. He
can be an individual or an organization responsible for implementing risk responses or
contingency plan and performing the action item. He should be empowered with the ability to
respond to the risk as it was planned.
Answer options A, D, and C are incorrect. These are not valid risk management terms.

Q101: You are interviewing members of a project team to test their understanding of the
assigned risk responses as risk owners. You and the project manager are working together to
evaluate the risk responses to determine their effectiveness in the project. What project
management technique are you performing with the project manager in this scenario?
A. Risk analysis
B. Risk identification with the project team
C. Stakeholder analysis as the project team is a stakeholder
D. Risk audits
This is an example of a risk audit. The project manager, and often a consultant, will review the
risk responses, the effectiveness of the risk responses, and the comprehension of the risk
responses through an audit.
Risk audit is a method to test the overall risk management process and the planned risk
responses. A risk audit is a review of the effectiveness of the risk responses in dealing with
identified risks and their root causes, as well as the effectiveness of the risk management process.
Answer option C is incorrect. This is not stakeholder analysis. It is most often used during
stakeholder identification and requirements gathering for the project scope.
Answer option B is incorrect. This is not risk identification, as the risks have been identified and
responses have been created already.
Answer option A is incorrect. This is not risk analysis, as the risks have already been analyzed
and responses have been created.

Q102: Which of the following is one that remains after a risk response plan or contingency plan
is implemented?
A. Secondary risk
B. Residual risk
C. High risk
D. Pure risk
Answer option A is incorrect. Secondary risk is a risk that arises as a straight consequence of
implementing a risk response. The secondary risk is an outcome of dealing with the original risk.
Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not
estimated and planned properly.
Answer option D is incorrect. Pure risk has only a negative effect on the project. Pure risks are
activities that are dangerous to complete and manage such as construction, electrical work, or
manufacturing. It is a class of risk in which loss is the only probable result and there is no
positive result. It is associated to the events that are outside the risk-taker's control. The nature of
the work includes some pure risks. Pure risks can also include things like acts of god (force
majeure), fire, and theft.
Answer option C is incorrect. There is no such risk.

Q103: Joan is the project manager of the KYU project for her company. She is working with
management on defining a contingency reserve for her project. Currently, the project is
scheduled to last 18 months and it has a cost budget of $2.5 million. What two areas of the
project can the contingency reserve address in regard to risk management?
A. Cost and resource management

B. Costs and schedule
C. Quality and costs
D. Risk and project planning
The contingency reserve is an allotment of funds and time for risk events within the project.
Contingency reserves are estimated costs to be used at the discretion of the project manager to
deal with anticipated, but not certain, events. These events are "known unknowns" and are part
of the project scope and cost baselines. The contingency reserve is calculated by multiplying the
equals the contingency reserve for the project.
Answer option C is incorrect. The contingency reserve does address costs, but it does not address
quality.
Answer option A is incorrect. The contingency reserve does not address resource management.
Answer option D is incorrect. The contingency reserve addresses time and costs, not risk and
project planning.

Q104: What is the standard deviation of an activity with a pessimistic estimate of 28, an
optimistic estimate of 15 and a most likely estimate of 20?
A. 2.17
B. 19
C. 3.67
D. 31.2
Here's the standard deviation formula:

Pessimistic - Optimistic, divided by six or [(P-O) / 6]
(28 - 15) / 6. The answer is 2.17.

Q105: You work as the project manager for Bluewell Inc. There has been a delay in your project
work that is adversely affecting the project schedule. You decide, with your stakeholders'
approval, to fast track the project work to get the project done faster. When you fast track the
project, what is likely to increase?
A. Costs
B. Risks
C. Quality control concerns
D. Human resource needs
Fast tracking allows entire phases of the project to overlap and generally increases risks within
the project. Fast-tracking is a technique frequently used to compress a project's schedule. It's
often the most effective way to shorten project duration. You fast-track a project by rescheduling
tasks originally scheduled to run in sequence to run in parallel. This technique shortens the
project schedule without reducing its scope or compromising its quality.
The problem with fast-tracking is that there's no "free lunch." Additional resources—even
"seasoned" ones—pulled in to take on the parallel tasks might make mistakes, skip crucial steps,
or make assumptions because results from the required parallel step were as yet unavailable. If
something goes wrong, your schedule could slip or its quality, scope, or budget suffer.
In general, the risks of fast-tracking are small. However, to make the most of this technique, first
look at the longest tasks on the critical path. These provide the largest potential decrease in
duration with the fewest number of risks to manage.
Answer option C is incorrect. Quality control concerns usually are not affected by fast tracking
decisions.
Answer option A is incorrect. Costs do not generally increase based on fast tracking decisions.
Answer option D is incorrect. Human resources are not affected by fast tracking in most
scenarios.
Q106: Which of the following inputs to the monitor and control process contains the list of risks
identified during risk planning and the responses that will execute if the risks occur?
A. Risk register
B. Work information
C. Performance report
Risk register contains the list of risks identified during risk planning and the responses that will
execute if the risks occur.
Answer options C and B are incorrect. These inputs help in determining whether risk response
plans are being implemented, if those implementations are producing the desired results, and if
there are signs of new risks.
Answer option D is incorrect. The risk management plan provides the necessary information for
carrying out the monitor and control process.

Q107: Tom works as a project manager for BlueWell, Inc. He's determining which risks can
affect his project. Which of the following inputs of the "identify risks" process is useful in doing
so and provides a quantitative assessment of likely cost to complete scheduled activities?
A. Activity duration estimates

B. Activity cost estimates
D. Cost management plan
An activity-cost-estimates review is valuable in identifying risks, as it provides a quantitative

assessment of expected cost to complete scheduled activities and is expressed as a range, with
range width indicating degrees of risk.
Answer option C is incorrect. A risk management plan is a document arranged by a project

manager to estimate project effectiveness, predict risks, and build response plans to mitigate
them. It also consists of a risk assessment matrix.
Answer option A is incorrect. The activity-duration-estimates review is valuable in identifying

risks associated with time allowances for activities or projects as a whole, with range width
indicating degrees of risk.
Answer option D is incorrect. The cost management plan sets how project costs are managed
during its life cycle. It defines a format and principles by which project costs are measured,
reported, and controlled. The cost management plan identifies the person responsible for
managing costs, those with the authority to approve changes to the project or its budget, and how
cost performance is quantitatively calculated and reported upon.
Q108: Which of the following are the processes within the initiating process group?
A. Collect requirements
B. Identify stakeholders
C. Develop project charter
D. Identify risks
Explanation: Answer options C and B are correct.
Initiating is a process group or stage that occurs at the beginning of the project. It determines the
nature and scope of the development. Here are the two processes within the initiating process
group:
 Develop project charter

 Identify stakeholders
Answer options A and D are incorrect because collect requirements and identify risks are the
processes within the planning process group.
Q109: Which of the following tools and techniques of the perform qualitative risk analysis
process is required to categorize the probability and impact of each risk to determine its location
in the matrix?
A. Expert judgment
B. Risk categorization
C. Risk urgency assessment
D. Risk data quality assessment
urgent to address.
Q110: You work as a project manager for uCertify Inc. You have to enable roll-ups of both
resource assignments and availability data to a higher level. Which of the following diagrams
will you use to achieve the task?

B. Roles and responsibility matrix
C. Project network diagram
The resource breakdown structure is a hierarchical structure that is used to represent the
enterprise resources. It also enables a user to create project plans with detailed resource
assignments. It also allows comparison of the workload with detailed resource availabilities. The
resource breakdown structure also enables roll-up of both resource assignments and availability
data to a higher level.
Answer option D is incorrect. A work breakdown structure (WBS) in project management and
systems engineering is a tool that defines a project and groups the project's discrete work
elements in a way that helps organize and define the total work scope of the project.
Answer option B is incorrect. The roles and responsibility matrix maps roles to the project
assignments.
Answer option C is incorrect. A project network diagram illustrates the flow of project activities
from the start to the project's conclusion.

Question Bank – 4
Q1: You work as a project manager for BlueWell Inc. You are preparing for the risk
identification process. You will need to involve several of the project's key stakeholders to help
you identify and communicate the identified risk events. You will also need several documents
to help you and the stakeholders identify the risk events. Which one of the following is NOT a
document that will help you identify and communicate risks within the project?
A. Activity cost estimates

B. Risk register
D. Activity duration estimates
Risk register is not an input to the identify risks process, but it is an output of the identify risks
process. A risk register is a document that contains results of qualitative and quantitative risk
analyses and risk response planning. Description, category, cause, probability of occurrence,
impact on objectives, proposed responses, owner, and current status of all identified risks are
entered in the risk register.

Answer options A, D, and C are incorrect. These are inputs to the identify risks process.

"This is the process of numerically analyzing the effects of identified risks on the overall project
objectives."
A. Identify risks
B. Control risks
Perform quantitative risk analysis is the process of numerically analyzing the effect of identified
risks on overall project objectives. This process generally follows the qualitative risk analysis
process. It is performed on risks that have been prioritized by the qualitative risk analysis process
as potentially and substantially impacting the project's competing demands. The quantitative risk
control risks, to determine if the overall project risk has been decreased.
Answer C is incorrect because this is the process of prioritizing risks for further analysis or
actions, by accessing and combining their probability of occurrence and impact.
Answer A is incorrect because this is the process of determining the risks that may affect the
project, and documenting their characteristics.
Answer B is incorrect because this is the process of implementing risk response plans, tracking
identified risks, monitoring residual risks, identifying new risks, and evaluating risk process
effectiveness through the project.
Q3: Harry is the project manager of the MMQ construction project. In this project, Harry has
identified a supplier who can create stained glass windows for 1,000 window units in the
construction project. The supplier is an artist who works by himself, but creates windows for
several companies throughout the United States. Management reviews the proposal to use this
supplier and while they agree that the supplier is talented, they do not think the artist can fulfill
the 1,000 window units in time for the project's deadline. Management asked Harry to find a
supplier who can fulfill the completion of the windows by the needed date in the schedule. What
risk response has management asked Harry to implement?
A. Avoidance
B. Acceptance
C. Transference
D. Mitigation
This is an example of mitigation. By changing to a more reliable supplier, Harry is reducing the
probability the supplier will be late. It's still possible that the vendor may not be able to deliver
the stained glass windows, but the more reputable supplier reduces the probability of the
lateness.
Answer option C is incorrect. Transference is when the risk is transferred to a third party, usually
for a fee. While this question does include a contractual relationship, the risk is the lateness of
the windows. Transference focuses on transferring the risk to a third party to manage the risk
event. In this instance, the management of the risk is owned by a third party; the third party
actually creates the risk event because of the possibility of the lateness of the windows.
Answer option A is incorrect. Avoidance changes the project plan to avoid the risk. If the project
manager and management changed the window-type to a standard window in the project
requirements, then this would be avoidance. Risk avoidance is a technique used for threats. It
creates changes to the project management plan that are meant to either eliminate the risk
completely or to protect the project objectives from its impact. Risk avoidance removes the risk
event entirely either by adding additional steps to avoid the event or reducing the project scope
requirements. It may seem the answer to all possible risks, but avoiding risks also means losing
out on the potential gains that accepting (retaining) the risk might have allowed.
Answer option B is incorrect. Acceptance accepts the risk that the windows could be late and
offers no response.
Q4: You work as a project manager for Tech Perfect, Inc. You're looking for project
performance efficiencies. The related key values are provided in the table below:
Measurements Values
EV 320
PV 310
AC 400
What is the current project cost variance (CV)?
A. -10
B. +80
C. -80
D. +10
According to the question, you're required to calculate the project cost variance (CV), which is a
measure of project cost performance. The variance indicates whether costs are higher or lower
than budget and is calculated using the following formula:
Cost variance (CV) is a measure of project cost performance. Cost Variance (CV) is calculated
using the following formula:
Cost Variance (CV) = Earned Value (EV) - Actual Cost (AC)
Now, substituting the provided values in the formula:
CV = EV – AC = 320 – 400 = –80
The negative CV (–80) indicates that costs are higher than budget.
Q5: Which of the following conflict management techniques is used by the project manager as a
cooling-off period, to collect more information, or when the issue is not critical?
A. Forcing
B. Accommodation
C. Avoidance
D. Compromising
The project manager uses the avoidance technique as a cooling-off period, to collect more
information, or when the issue is not critical. Avoiding, sometimes known as withdrawal, never
results in resolution.
Answer option D is incorrect. In the compromising technique, both parties gain something and
give up something. Compromising is also known as reconciling. It is a lose-lose technique.
Answer option B is incorrect. In the accommodation technique, one party attempts to meet other
party's needs at the expense of their own.
Answer option A is incorrect. Forcing is a win-lose technique, where one party gets what they
want and the other doesn't.

Q6: The documentation of a project planning states that there are 25 stakeholders with the
project. What will be the number of communication channels for the project?
A. 300
B. 600
C. 25
D. 50
As the project has 25 stakeholders. Communication channels are paths of communication with
stakeholders in a project. The number of communication channels shows the complexity of a
project's communication and can be derived through the formula shown below:
Total number of communication channels = n (n-1)/2

where, n is the number of stakeholders. Hence, a project having five stakeholders will have 10
communication channels. Putting the value of the number of stakeholder in the formula will
provide the number of communication channels:
Number of communication channels = (n (n-1)) / 2

= (25 (25-1)) / 2
= (25 x 24) / 2
= 600 / 2
= 300
291
Q7: Which of the following is a hierarchically organized depiction of the identified project risks
arranged by category?
A. Risk register
B. Risk analysis
C. Risk communication
D. Risk breakdown structure
Risk Breakdown Structure (RBS) is a hierarchically organized depiction of the identified project
risks arranged by category. It helps in identifying and managing project risks. In this structure,
risks are organized and structured in such a way to provide a standard presentation of project
risks that facilitates understanding, communication and management.
Answer option A is incorrect. Risk register is one of the documentation techniques that focus
heavily on risks. Risk register includes all project data, probability, impact, and risk level as well
as other crucial, detailed project information. It can be detailed in project management software
or platform, a spreadsheet, or even in word processing format. The outputs for risk register are
either maintained in hard copy or electronic copy format.
Answer option B is incorrect. Risk analysis is a method or a technique that can be used to
identify and assess factors that may hinder the successful completion of a project or the
achievement of a goal. It is also known as Project Impact Analysis or PIA. Risk analysis can also
be used to determine business needs to start a project.
Answer option C is incorrect. It is the process of exchanging information and views about risks
among stakeholders, such as groups, individuals, and institutions.
Q8: What is the purpose of defining a risk response?
A. To mitigate risk
B. To eliminate risk from the enterprise
C. To overview current status of risk
D. To ensure that residual risk is within the limits of the risk appetite and tolerance
The purpose of defining a risk response is to ensure that residual risk is within the limits of the
risk appetite and tolerance of the enterprise. Risk response is based on selecting the correct,
prioritized response to risk, based on the level of risk, the enterprise's risk tolerance, and the cost
or benefit of the particular risk response option.
Answer option B is incorrect. Risk cannot be completely eliminated from the enterprise.
Answer option A is incorrect. Mitigation of risk is itself the risk response process, not the reason
behind this.
Answer option C is incorrect. This is not a valid answer.

Q9: Ben works as a project manager for the MJH project. In this project, Ben is preparing to
identify stakeholders so that he can communicate project requirements, status, and risks. Ben has
elected to use a salience model as part of his stakeholder identification process. Which of the
following activities best describes a salience model?
A. Grouping the stakeholders based on their level of authority ("power") and their active
involvement ("influence") in the project.
B. Influence/impact grid, grouping the stakeholders based on their active involvement
("influence") in the project and their ability to affect changes to the project's planning or
execution ("impact").
C. Describing classes of stakeholders based on their power (ability to impose their will),
urgency (need for immediate attention), and legitimacy (their involvement is
appropriate).
D. Grouping the stakeholders based on their level of authority ("power") and their level or
concern ("interest") regarding the project outcomes.
A salience model defines and charts stakeholders' power, urgency, and legitimacy in the project.
The salience model is a technique for categorizing stakeholders according to their importance.
The various difficulties faced by the project managers are as follows:
 How to choose the right stakeholders?

 How to prioritize competing claims of the stakeholders communication needs?
Stakeholder salience is determined by the evaluation of their power, legitimacy and urgency in
the organization.
 Power is defined as the ability of the stakeholder to impose their will.

 Urgency is the need for immediate action.
 Legitimacy shows the stakeholders participation is appropriate or not.
The model allows the project manager to decide the relative salience of a particular stakeholder.
Answer option D is incorrect. This defines the power/interest grid.
Answer option A is incorrect. This defines a power/influence grid.
Answer option B is incorrect. This defines an influence/impact grid.

Q10: The identify risks process determines the risks that affect the project and document their
characteristics. Why should the project team members be involved in the identify risks process?
A. They are the individuals that will need a sense of ownership and responsibility for the
risk events.
B. They are the individuals that will most likely cause and respond to the risk events.
C. They are the individuals that will have the best responses for identified risk events within
the project.
D. They are the individuals that are most affected by the risk events.
The project team members should be involved in the risk identification so that they will develop
a sense of ownership and responsibility for the risk events and the associated risk responses.
Answer options D, C, and B are incorrect. These are not the valid answers for this question.

Q11: Frank is the project manager of the NHL project for his company and he is starting the risk
identification process for the project. Frank needs to ensure that the correct stakeholders are
interviewed as part of risk identification. What document will help Frank communicate and
solicit inputs of the project stakeholders during risk identification?
A. Project charter
B. Requirements management plan
D. Risk register
The stakeholder register is the primary document that Frank should use to contact and involve all
of the project stakeholders.
Answer option D is incorrect. The risk register is an output of the identify risks process.
Answer option A is incorrect. The project charter authorizes Frank, the project manager, and it is
not the best choice for identifying and contacting the project stakeholders.
Answer option B is incorrect. The requirements management plan will not help Frank to
communicate with the project stakeholders as directly as the stakeholder register.

Q12: Stakeholder analysis is a tool and technique of which of the following processes?
A. Identify stakeholders
B. Plan stakeholder management
C. Control stakeholder engagement
D. Manage stakeholder engagement
The identify stakeholders process involves identifying and documenting all stakeholders on the
project, including their interests, interdependencies, and potential positive or negative impacts on
the project. Here are the tools and techniques of the identify stakeholders process:
 Stakeholder analysis
 Expert judgment
 Meetings

Q13: John works as a project manager for ABD project. He and his team are working on the
following activities:

 Watchlist of low priority risks
On which of the following processes is John working on?

C. Plan risk management
The goal of "perform qualitative risk analysis" process is to rank risks and determine which need
further analysis and, eventually, risk response plans. The output of this process is project
documents updates, which involves updating the risk register. According to the PMBOK guide,
the risk register is updated with the following information:

 Risk scores
 Causes of risk
Answer option B is incorrect. Perform quantitative risk analysis is the process of numerically
analyzing the effect of identified risks on overall project objectives. This process generally
follows the qualitative risk analysis process. It is performed on risks that have been prioritized by
the qualitative risk analysis process as potentially and substantially impacting the project's
competing demands. The perform quantitative risk analysis process should be repeated after plan
risk responses, as well as part of monitor and control risks, to determine if the overall project risk
has been decreased.
Answer options C and D are incorrect. The activities given in the question are not parts of these
processes.

Q14: Which of the following determines the criteria for developing and maintaining the actual
project schedule, and represents a subsidiary of the project management plan as a whole?
A. Quality management plan

B. Cost management plan
C. Schedule management plan
The schedule management plan is a document that describes how the schedule contingencies will
be reported and assessed. It determines the criteria for developing and maintaining the actual
project schedule, and represents a subsidiary of the project management plan as a whole.
Answer option D is incorrect. A risk management plan is a document organized by a project

manager for evaluating the effectiveness, predict risks, and build response plans to mitigate
them. The following are objectives of the risk management plan:
 Eliminating risks
 Reducing risks to an acceptable level that cannot be eliminated
 Accepting risks cautiously that cannot be eliminated
 Transferring risks by insurance
Answer option B is incorrect. The cost management plan sets how project costs are managed
during its life cycle. It defines a format and principles by which project costs are measured,
reported, and controlled. The cost management plan identifies the person responsible for
managing costs, those with the authority to approve changes to the project or its budget, and how
cost performance is quantitatively calculated and reported upon.
Answer option A is incorrect. It describes how the project team will implement the organization's
quality policy.

determined that there are high number of stakeholders in a project. He's conducting a meeting
with his project management team to determine the communication needs of project
stakeholders. He needs to define and document these needs of project stakeholders. Which of the
following tools and techniques will John use to accomplish the task?
A. Communication technology
B. Communication requirements analysis
C. Communication skills
D. Communication model
John will use communication requirements analysis, which will help in generating the
communication needs of the project stakeholders. The purpose of communication requirements
analysis is to optimize the use of resources in communication. This analysis defines and
documents stakeholder communication requirements, and determines who will communicate
with whom, and what will be communicated.
Answer option C is incorrect. Communication skills are used to express ourselves, to get our
ideas across, and to connect with the person to whom we are speaking.
Answer option A is incorrect. Communication technology examines the method (or technology)
used to communicate the information to, from, and among stakeholders.
Answer option D is incorrect. The communication model depicts how information is transmitted
from the sender and how it's received by the receiver.

Q16: You work as a project manager for BlueWell Inc. You would like to utilize the sensitivity
analysis in your project, but management does not understand how this will be displayed. What
type of chart is usually used with the sensitivity analysis to show the relative effect of risks on
the project?
A. Ishikawa chart
B. Tornado diagram
C. GERT Chart
D. Force field analysis chart
A tornado diagram is usually created when using the sensitivity analysis in project management.
variables.
Answer option A is incorrect. An Ishikawa diagram, also known as a cause-and-effect diagram,

is not used as part of the sensitivity analysis.
Answer option D is incorrect. Force field analysis is used in stakeholder analysis to chart forces,
usually stakeholders, which are in favor of the project or opposed to the project.
Answer option C is incorrect. A GERT chart uses branching, loop backs, and project scenarios to

Q17: Which of the following risks is described in the sentence below?
"It is a class of risk in which loss is the only probable result and there is no positive result. Pure
risk is associated to the events that are outside the risk-taker's control."
A. Assessed risk
B. Negotiated risk
C. Secondary risk
D. Pure risk
Pure risk has only a negative effect on the project. Pure risks are activities that are dangerous to
complete and manage such as construction, electrical work, or manufacturing. It is a class of risk
in which loss is the only probable result and there is no positive result. It is associated to the
events that are outside the risk-taker's control. The nature of the work includes some pure risks.
Pure risks can also include things like acts of god (force majeure), fire, and theft.
Answer option B is incorrect. Negotiated risk is not a valid risk management term.
Answer option A is incorrect. Assessed risk describes the analysis and assessment of a risk
event, not the type of event being assessed.
Answer option C is incorrect. Secondary risk is a risk that arises as a straight consequence of
implementing a risk response. The secondary risk is an outcome of dealing with the original risk.
Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not
estimated and planned properly.

Q18: You're a manager of the HJH project for your company. You've created the probability-
impact risk matrix as shown in the figure below:
Risk Probability Impact

A 0.55 -10,000
B 0.4 -65,000
C 0.3 -90,000
D 0.6 -25,000
E 0.45 -30,000
F 0.7 -245,000
If Risk D happens in this project, how much will be left in the contingency reserve?
A. $440,000
B. $243,500
C. $233,500
D. $258,500
To answer this question, you need to calculate the contingency reserve to be used at the project
manager's discretion to deal with anticipated, but uncertain, events. These events are "known
unknowns" and are part of the project scope and cost baselines. The contingency reserve is
calculated by multiplying the probability and the impact for the risk event value for each risk
event. The sum of risk events equals the project's contingency reserve. In this case,
Risk contingency fund =

(0.55*10,000)+(0.4*65,000)+(0.3*90,000)+(0.6*25,000)+(0.45*30,000)+(0.7*245,000) =
258,500
Therefore, when Risk D happens, it will cost the project $25,000. This $25,000 is subtracted
from the contingency reserve of $258,500, leaving a balance of $233,500 for all other risks.
Answer option B is incorrect because it's not a correct calculation of the risk reserve minus Risk
D.
Answer option A is incorrect because $440,000 is the sum of the risk exposure minus the
exposure for Risk D.
Answer option D is incorrect because it's not a correct value for the balance of the risk reserve.

Q19: Which of the following steps of risks decides how a user can protect the project from the
consequences of risks?
A. Inform key audiences of all risks involved with the project.

B. Assess the potential effects of those risks on the project.
C. Develop plans for mitigating the effects of the risks.
D. Monitor the status of the project's risks throughout performance.
change.
completion.
Q20: You are the project manager of the RTF project for your organization. You are working
with your project team and several key stakeholders to create a diagram that shows causal factors
for an effect to be solved. What diagramming technique are you using as a part of the identify
risks process?
A. Cause-and-effect diagrams
B. Predecessor and successor diagramming
C. Influence diagrams
D. System or process flow charts
In this example, you are using a Cause-and-effect diagram, also known as an Ishikawa or
fishbone diagram, to reveal causal factors for the effect to be solved.
The Ishikawa diagram displays causes of a certain event. A common use of this diagram is to
identify causal factors that result in an overall effect and their root causes. It is sometimes called
a fishbone diagram because of its resemblance to a fish skeleton. It's considered a basic tool of
quality management. The figure below is an example of an Ishikawa diagram.
Answer option D is incorrect. The system or process flow chart can help identify risks within the
process flow, such as bottlenecks or redundancy.
Answer option C is incorrect. An influence diagram shows causal influences, time ordering of
events, and relationships among variables and outcomes.
Answer option B is incorrect. Predecessor and successor diagramming is not a valid risk
identification term.

Q21: Diana is the project manager of the QPS project for her company. In this project, Diana
and the project team have identified a pure risk. Diana and the project team decided, along with
the key stakeholders, to remove the pure risk from the project by changing the project plan
altogether. What is pure risk?
A. It is a risk event that only has a negative side, such as loss of life or limb.
B. It is a risk event that cannot be avoided because of the order of the work.
C. It is a risk event that is created by a risk response.
D. It is a risk event that is generated due to errors or omission in the project work.
Pure risk has only a negative effect on the project. Pure risks are activities that are dangerous to
complete and manage such as construction, electrical work, or manufacturing. It is a class of risk
in which loss is the only probable result and there is no positive result. It is associated to the
events that are outside the risk-taker's control. The nature of the work includes some pure risks.
Pure risks can also include things like acts of god (force majeure), fire, and theft.
Answer option B is incorrect. This is not a valid definition of a pure risk.
Answer option C is incorrect. A risk that is generated by another risk response is a secondary
risk.
Answer option D is incorrect. Risks generated by errors or omissions are not necessarily pure
risks.

Q22: Fill in the blank with the appropriate term.
The is the risk or danger of an action or an event, a method or a (technical) process

that still conceives these dangers even if all theoretically possible safety measures would be
applied.
Explanation: Residual risk is the risk or danger of an action or an event, a method or a

(technical) process that still conceives these dangers even if all theoretically possible safety
measures would be applied. The formula to calculate residual risk is (inherent risk) x (control
risk) where inherent risk is (threats vulnerability).

Q23: You work as a project manager for TechSoft Inc. You are working with the project
stakeholders on the qualitative risk analysis process in your project. You have used all the tools
to the qualitative risk analysis process in your project. Which of the following techniques is
NOT used as a tool in the qualitative risk analysis process?
A. Risk urgency assessment

B. Risk categorization
C. Risk reassessment
You will not need the risk reassessment technique to perform qualitative risk analysis. It is one
of the techniques used to monitor and control risks.
The tools and techniques for the qualitative risk analysis process are as follows:
of project affected, and other valuable types to decide the areas of the project most
 Risk urgency assessment: Risks that require near-term responses are considered more
urgent to address.
Q24: John is the project manager of the NHQ project for his company. His project has 75
stakeholders, some of which are external to the organization. John needs to ensure that he
communicates about risk in the most appropriate method for the external stakeholders. Which
project management plan will be the best guide for him to communicate to the external
stakeholders?
A. Communications Management Plan

B. Risk Response Plan
C. Risk Management Plan
D. Project Management Plan
The Communications Management Plan will direct John on the information to be communicated,
when to communicate, and how to communicate with external stakeholders.
The Communications Management Plan aims to define the communication necessities for the
project and how the information will be circulated. It sets the communication structure for the
project. This structure provides guidance for communication throughout the project's life and is
updated as communication needs change. The Communications Management Plan identifies and
defines the roles of persons concerned with the project. It includes a matrix known as the
communication matrix to map the communication requirements of the project.
Answer C is incorrect because the Risk Management Plan defines how risks will be identified,
analyzed, responded to, and controlled throughout the project.
Answer B is incorrect because the Risk Response Plan identifies how risks will be responded to.
Answer D is incorrect because the Project Management Plan is the parent of all subsidiary
management plans, and it is not the most accurate choice for this question.
296
Q25: Harry works as a project manager for BlueWell Inc. He is determining how to conduct the
risk management activities for a project. According to the PMBOK, there are five inputs to the
plan risk management process. Which one of the following is NOT an input to this process?

B. Project management plan
C. Project charter
 Project management plan: It includes all of the subsidiary plans and baselines for the
project.
 Project charter: It provides various inputs, such as high-level risks, high-level project
descriptions, and high-level requirements.
 Stakeholder register: It includes all details related to the project's stakeholders and
provides an overview of their roles.
 Enterprise environmental factors: They include risk attitudes, thresholds, and
tolerances that describe the degree of risk that an organization withstand. Risk attitude
consists of three elements:
o Risk appetite: Risk appetite is the level of uncertainty the stakeholders are
willing to accept in exchange for the potential positive impacts of the risk.
o Risk tolerance: Risk tolerance is the degree, amount, or volume of risk that an
organization or individual will withstand.
o Risk threshold: Risk threshold is a measure of the level of uncertainty or impact
the organization is willing to operate within.
 Organizational process assets: They include risk categories, risk statement formats,
standard templates, roles and responsibilities, authority levels for decision-making,
lessons learned, and stakeholder registers.
The output of this process is risk management plan.

Q26: Joyce is the project manager for her company. Joyce and her project team are working
through the quantitative analysis for certain risk events within her project. According to the
enterprise environmental factors, the project manager is to perform sensitivity analysis on any
risk with an impact greater than $5,000 in the project. What is sensitivity analysis?
A. It determines possible combinations of risk events to predict overall project success,

failure, or probability of achieving project objectives.
B. It determines which risk events have the most potential impact on the project.
C. It uses rounds of anonymous surveys to predict probability and impact.
D. It uses round of anonymous surveys to predict which events are most likely to happen.
Sensitivity analysis helps determine which risk events have the most impact on the project as a
whole. It analyzes the uncertainty of each project objective to predict the likelihood of reaching
project objectives in relation to other risk events.
Answer options C and D are incorrect. The delphi technique uses rounds of anonymous surveys
to identify risks, not as a part of the sensitivity analysis.
Answer option A is incorrect. This answer hints at the Monte Carlo technique, which examines
possible combinations of events and attributes, such as time and cost estimates, to predict a mean
for the project.

Q27: John works as a project manager for uCertify Inc. He has identified risks in a project and
wants to determine which risk requires a near-term response. Which of the following tools and

B. Risk probability
D. Checklist analysis
John will use risk urgency assessment, which is a risk prioritization technique based on time
urgency. This technique determines which risks require a near-term response. For example, a risk
that is going to occur now is more urgent to address than a risk that might occur a month from
now.
Answer option B is incorrect. Risk probability refers to the likelihood that a risk will occur, and
Answer option D is incorrect. Checklist analysis is an organized approach built on the past
knowledge incorporated in checklist questions.
Answer option A is incorrect. Decision tree analysis is used when there are multiple possible

Q28: Wendy is about to perform qualitative risk analysis on the identified risks within her
project. Which one of the following will NOT help Wendy to perform this project management
activity?
A. Risk register
B. Scope baseline
The stakeholder register is not an input to the qualitative risk analysis process. The five inputs
are the risk register, risk management plan, scope baseline, enterprise environmental factors, and
Answer option A is incorrect. The risk register can help Wendy to perform qualitative risk
analysis.
Answer option B is incorrect. The scope baseline is needed to help with qualitative risk analysis.
Answer option C is incorrect. The risk management plan is an input to the risk qualitative
analysis process.

Q29: Stephen is the project manager of the GBB project for his organization. He has worked
with two subject matter experts and his project team to complete the risk assessment technique.
There are approximately 47 risks that have a low probability and a low impact on the project.
Which of the following options best describes what Stephen should do with these risk events?
A. The low probability and low impact risks should be added to the risk register.
B. The low probability and low impact risks should be added to a watchlist for future
monitoring.
C. Risks can be dismissed because they are low probability and low impact risks.
D. Stephen should accept the risks because they are low probability and low impact risks.
The best answer, according to the PMBOK, is that the low probability and low impact risks
should be added to a watchlist for future monitoring.
Answer option D is incorrect. The risk response for these events may be to accept them, but the
best answer is to first add them to a watchlist.
Answer option C is incorrect. Risks are not dismissed; they are at least added to a watchlist for
monitoring.
Answer option A is incorrect. While the risks may eventually be added to the register, the best
answer is to first add them to the watchlist for monitoring.

Q30: You are the project manager of the NGH project for your organization. You want to create
a cause-and-effect diagram to help discover the root causes of risks within the project. Harold,
the CIO, recommends that you create an Ishikawa diagram instead. What is an Ishikawa
diagram?
A. It is a diagram that shows the causes of a certain event.

B. It diagrams risks according to the work breakdown structure including resources.
C. It is a graphical representation of situations showing causal influences.
D. It is a diagram that shows how various elements of a system interrelate.
It is a diagram that shows the causes of a certain event. An Ishikawa diagram is the same thing as
a cause-and-effect diagram. This is also known as a fishbone diagram.
The Ishikawa diagram displays causes of a certain event. A common use of this diagram is to
identify causal factors that result in an overall effect and their root causes. It is sometimes called
a fishbone diagram because of its resemblance to a fish skeleton. It's considered a basic tool of
quality management. The figure below is an example of an Ishikawa diagram.
Answer option D is incorrect. This is the definition of a system or process flowchart.
Answer option C is incorrect. This is the definition of an influence diagram.
Answer option B is incorrect. This is the definition of the risk breakdown structure including
project resources.

Q31: Which of the following risk strategies change plans to circumvent the problem?
A. Avoid risk
B. Control/Mitigate risk
C. Accept risk
D. Transfer risk
Most critically, risk management plans include risk strategies, which are as follows:
 Avoid risk: This strategy change plans to circumvent the problem.

 Control/Mitigate risk: This strategy reduces impact or likelihood (or both) through
intermediate steps.
 Accept risk: This strategy takes the chance of negative impact (or auto-insurance),
eventually budget the cost (e.g. via a contingency budget line).
 Transfer risk: This strategy outsources risk to the third party or parties that can manage
the outcome.
Reference: http://en.wikipedia.org/wiki/Risk_management_plan
Q32: A project manager must have certain interpersonal skills to communicate with stakeholders
and manage their expectations of the project work. Which of the following interpersonal skills
has been identified as one of the biggest reasons for project success or failure?
A. Political and cultural awareness

B. Influencing
C. Motivation
D. Communication
Communication has been identified as one of the biggest reasons for why projects succeeds or
fails. Effective communication is essential for good project management.
Communication is a process in which information is passed from one person to another. A

manager asks his subordinates to accomplish the task assigned to them. He should successfully
pass the information to his subordinates. It is a means of motivating and guiding the employees
of an enterprise.
Answer option C is incorrect. Motivation is one of the important interpersonal skills, but it is not
the best answer.
Answer option B is incorrect. Influencing the project stakeholders is a needed interpersonal skill,
but it is not the best answer.
Answer option A is incorrect. Political and cultural awareness is an important part of every
project, but it is not the best answer for this question.

Q33: Don is the project manager of the PFO project for his organization. Don is working with
the project team members and two subject matter experts to assess the identified risk events in
the project. Which of the following approaches is the best to assess the risk events in the project?
A. Probability and impact Matrix

B. Determination of the true cost of the risk event
C. Root cause analysis
D. Interviews or meetings
Risk probability and assessment is completed through interviews and meetings with the
participants that are most familiar with the risk events, the project work, or have other
information that can help determine the effect of the risk.
Answer option A is incorrect. The probability and impact matrix is a tool and technique to
prioritize the risk events, but it's not the best answer for assessing risk events within the project.
Answer option B is incorrect. The true cost of the risk event is not a qualitative risk assessment
approach. It is often done during the quantitative risk analysis process.
Answer option C is incorrect. Root cause analysis is a risk identification technique, not a
qualitative assessment tool.

Q34: In which of the project life cycle is project scope defined at the beginning of the project
and changes are monitored closely?
A. Incremental
B. Adaptive
C. Iterative
D. Predictive
In predictive life cycle, the project scope is defined at the beginning of the project and changes
are monitored closely. If changes are made, you must revisit and modify plans and formally
accept the changes to the scope and subsequent project management plan. The work of each
phase is distinct and not repeated in other phases.
Answer options C and A are incorrect. In iterative and incremental life cycle, project deliverables
are defined early and progressively elaborated as the project progresses.
Answer option B is incorrect. Adaptive life cycle is chosen when active participation of
stakeholders is required throughout the project, when you are not certain of all the requirements
at the beginning of the project, or when you work in a changing environment.

identified all possible risks. He needs to prioritize risks and assign a risk rating to them. Which
of the following techniques will John use to accomplish the task?
A. Assumptions analysis
B. Delphi technique
D. Brainstorming
John will use risk urgency assessment, which is a risk prioritization technique based on time
urgency. For example, a risk going to occur now is more urgent to address than a risk that might
occur a month from now.

Q36: In which conflict management technique does one party attempts to meet other party's
needs at the expense of their own?
A. Competition
B. Smoothing
C. Avoidance
D. Confronting
Conflict management involves solving problems. Here are the general techniques for resolving
conflict:
 Avoidance: This technique is used by the project manager as a cooling-off period, to

collect more information, or when the issue is not critical. Avoiding, sometimes known as
withdrawal, never results in resolution.
 Competition: In this technique, one party uses any available means to get its way, often
at the expense of the other party.
 Compromising: In this technique, both parties gain something and give up something.
Compromising is also known as reconciling. It is a lose-lose technique.
 Accommodation or smoothing: In this technique, one party attempts to meet other
party's needs at the expense of their own.
 Confronting: It is also called problem solving and is the best way to resolve conflict.

Q37: Which of the following is an enterprise environmental factor that can affect the availability
of resources and influence how projects are conducted?
A. Organizational process assets

B. Organizational communication
C. Organizational structure
D. Organizational culture
Organizational structure is an enterprise environmental factor that can affect the availability of
resources and influence how projects are conducted. The organizational structure should be
designed in such a way that it can meet all needs of the enterprise. It should have clearly defined
roles for authority and responsibility.
Answer option D is incorrect. Organizational culture is the collective behavior of humans that
are part of an organization. It is also formed by the organization values, visions, norms, working
language, systems, and symbols, which includes beliefs and habits.
Answer option B is incorrect. Project management success in an organization is highly

dependent on an effective organizational communication style, especially in the face of
globalization of the project management profession.
Answer option A is incorrect. Organizational process assets are elements of historical

information, guidelines, processes, and standard procedures within an organization. They are
usually something that have been created before the project begins and often, but not always,
come from historical information.
Reference: The Project Management Body of Knowledge, Fifth edition, Section 3.1.3/uc:ref>
Q38: Which of the following processes includes meetings as one of the tools and techniques?

C. Identify risks
D. Control risks
Here are the tools and techniques of the control risks process:
 Risk reassessment
 Risk audits
 Variance and trend analysis
 Technical performance measurement
 Reserve analysis
 Meetings

Q39: Nancy is the project manager of the NHH project. She and the project team have identified
a significant risk in the project during the qualitative risk analysis process. Bob is familiar with
the technology that the risk is affecting and proposes to Nancy a solution to the risk event. Nancy
tells Bob that she has noted his response, but the risk really needs to pass through the quantitative
risk analysis process before creating responses. Bob disagrees and ensures Nancy that his
response is most appropriate for the identified risk. Who is correct in this scenario?
A. Bob is correct. Bob is familiar with the technology and the risk event, so his response
should be implemented.
B. Nancy is correct. Because Nancy is the project manager, she can determine the correct
procedures for risk analysis and risk responses. In addition, she has noted the risk
response that Bob recommends.
C. Nancy is correct. All risks of significant probability and impact should pass the
quantitative risk analysis process before risk responses are created.
D. Bob is correct. Not all risk events have to pass the quantitative risk analysis process to
develop effective risk responses.
In this scenario, Bob is correct, as not all risk events have to pass through the perform
quantitative risk analysis process to develop effective risk responses.
Answer option C is incorrect. Nancy is incorrect to state that risk events must pass through
quantitative risk analysis process to develop a risk response; this is not a true statement.
Answer option B is incorrect. Just because Nancy is the project manager does not make her
automatically correct. This is an example of the forcing decision-making process.
Answer option A is incorrect. Bob does have experience with the technology, but that does not
automatically make him correct to manage the risk event.

Q40: Which of the following is a logical diagram that shows the relation between system
failures?
A. Event-tree analysis
B. Fault-tree analysis
C. Preliminary risk analysis
D. Failure mode and effects analysis
Fault-tree analysis (FTA) is a logical diagram that shows the relation between system failures.
This technique can be used in qualitative or quantitative risk analysis. Qualitative FTA is a
deductive (top-down) approach that graphically and logically represents events at a lower level
which can lead to a top undesirable event. In quantitative FTA, failure rates or probabilities are
input into the tree and the probability of occurrence is computed for the top undesirable event.
Answer option A is incorrect. Event-tree analysis is a logical method of analyzing how and why
a disaster could occur. It is used for illustrating the sequence of outcomes that may arise after the
occurrence of a selected initial event.
Answer option D is incorrect. Failure mode and effects analysis (FMEA/FMECA) is a procedure
by which each potential breakdown approach in a system is analyzed to establish its effect on the
system and to classify it according to its severity. When the FMEA is extended by a criticality
analysis, the technique is then called failure mode and effects criticality analysis (FMECA).
Answer option C is incorrect. Preliminary risk analysis (PRA) or hazard analysis is a qualitative
risk analysis technique that involves a disciplined analysis of the event sequences that could
transform a potential hazard into an accident. This technique first identifies the possible
undesirable events and then analyzes the events separately. Also, possible improvements or
preventive measures are formulated for each undesirable events or hazards.
Q41: Which of the following gives the project manager the ability to discover, address, and take
corrective action against errors discovered during the phase?
A. Fast tracking
B. Phase-end review
C. Progressive elaboration
D. Feasibility study
A phase-end review allows those involved with the work to determine whether the project should
continue to the next phase. Phase-end reviews give the project manager the ability to discover,
address, and take corrective action against errors discovered during the phase. Phase end reviews
are also known as phase exits, phase gates, and kill points.
Answer option A is incorrect. Fast tracking means that a later phase is started prior to completing
and approving the phase, or phases, that come before it. This technique is used to shorten the
overall duration of the project. Fast tracking can occur for the entire duration of the task or
phase, or for a portion of the task or phase duration. It can increase project risk and might cause
the project team to rework on tasks. Fast tracking works only for activities that can be
overlapped.
Answer option D is incorrect. A feasibility study is a preliminary assessment of the viability of

the project; the viability or perhaps marketability of the product, service, or result of the project;
and the project's value to the organization. It might also determine whether the product, service,
or result of the project is safe and meets industry or governmental standards and regulations. The
completion and approval of the feasibility study triggers the beginning of the requirements phase,
where requirements are documented and then handed off to the design phase, where blueprints
are produced. The feasibility might also show that the project is not worth pursuing and the
project is then terminated; therefore, the next phase never begins.
Answer option C is incorrect. Progressive elaboration is the characteristics of incrementally, and

continually, refining work and information in greater detail as a project progresses. The concept
of progressive elaboration refers specifically to a project management technique in which the
plan for the particular and designated project is being continuously and constantly modified,
detailed, and improved as newer and more improved sets of information becomes available to the
project management team as the project unfolds and comes into implementation.
Q42: Which of the following are the tools and techniques of the perform qualitative risk analysis
process?
A. Probability and impact matrix

Here are the tools and techniques of the perform qualitative risk analysis process:
 Risk probability and impact assessment

 Probability and impact matrix
 Risk data quality assessment
 Risk categorization
 Risk urgency assessment
 Expert judgment
Answer options C and B are incorrect because probability distribution and decision tree analysis
are the tools and techniques of the perform quantitative risk analysis process.

Q43: Which of the following are the examples of enterprise environmental factors?
A. Government or industry standards

B. Commercial databases
C. Organizational structure and culture
D. Policies, procedures, and guidelines
Enterprise environmental factors refer to both internal and external factors that surround or
influence a project's success. Here are the examples of enterprise environmental factors:
 Organizational structure and culture

 Government or industry standards
 Marketplace conditions
 Infrastructure
 Personnel administration
 Commercial databases
 PMIS (Project Management Information System)
Answer option D is incorrect. Here are the examples of organizational process assets:
 Historical information; archived project files

 Templates
 Lessons learned
 Policies, procedures, and guidelines

there are multiple risks that will affect several stakeholder requirements. He needs to prioritize
the list of identified risks as high risk, moderate risk, or low risk. Which of the following tools
and techniques will John use to classify the list of identified risks?
A. Risk probability and impact assessment

B. Risk data quality assessment
John will use the probability and impact matrix tool and technique. The outcome of a probability
and impact matrix is an overall risk rating for each of the project's identified risks. The
combination of probability and impact results in a classification expressed as high, medium, or
low. High risks are considered a red condition, medium risks are considered a yellow condition,
and low risks are considered a green condition.
Answer option A is incorrect. Risk probability refers to the likelihood that a risk will occur, and
Answer option C is incorrect. Risk urgency assessment is a risk prioritization technique based on
time urgency. For example, a risk going to occur now is more urgent to address than a risk that
might occur a month from now.
Answer option B is incorrect. Risk data quality assessment involves determining the usefulness
of the data gathered to evaluate risk.

Q45: Which of the following techniques depicts how the elements of a system are related to each
other and shows the logical flow of a process?
A. Analysis diagram
B. Cause-and-effect diagram
C. System or process flow chart diagram
D. Influence diagram
Diagramming techniques use diagrams for identifying risks by exposing and exploring the risks
causes. The following are some diagramming techniques:
 Cause and effect diagram: This technique illustrates how various factors (causes) can
be linked to potential problems (effects). It is also known as fishbone diagrams or
Ishikawa diagram.
 System or process flow chart: This shows the logical steps needed to accomplish an
objective, how the elements of a system relate to each other, and what actions cause what
responses.
 Influence diagram: This technique is a graphical representation of situations that display
relationships among various variables and outcomes, such as causal influences and time
ordering of events.
Answer option A is incorrect. This is an invalid option.

Q46: John works as a project manager for uCertify Inc. He has just created the risk register.
Under which of the following project risk management processes does this come?
A. Identify risks
The risk register is created as a result of the identify risks process. A risk register is a document
that contains results of qualitative and quantitative risk analyses and risk response planning.
Description, category, cause, probability of occurrence, impact on objectives, proposed
responses, owner, and current status of all identified risks are entered in the risk register.

Q47: Mary is the project manager of the HGH project for her company. She and her project team
have agreed that if the vendor is late by more than ten days, they will cancel the order and hire
the NBG Company to fulfill the order. The NBG Company can guarantee orders within three
days, but the costs of their products are significantly more expensive than the current vendor.
What type of a response strategy is this?
A. External risk response

B. Contingent response strategy
C. Internal risk management strategy
D. Expert judgment
This is a contingent response strategy, as it is a predefined strategy that the project will
implement only if a certain condition, such as the late order delivery, comes true.
The contingency risk response strategy is also known as the contingency plan. The contingency
risk response strategy works in the improvement of different courses of actions that include
changes in schedule, resources, or contract. Contingency planning is taken into consideration
when the risk events happen in the project. This means that one should prepare and plan the
contingencies in advance before the threats occur. After the risks have been acknowledged and
quantified, contingency plans should be planned, developed, and kept organized. Contingency
allowances or the reserves are the general contingency responses.
Answer option C is incorrect. This is not a valid risk management term.
Answer option A is incorrect. This could be seen as an external risk, because the occurrence of
the risk event is managed by the vendor, but it is a pre-defined risk response, so a contingent
response strategy is a better choice.
Answer option D is incorrect. Expert judgment is usually seen when the project hires a
consultant or relies on someone with more experience than the project manager to help make the
best decision.

Q48: You are the project manager for the GHY project and are working to create a risk response
for a negative risk. You and your project team have identified the risk that the project may not
complete on time, as required by the management, due to the creation of the user guide for the
software you're creating. You have elected to hire an external writer in order to satisfy the
requirements and to alleviate the risk event. What type of risk response have you elected to use
in this instance?
A. Sharing
B. Exploiting
C. Avoidance
D. Transference
This is an example of transference, as you have transferred the risk to a third party. Mostly
transference is done with a negative risk event and it usually requires a contractual relationship.
Transference
Answer option C is incorrect. When extra activities are introduced into the project to avoid the
Answer option A is incorrect. Sharing is a positive risk response, such as receiving a discount for
a purchase if the quantity, you're purchasing, is large enough. In this instance, you might share
the risk with another project that also needs the item you're purchasing so you can both seize the
opportunity. The sharing risk response can also describe a teaming agreement or short-term
partnership between two entities to capture an opportunity.
Answer option B is incorrect. Exploiting is a positive risk response that takes advantage of an
opportunity, such as selling a byproduct, an opportunity in a market window, or other risk that
can be profitable, offer a time-savings, or reduce costs.
345
Q49: Which of the following quality tools are displayed as histograms that rank-order the most
important factors such as delays, costs, and defects?
A. Cause-and-effect diagrams
B. Pareto diagrams
C. Scatter diagrams
D. Flowcharts
Pareto diagrams are displayed as histograms that rank-order the most important factors such as
delays, costs, and defects; for example, by their frequency over time.
Answer option A is incorrect. Cause-and-effect diagrams show the relationship between the
effects of problems and their causes.
Answer option C is incorrect. Scatter diagrams, also known as correlation charts, display the
relationship between the two elements as points on a graph. This relationship is analyzed to
prove or disprove cause-and-effect relationships.
Answer option D is incorrect. Flowcharts (also known as stratification charts) show the logical
steps needed to accomplish an objective, how the elements of a system relate to each other, and
what actions cause what responses.

Q50: Fred is the project manager of the PKL project. He is working with his project team to
complete the quantitative risk analysis process as a part of risk management planning. Fred
understands that once the quantitative risk analysis process is complete, the process will need to
be completed again in at least two other times in the project. When will the quantitative risk
analysis process need to be repeated?
A. The quantitative risk analysis process will be completed again after the risk response
planning and as a part of monitoring and controlling.
B. The quantitative risk analysis process will be completed again after the cost management
planning and as a part of monitoring and controlling.
C. The quantitative risk analysis process will be completed again after the plan risk response
planning and as part of procurement.
D. The quantitative risk analysis process will be completed again after new risks are
identified and as part of monitoring and controlling.
The quantitative risk analysis process will, at a minimum, be completed again after the risk
response planning and as a part of monitoring and controlling.
The quantitative risk analysis is a process to assess the probability of achieving particular project
objectives, to quantify the effect of risks on the whole project objective, and to prioritize the risks
based on the impact to overall project risk. The quantitative risk analysis process analyzes the
effect of a risk event deriving a numerical value. It also presents a quantitative approach to build
decisions in the presence of uncertainty.
Answer option B is incorrect. The quantitative risk analysis process is not required to be
completed again after cost management planning.
Answer option C is incorrect. The quantitative risk analysis process is not a part of the
procurement processes.
Answer option D is incorrect. While this statement may be true for some new risk events, you
must consider that there is no certainty that new risks will be identified in the project and that no
new risks identified will necessarily require the quantitative risk analysis process.

identified a risk that will have negative consequences on the project. You and your risk
management team are not able to mitigate that risk from the project. Which response strategy
will you take to deal with this risk?
A. Transfer
B. Reject
C. Avoid
D. Accept
The accept or acceptance strategy is used when you're not able to eliminate all the threats on the
project. Acceptance of a risk event is a strategy that can be used for risks that pose either threats
or opportunities to the project.
Answer option A is incorrect because the idea behind a risk transfer is to transfer the risk and the
consequences of that risk to a third party. The risk has not gone away, but the responsibility for
the management of that risk now rests with another party.
Answer option B is incorrect because there is no such response strategy.
Answer option C is incorrect because with risk avoidance, you essentially eradicate the risk by
eliminating its cause. Risks that occur early in the project might easily be avoided by improving
communications, refining requirements, assigning additional resources to project activities,
refining the project scope to avoid risk events, and so on.
Q52: Gary is project manager for his company. He's working with project stakeholders on its
requirements, and examining how risks might affect their project. One of the stakeholders is
confused about what constitutes project risk. Which of the following is the most accurate
definition of project risk?
A. It's an unknown event that can affect the project scope.

B. It's an uncertain event or condition within the project execution.
C. It's an uncertain event that can affect project costs.
D. It's an uncertain event that can affect at least one project objective.
Risk is an uncertain event or condition that, if it occurs, has an effect on at least one project
objective. Project risk is concerned with expected value of one or more results of one or more
future project events. It's an uncertain condition that, if it occurs, has an effect on at least one
project objective. Objectives can be scope, schedule, cost, or quality. Project risk is always
projected into the future.
Answer A is incorrect because risk is not unknown, it's uncertain. In addition, an event can affect
at least one project objective, not just project scope.
Answer B is incorrect because, although it would seem true, the event doesn't have to happen
during project execution.
Answer C is incorrect because risks can affect time, costs, or scope, not just costs.
Q53: You are the project manager of the NKQ project for your organization. You have
completed the quantitative risk analysis process for this portion of the project. What is the only
output of the quantitative risk analysis process?
A. Risk contingency reserve

B. Probability of reaching project objectives
C. Risk register updates
D. Risk response
The only output of the quantitative risk analysis process is the risk register updates. You will
update the risk register with the probabilistic analysis of the project, probability of achieving cost
and time objectives, list of quantified risks, and trends in quantitative risk analysis results.
The output of perform quantitative risk analysis process is Risk Register Updates. Risk register is
updated to take account of a quantitative risk report detailing quantitative approaches and
outputs. Updates include the following important elements:
 Probabilistic analysis of the project

 Probability of achieving cost and time objectives
 Prioritized list of quantified risks
 Trends in quantitative risk analysis results
Answer option D is incorrect. Risk responses come from the plan risk response process.
Answer option B is incorrect. The probability of reach project objectives, specifically time and
cost objectives, are included as part of updating the risk register.
Answer option A is incorrect. The risk contingency reserve is not an output of the quantitative
risk analysis process.

Q54: Which of the following is the process of defining the way to conduct the risk management
activities?

Plan risk management is the process of defining the way to conduct the risk management
activities. Planning is essential for providing sufficient resources and time for risk management
activities, and to establish an agreed-upon basis of evaluating risks. This process should start as
soon as project is conceived and should be completed early during project planning.
Answer option B is incorrect. This process estimates the overall probability for risks to occur and
their impact and prioritizes them accordingly for further analysis.
Answer option C is incorrect. This process analyzes numerically the effect of identified risks on
meeting the project objectives.
Answer option D is incorrect. This process prepares a risk response plan for increasing the

Q54: In which of the following stages does the creation of a project scope statement take place?
A. Planning
B. Initiating
C. Executing
D. Monitoring and controlling
Creating a project scope statement is a part of the planning stage of a project.
stage, the system is designed. Occasionally, a small prototype of the final product is built and
tested. Testing is generally performed by a combination of testers and end users, and can occur
after the prototype is built or concurrently. The results of the design stage should include a
product design that:
 satisfies the project sponsor, end user, and business requirements.

 functions as it was intended.
 can be produced within quality standards.
 can be produced within time and budget constraints.
Controls should be in place that ensures that the final product will meet the specifications of the
project charter.
Answers B, D, and C are incorrect. Project scope statements are not created in these stages.
Q55: In which of the following stages does the creation of a project scope statement take place?
A. Planning
B. Initiating
C. Executing
Creating a project scope statement is a part of the planning stage of a project.
stage, the system is designed. Occasionally, a small prototype of the final product is built and
tested. Testing is generally performed by a combination of testers and end users, and can occur
after the prototype is built or concurrently. The results of the design stage should include a
product design that:
 satisfies the project sponsor, end user, and business requirements.

 functions as it was intended.
 can be produced within quality standards.
 can be produced within time and budget constraints.
Controls should be in place that ensures that the final product will meet the specifications of the
project charter.
Answers B, D, and C are incorrect. Project scope statements are not created in these stages.
"It aims to reduce the threats to the project objectives and to increase opportunities."

D. Control risks
follows:
Answer option A is incorrect. It is the process of prioritizing risks for further analysis or action
by accessing and combining their probability of occurrence and impact.
Answer option C is incorrect. It is the process of numerically analyzing the effect of identified
Answer option D is incorrect. It is the process of implementing risk response plans, tracking
identified risks, monitoring residual risk, identifying new risks, and evaluating risk process
effectiveness throughout the project. It can involve choosing alternative strategies, executing a
contingency or fallback plan, taking corrective action, and modifying the project management
plan.

Q57: Mary is the project manager for the BLB project. She has instructed the project team to
assemble to review the risks. She has included the schedule management plan as an input for the
quantitative risk analysis process. Why is the schedule management plan needed for quantitative
risk analysis?
A. Mary will utilize the schedule controls and the nature of the schedule for the quantitative
analysis of the schedule.
B. Mary will schedule when the identified risks are likely to happen and affect the project
schedule.
C. Mary will use the schedule management plan to schedule the risk identification meetings
throughout the remaining project.
D. Mary will utilize the schedule controls to determine how risks may be allowed to change
the project schedule.
The controls within the schedule management plan can shape how quantitative risk analysis will
be performed on the schedule.
Answer option C is incorrect. This is not a valid answer for this question. Risk identification
happens throughout the project, but it is not scheduled during the quantitative risk analysis
process.
Answer option B is incorrect. When risks are likely to happen is important, but it is not the best
answer for this question.
Answer option D is incorrect. Risks may affect the project schedule, but this is not the best
answer for the question.

Q58: Which of the following parameters is the most important while selecting appropriate risk
response?
A. Capability to implement response

B. Cost of response
C. Efficiency of response
D. Importance of risk
The cost of response, which is applied so as to reduce risk within tolerance levels, is one of the
most important parameters. By considering the cost of response, it is decided whether or not
benefits of applying response is greater than accepting the risk; and according to this analysis, it
is decided whether the certain response should be applied or not. For example, if the risk transfer
response is applied by using insurance, cost would be the cost of insurance.
Answer option D is incorrect. This is one of the parameters that is considered but is not as
important as considering the cost of response. The importance of the risk is determined by the
combination of likelihood and magnitude levels along with its position on the risk map.
Answer option A is incorrect. This parameter is considered after analyzing the cost of response,
which will further decide the level of sophistication of risk response.
The enterprise's capability to implement the response means that if the risk management process
is mature, the risk response is more sophisticated and if it is not, risk response should be very
basic.
Answer option C is incorrect. Efficiency of response can only be analyzed after applying the
response. So it is the latter stage in the selection of response.
Q59: You work as a project manager for BlueWell Inc. Management has asked you to work with
the key project stakeholder to analyze the risk events you have identified in the project. They
would like you to analyze the project risks with a goal of improving the project's performance as
a whole. What approach can you use to achieve the goal of improving the project's performance
through risk analysis with your project stakeholders?
A. Focus on the high-priority risks through qualitative risk analysis.

B. Involve the stakeholders for risk identification only in the phases where the project
directly affects them.
C. Use qualitative risk analysis to quickly assess the probability and impact of risk events.
D. Involve subject matter experts in the risk analysis activities.
By focusing on the high-priority of risk events through qualitative risk analysis, you can improve
the project's performance.
Answer option D is incorrect. Subject matter experts can help the qualitative risk assessment, but
by focusing on high-priority risks, the project's performance can improve by addressing these
risk events.
Answer option B is incorrect. Stakeholders should be involved throughout the project as

situations within the project demand their input to risk identification and analysis.
Answer option C is incorrect. Qualitative analysis does use a fast approach of analyzing project
risks, but it's not the best answer for this question.

Q60: Which of the following examines the dissimilarities between the planned and the actual
budget or schedule to discover unacceptable risks to the budget, schedule, quality, or project
scope?
A. Forecasting
B. Trend analysis
C. Technical performance measurement
D. Variance analysis
Variance analysis is used to gauge how closely a project adheres to the scope, time, and cost
estimates made during the planning phase. It examines the dissimilarities between the planned
and the actual budget or schedule to discover unacceptable risks to the budget, schedule, quality,
or project scope.
Answer option C is incorrect. Technical performance measurement compares actual versus

planned parameters related to the overall technical progress of the project.
Answer option A is incorrect. Forecasting refers to predicting some information about the project
in the future based on the performance in the past.
Answer option B is incorrect. Trend analysis helps in detecting new risks.

there are multiple risks within the project. He needs to determine which risk has the greatest
impact on the project. Which of the following techniques will John use to accomplish the task?
A. Root cause analysis

C. Fault-tree analysis
D. SWOT analysis
John will use sensitivity analysis technique to accomplish the task. Sensitivity analysis is used to
determine which risk has the greatest impact on the project. It is a quantitative method of
analyzing the potential impact of risk events on the project and determining which risk event (or
events) has the greatest potential for impact by examining all the uncertain elements at their
baseline values.
Answer option A is incorrect. Root cause analysis involves digging deeper than the risk itself and
looking at the cause of the risk.
Answer option C is incorrect. Fault-tree analysis is a logical diagram that shows the relation
between system failures. This technique can be used in qualitative or quantitative risk analysis.
Answer option D is incorrect. SWOT analysis (strengths, weaknesses, opportunities, and threats)

Q62: Risk management plan utilized within the perform qualitative risk process includes which
of the following elements?
A. Budgets
B. Revised stakeholder's risk tolerances
C. Risk priority
D. Roles and responsibilities
The risk management plan is a component of the project management plan and describes how
risk management activities will be structured and performed. Here are the elements of the risk
management plan utilized within the perform qualitative risk process:
 Roles and responsibilities

 Budgets
 Schedule activities
 Risk categories
 Definition of probability and impact
 Probability and impact matrix
 Revised stakeholder's risk tolerances

Contents: "Risk management planning"
Q63: John has just finished updating the risk register with the list of risks that needs additional
analysis and response. Under which of the following project risk management processes does
this come?

C. Identify risks
John is currently in the perform qualitative risk analysis process. In this process, the risk register
is updated with the following information:

 Risk scores
 Causes of risk
 List of risks that needs additional analysis and response

Q64: John works as a project manager for uCertify Inc. He's reviewing the list of risks identified
by stakeholders in a project. The list of risks were marked in green color. How should John
consider these risks?
A. Low risks
B. Severe risks
C. Moderate risks
D. High risks
John should consider these risks as low risks. The combination of probability and impact results
in a classification is usually expressed as high, medium, or low. High risks are considered a red
condition, medium risks are considered a yellow condition, and low risks are considered a green
condition. This type of ranking is known as an ordinal scale because the values are ordered by
rank from high to low.

Q65: Mark works as a project manager for TechSoft Inc. Mark, the project team, and the key
project stakeholders have completed a round of qualitative risk analysis. He needs to update the
risk register with his findings so that he can communicate the risk results to the project
stakeholders including management. Mark will need to update all of the following information
except for which one?
A. Prioritized list of quantified risks

B. Risks scores
C. Watchlist of low-priority risks
D. Trends in qualitative risk analysis
The prioritized list of quantified risks in the risk register is updated in the quantitative risk
analysis process and not in the qualitative risk analysis process.
The goal of "perform qualitative risk analysis" process is to rank risks and determine which need
further analysis and, eventually, risk response plans. The output of this process is project
documents updates, which involves updating the risk register. According to the PMBOK guide,
the risk register is updated with the following information:

 Risk scores
 Causes of risk
Answer options B, C, and D are incorrect. These are parts of the risk register which should be
updated in the qualitative risk analysis process.

Q66: Your project uses a piece of equipment that if the temperature of the machine goes above
450 Degree Fahrenheit, the machine will overheat and have to be shut down for 48 hours. Should
this machine overheat even once, it will delay the project's end date. You work with your project
to create a response that should the temperature of the machine reach 430 Degree Fahrenheit, the
machine will be paused for at least an hour to cool it down. The temperature of 430 Degree
Fahrenheit is called what?
A. Risk event
B. Risk identification
C. Risk trigger
D. Risk response
A risk trigger is a warning sign or condition that a risk event is about to happen.
Answer option A is incorrect. The risk event is the 450 Degree Fahrenheit temperature of the
machine.
Answer option B is incorrect. Risk identification is the part of the identify risks process. The
process identifies the risk events that could affect the project for positive or negative.
Answer option D is incorrect. The risk response is the pausing of the equipment.
348
Q67: Which of the following is an event that provides an early warning that a risk is about to
occur?
A. Risk trigger
B. Risk response
C. Risk mitigation
D. Risk avoidance
A risk trigger is a warning sign or condition that a risk event is about to happen. It is an event
that provides an early warning that a risk is about to occur.
Answer option B is incorrect. It is an appropriate procedure for the discovery of an unacceptably

high degree of exposure to one or more risks.
Answer option C is incorrect. It involves taking early action to reduce the probability and impact
of a risk occurring on the project.
Answer option D is incorrect. It creates changes to the project management plan that are meant
to either eliminate the risk completely or to protect the project objectives from its impact.
Q68: You are the project manager for your company and a new change request has been
approved for your project. This change request, however, has introduced several new risks to the
project. You have communicated these risk events and the project stakeholders understand the
possible effects these risks could have on your project. You elect to create a mitigation response
for the identified risk events. Where will you record the mitigation response?
A. Risk register
C. Risk log
D. Project management plan
The identified risks and potential responses are documented in the risk register. A risk register is
a document that contains results of qualitative and quantitative risk analyses and risk response
planning. Description, category, cause, probability of occurrence, impact on objectives, proposed
responses, owner, and current status of all identified risks are entered in the risk register.

Answer option B is incorrect. The risk management plan is an input to the risk response
planning, but it is not the best choice for this question.
Answer option C is incorrect. This is not a valid choice for the question.
Answer option D is incorrect. The project management plan is the parent of the risk management
plan, but the best choice is the risk register.

identified risks, prioritized them, and has just finished numerically analyzing the effect of
identified risks on overall project. What should John do next?

John has currently performed the quantitative risk analysis process in which he has identified
risks, prioritized them, and numerically analyzed the effect of identified risks on overall project.
Now he will begin with the plan risk responses process.
The plan risk responses process aims to reduce the threats to the project objectives and to
increase opportunities. It includes the risk response owner to take the job for each agreed-to and
funded risk response. This process addresses the risks by their priorities, schedules the project
management plan as required, and inserts resources and activities into the budget.

Q70: Which of the following is used for eliciting information from a person or a group of people
in an informal or formal setting by talking to an interviewee, asking relevant questions, and
documenting the responses?
A. Variance analysis
B. Brainstorming
C. Interview
D. Reserve analysis
An interview is a systematic approach, used for eliciting information from a person or a group of
people in an informal or formal setting by talking to an interviewee, asking relevant questions,
and documenting the responses. Interviewees are also able to identify other stakeholders.
Answer option B is incorrect. Brainstorming is a technique used for collecting general data. It is
used by a group of team members or subject matter expert for identifying risks, ideas, or
solutions to issues. It is also a group creativity technique that is used for providing other benefits,
such as boosting morale, enhancing work enjoyment, and improving team work.
Answer option A is incorrect. Variance analysis is a technique used for measuring how closely a
project adheres to the scope, time, and cost estimates made during the planning phase. It also
determines the dissimilarities between the planned and the actual budget or schedule for
discovering unacceptable risks to the budget, schedule, quality, or scope of the project.
Answer option D is incorrect. Contingency reserves or reserve analysis is defined as an estimated

costs used at the discretion of the project manager to deal with anticipated, but not certain,
events. These events are "known unknowns" and are part of the project scope and cost baselines.
The contingency reserve is calculated by multiplying the probability and the impact for the risk
event value for each risk event. The sum of the risk events equals the contingency reserve for the
project.
Q71: You work as a project manager for uCertify Inc. You and your team are completing the
qualitative risk analysis process. You have gathered the necessary inputs for this process. You
are using risk data quality assessment technique in this process. What is the need to include the
risk data quality assessment technique in the preparation for the qualitative risk analysis process?
A. The risk data quality assessment technique categorizes the risks by sources of risks.
B. The risk data quality assessment technique assesses the probability and impact of risks to
C. The risk data quality assessment technique assesses the risks, which require near-term
responses.
D. The risk data quality assessment technique calculates the degree to which the data about
risks are useful for risk management.
urgent to address.

Q72: Your project spans the entire organization. You would like to assess the risk of the project,
but you are worried that some managers involved in the project could affect the outcome of any
risk identification meeting. Your worry is based on the fact that some employees would not want
to publicly identify risk events that could make their supervisors look bad. You would like to
implement a method that would allow participants to anonymously identify risk events. Which
risk identification method could you use?
A. Isolated pilot group

C. SWOT analysis
D. Delphi technique
The Delphi technique uses rounds of anonymous surveys to build consensus on project risks. It is
a technique to identify potential risk. In this technique, the responses are gathered via a
group. The Delphi technique helps in reaching the consensus quickly.
Answer A is incorrect because isolated pilot group is not a valid risk identification activity.
Answer B is incorrect because root cause analysis is not an anonymous approach to risk
identification.
Answer C is incorrect because SWOT analysis evaluates the strengths, weaknesses,

opportunities, and threats of the project.
324"
Q73: You work as a project manager for uCertify Inc. You are working in operations research,
specifically in decision analysis, to help identify a strategy most likely to reach a goal. Which of
the following tools will help you perform the task well?
A. Gantt chart
B. Pareto chart
C. Decision tree
D. Ishikawa diagram
A decision tree is a decision support tool that uses a tree-like graph, or model of decisions and
Decision trees are commonly used in operations research, specifically in decision analysis, to
help identify a strategy most likely to reach a goal.
Answer option B is incorrect. Pareto chart is a special type of bar chart where the values being
plotted are arranged in descending order. The graph is accompanied by a line graph, which
shows the cumulative totals of each category, left to right. The chart is named after Vilfredo
Pareto, and its use in quality assurance was popularized by Joseph M. Juran and Kaoru Ishikawa.
Answer option A is incorrect. Gantt chart is a type of bar chart that illustrates a project schedule.
Gantt charts illustrate the start and finish dates of the terminal elements and summary elements
of a project. The terminal elements and summary elements comprise the work breakdown
structure of the project. Some Gantt charts also show the dependency (i.e., precedence network)
relationships between activities. Gantt charts have become a common technique for representing
the phases and activities of a project work breakdown structure (WBS), so they can be
understood by a wide audience.
Answer option D is incorrect. The Ishikawa diagram (or fishbone diagram or also cause-and-
effect diagram) is a diagram that shows the causes of a certain event. A common use of the
Ishikawa diagram is to identify potential factors causing an overall effect. It helps identify causal
factors and root causes.

Q74: When does the identify risks process take place in a project?
A. At the executing stage

B. Throughout the project life cycle
C. At the initiating stage
D. At the planning stage

Answers C, D, and A are incorrect. The identify risks process takes place at all the stages of a
project.
Q75: Gary has identified a project risk that could injure project team members. He does not want
to accept any risk where someone could become injured on this project, so he hires a
professional vendor to complete this portion of the project work. This workaround to the risk
event is known as what type of risk response?
A. Avoidance
B. Transference
C. Mitigation
D. Acceptance
responsibility of its management to another party. Insurance is an example of transference. When
Gary hires a professional vendor to manage that risk, the risk event does not go away, but the
responsibility for the event is transferred to the vendor.
Answer option A is incorrect. Avoidance removes the risk event entirely either by adding
additional steps to avoid the event or by reducing the project scope requirements.
Answer option C is incorrect. Mitigations are actions that Gary's project team could take to
reduce the probability and/or impact of a risk event.
Answer option D is incorrect. Gary is not accepting this risk event; he does not want anyone in
his team to become injured, so he is transferring the event.
345
Q76: You are the program manager for your organization. Management is considering a new
program, but they are worried about the program risks that may affect the program success. You
know that there are three positive risk responses and three negative risk responses that each risk
can have. Management asks you which risk response would be most appropriate for a large risk
event if they wanted to hire a third party to own the risk event for the program. What risk event
is most appropriate?
A. Transference
B. Mitigation
C. Sharing
D. Avoidance
This is an example of the negative risk response of transference. Transference usually involves a
contractual relationship with another entity to own the risk event. For example, a dangerous risk
event could be dealing with electricity, so the risk is transferred to a licensed electrician.
Transference
Answer option B is incorrect. Mitigation involves actions that are taken to eliminate or reduce
the probability or impact of a risk event.
Answer option C is incorrect. Sharing is a positive risk response where two or more parties share
an opportunity in the program or project.
Answer option D is incorrect. Avoidance is when additional activities are taken to avoid a risk
event or things are removed from the scope to avoid the risk event.
Reference: "The Guide to the Project Management Body of Knowledge"

Q77: Which of the following risk management methods is the process of exchanging
information and views about risks?
A. Analyze
B. Identify
C. Communicate
D. Control
Following are the risk management methods:
 Identify: It identifies and characterizes threats.

 Analyze: It is the conversion of risk data into risk decision-making information.
 Plan: It involves developing actions for addressing individual risks, prioritizing risk
actions, and creating an integrated risk management plan.
 Track: It consists of monitoring the status of risks and the actions taken to enhance them.
 Control: It corrects deviations from planned risk actions.
 Communicate: It is the process of exchanging information and views about risks.

Q78: You are the project manager of the HJK project for your organization. You and the project
team have created risk responses for many of the risk events in the project. A teaming agreement
is an example of what risk response?
A. Sharing
B. Transference
C. Mitigation
D. Acceptance
Teaming agreements are often used in the sharing risk response through joint ventures to realize
an opportunity that an organization would not be able to seize otherwise.
Answer option C is incorrect. Mitigation is a negative risk response to lower the probability
Answer option B is incorrect. Transference is a negative risk response where the project manager
hires a third party to own the risk event. The risk ownership is transferred to the third party.
Answer option D is incorrect. Acceptance is a risk response that is appropriate for positive or
negative risk events. It does not pursue the risk, but documents the event and allows the risk to
happen. Often acceptance is used for low probability and low impact risk events.

Q79: Della works as a project manager for SoftTech Inc. She is working with the project
stakeholders to begin the quantitative risk analysis process. For the quantitative risk analysis
process, which of the following inputs will be needed in her project?
A. Cost management plan
B. Scope baseline
C. Risk register
The inputs to the quantitative risk analysis process are:
 Risk register
 Risk management plan
 Cost management plan
 Schedule management plan
 Enterprise environmental factors
 Organizational process assets
Answer option B is incorrect. The scope baseline is the input to the qualitative risk analysis
process.
Q80: Your project team has identified a project risk that has been recorded in the risk register
and your team has been discussing potential risk responses for the risk event. The event is not
likely to happen for several months, but its probability is high. Which of the following is a valid
response to the identified risk event?
A. Risk audit
C. Corrective action
D. Earned value management
Corrective actions include contingency plans and workaround plans, which are valid risk
responses to the identified risk event.
Answer option B is incorrect because technical performance measurement may be part of the
analysis of the risk, but not part of the response.
Answer option A is incorrect because a risk audit may be appropriate once the risk event and
response has been identified.
Answer option D is incorrect because the impact of the risk event may affect earned value
management calculations, but EVM in and of itself is not a valid risk response.
354
Q81: You are the project manager of the GHQ project for your company. You are working with
your project team to prepare for the qualitative risk analysis process. Mary, a project team
member, does not understand why you need to complete qualitative risks analysis. You explain
to Mary that qualitative risks analysis helps you determine which risks need additional analysis.
There are also some other benefits that qualitative risks analysis can do for the project. Which
one of the following is NOT an accomplishment of the qualitative risk analysis process?
A. Corresponding impact on project objectives

B. Prioritization of identified risk events based on probability and impact
C. Cost of the risk impact if the risk event occurs
D. Time frame for a risk response
The cost of the risk impact is only completed during quantitative analysis, and not during
qualitative analysis.
Answer options B, A, and D are incorrect. These are the characteristics of qualitative risk
analysis.

Q82: You are the project manager of the NHH project for your company. You and the project
team have completed the quantitative risk analysis for your project. During this process, you
create a contingency reserve based on the risk probability-impact matrix as seen in the figure
below.
Based on the information in the figure above, what amount would you need to include in your
risk contingency fund?
A. $171,500
B. $258,500
C. -$465,000
D. -$258,505
The risk contingency reserve can be found by multiplying the probability and the impact together
to determine the expected monetary value for the risk event. The sum of the expected monetary
value is the risk exposure. This value is inversed to a positive amount as the risk contingency
reserve for the project. Here,
Risk contingency fund =
(0.55*10,000)+(0.4*65,000)+(0.3*90,000)+(0.6*25,000)+(0.45*30,000)+(0.7*245,000)
= 258,500
Answer option D is incorrect. This is an invalid option.
Answer option C is incorrect. This is the sum of the risk's impact.
Answer option A is incorrect. This is the expected monetary value for Risk F.

Q83: Which of the following measures the efficiency of the project team to date in completing
work tasks against the planned progress?
A. SPI
B. TCPI
C. BAC
D. CPI
The SPI (schedule performance index) measures the efficiency of the project team to date in
completing work tasks against the planned progress. This formula should be used in conjunction
with an analysis of the critical path activities to determine if the project will finish ahead or
behind schedule.
Answer option D is incorrect. The CPI (cost performance index) is the ratio of earned value to
actual cost. It is used to calculate performance efficiencies, as well as predict future performance
in trend analysis.
Answer option C is incorrect. BAC (budget at completion) is the total amount of PV (planned
value) for all of the work of a work component or the project.
Answer option B is incorrect. TCPI (to-complete performance index) is the projected cost
performance that the remaining project work must achieve to meet the BAC.

Q84: Which of the following risk responses is used for negative risk events?
A. Accept
B. Exploit
C. Share
D. Enhance
Among the given choices, only acceptance response is used for negative risk events. Risk
acceptance means that no action is taken relative to a particular risk; loss is accepted if it occurs.
If an enterprise adopts a risk acceptance, it should carefully consider who can accept the risk.
Risks should be accepted only by the senior management and the board. There are two
alternatives to the acceptance strategy, i.e., passive and active.
Answer options B, C, and D are incorrect. These all are used to deal with opportunities or
positive risks, and not with negative risks.

Q85: Thomas is the project manager of the NHJ project for his company. He has identified
several positive risk events within his project and he thinks these events can save the project time
and money. Positive risk events, such as these within the NHJ Project are also known as what?
A. Ancillary constituent components

B. Benefits
C. Opportunities
D. Contingency risks
A positive risk event is also known as an opportunity. Opportunities within the project to save
time and money must be evaluated, analyzed, and responded to.
Risk response strategies for positive risks

Answer option D is incorrect. Contingency risk is not a valid risk management term.
Answer option B is incorrect. Benefits are the good outcomes of a project endeavor. Benefits
usually have a cost factor associated with them.
Answer option A is incorrect. This is not a valid project management term.

Q86: You and your project team are just starting the risk identification activities for a project
that is scheduled to last for 18 months. Your project team has already identified a long list of
risks that need to be analyzed. How often should you and the project team do risk identification?
A. At least once a month

B. Several times until the project moves into execution
C. It depends on how many risks are initially identified.
D. Identify risks is an iterative process.
Risk identification is considered an iterative activity and is performed several times throughout
the project. It is a part of the identify risks process.
Answer option B is incorrect. Risk identification happens throughout the project.
Answer option A is incorrect. Risk identification can happen more than monthly, as the project
team should always be on the lookout for new risks.
Answer option C is incorrect. The number of initially defined risks does not affect the iterative
nature of the identify risks process.
Q87: John, a key stakeholder in your project, wants to know how the risk value for the risk
events is calculated during quantitative risk analysis. What will you reply to John?
A. The probability of a risk event plus the cost of a risk event determines the risk value.
B. The probability of a risk event plus the impact of a risk event determines the risk value.
C. The probability of a risk event times the cost of a risk event determines the risk value.
D. The probability of a risk event times the impact of a risk event determines the risk value.
Risk value is the estimated quantity computed by multiplying the likelihood (probability) of the
occurrence of a negative event by its likely impact in money terms.
Risk value = Probability of risk event x Cost of risk event
Answer option D is incorrect. Risk exposure is a straightforward estimate that gives a numeric
value to a risk, enabling different risks to be compared.
Risk exposure of any given risk = Probability of risk occurring x impact of
risk event
Answer options B and A are incorrect. These are invalid options.
Q88: Which of the following techniques is calculated by multiplying the probability of the risk
by its impact for two or more potential outcomes and then adding the results of the potential
outcomes together?

B. Ishikawa diagram
D. Expected monetary value (EMV) analysis
The expected monetary value (EMV) analysis is a technique used for computing the expected
value of an outcome when different possible scenarios exist for different values of the outcome
with some probabilities assigned to them. It is calculated by multiplying the probability of the
risk by its impact for two or more potential outcomes and then adding the results of the potential
outcomes together.
Answer option C is incorrect. It is used to determine which risk has the greatest impact on the
project.
Answer option A is incorrect. It is used when there are multiple possible outcomes with different
Answer option B is incorrect. It is a diagram that shows the causes of a certain event.

identified multiple risks that can have a significant impact on a project if they occur. He has
determined the impact of the risks by examining all the uncertain elements at their baseline
values. He wants to display this information to his team members in a meeting. Which of the
following diagrams will John use to accomplish the task?
A. lshikawa
B. Tornado
C. Pareto
D. Influence
John will use the Tornado diagram, which is used to display data resulting from sensitivity
analysis. Sensitivity analysis is used to determine which risk has the greatest impact on the
project. It is a quantitative method of analyzing the potential impact of risk events on the project
and determining which risk event (or events) has the greatest potential for impact by examining
all the uncertain elements at their baseline values.
Answer option A is incorrect. The Ishikawa diagram shows the relationship between the effects
of problems and their causes.
Answer option C is incorrect. The Pareto diagram is displayed as histogram that rank-order the
time.
Answer option D is incorrect. The Influence diagram is a graphical representation of situations

that display relationships among various variables and outcomes, such as causal influences and
time ordering of events.

Q90: Which of the following techniques examines the degree to which organizational strengths
offset threats and opportunities that may serve to overcome weaknesses?
A. SWOT analysis
B. Delphi
C. Brainstorming
D. Expert judgment
are favorable and unfavorable to achieving that objective.
Answer options C and B are incorrect. Brainstorming and Delphi techniques are used to identify
risks in a project through consensus. Delphi differs in that as the members of the team do not
know each other.
Answer option D is incorrect. In this technique, risks can be identified directly by experts with
relevant experience of similar projects or business areas.
Q91: Which of the following are parts of SWOT analysis?
A. Optimism
B. Threats
C. Opportunities
D. Weaknesses
E. Strengths
F. Tools
Explanation: Answer options E, D, C, and B are correct.
are favorable and unfavorable to achieve that objective. The technique is credited to Albert
Humphrey, who led a research project at Stanford University in the 1960s and 1970s using data
from Fortune 500 companies.
Answer options A and F are incorrect. Optimism and tools are not parts of SWOT analysis.
326"
Q92: Which of the following are the phases of the risk response process?
A. Review risk analysis results

B. Select risk response
C. Prioritize the risk response option
D. Implement the risk action plan
E. Identify risks
Explanation: Answer options A, B, C, and D are correct.
There are various phases involved in the process of risk response:
 Review risk analysis results: Risk analysis is the process of identifying and prioritizing
risk levels according to risk scenarios and then making assessments based on the
likelihood and magnitude of the risk, taking into account potential business impact.
If the risk analysis result shows that the risk level exceeds the risk tolerance level, then
appropriate risk response is taken for its mitigation, otherwise no action is required.
 Select risk response: If the risk analysis result shows that the risk level exceeds the risk
tolerance level, weigh projected risk against the potential cost of implementing and
maintaining controls and then select the most appropriate response for its mitigation.
 Prioritize the risk response option: Select a risk response implementation strategy
according to the priorities for addressing risk, and developing the risk action plan.
 Implement the risk action plan: Implement the selected risk response option as per
according to the risk action plan.

Q93: John has just finished updating the risk register with the risk urgency information. Under
which of the following project risk management processes does this come?
A. Perform quantitative risk analysis

D. Identify risks
John is currently in the perform qualitative risk analysis process. In this process, the risk register
is updated with the following information:
 Risk scores
 Causes of risk
 List of risks that needs additional analysis and response

Q94: Courtney is the project manager for her organization. She is working with the project team
to complete the qualitative risk analysis for her project. During the analysis, Courtney
encourages the project team to begin the grouping of identified risks by common causes. What is
the primary advantage to group risks by common causes during qualitative risk analysis?
A. It can lead to the creation of risk categories unique to each project.

B. It helps the project team realize the areas of the project most laden with risks.
C. It can lead to developing effective risk responses.
D. It saves time by collecting the related resources, such as project team members, to
analyze the risk events.
By grouping the risks by categories, the project team can develop effective risk responses.
Related risk events often have common causal factors that can be addressed with a single risk
response.
Answer option D is incorrect. This is not the best answer for the question, as the primary
advantage is to create effective risk responses.
Answer option B is incorrect. Identifying portions of the project with the most risk may expose
trends, but this is not the primary advantage.
Answer option A is incorrect. This is not a valid answer for this question.

Q95: You are preparing to start the qualitative risk analysis process for your project. You will be
relying on some organizational process assets to influence the process. Which one of the
following is NOT a probable reason for relying on organizational process assets as an input for
A. Risk databases that may be available from industry sources
B. Information on prior, similar projects
C. Review of vendor contracts to examine risks in past projects
D. Studies of similar projects by risk specialists
A review of vendor contracts for risks in past projects is not a valid reason to rely on
Answer option B is incorrect. Information on prior, similar projects can help analyze risks in the
current project.
Answer option D is incorrect. Studies of similar projects by risk specialists can help analyze risks
in the current project.
Answer option A is incorrect. Risk databases that may be available from industry sources are a
part of organizational process assets.

determined that there are 24 stakeholders within the project. How many communication channels
are there within the project?
324
466
242
276
For calculating the communication channels, you would need to know the formula: n * (n - 1) /
2, where "n" represents the total number of stakeholders. When you plug in 24 stakeholders, the
calculation is 24 * (24 - 1) / 2. The answer is 276 communication channels.

Q97: Which of the following is a set of projects, programs, and related work that is managed in a
coordinated fashion to achieve strategic business objectives in an organization?
A. Program
B. Project
C. Portfolio
D. Process
A portfolio is a set of projects, programs, and related work that is managed in a coordinated
fashion for acquiring business objectives in the strategic plan of the organization.
Q98: Which of the following contains the list of identified risks that will be the key input to
A. Organizational process assets

B. Scope baseline
D. Risk register
 Risk register: It contains the list of identified risks that will be the key input to
qualitative risk analysis.
 Risk management plan: It contains the elements, such as roles and responsibilities for
performing risk management, budgeting, risk categories, risk timing and scheduling, etc.
for generating the output of qualitative risk analysis.
 Scope baseline: It describes the deliverables of the project.
 Enterprise environmental factors: They may provide insight and context to the risk
assessment, such as industry studies of similar projects by risk specialists, and risk
databases that may be available from industry or proprietary sources.
 Organizational process assets: Organizational process assets will make use of the risk-
related components of the knowledge base from previous projects, such as data about
risks and lessons learned.
The output of this process is project documents updates.
Q99: Which of the following is a risk that is generated as the result of risk response?
A. Response risk
B. High risk
C. Secondary risk
D. Pure risk
Secondary risk is a risk that is generated as the result of risk response. Secondary risk is a risk
that arises as a straight consequence of implementing a risk response. The secondary risk is an
outcome of dealing with the original risk. Secondary risks are not as rigorous or important as
primary risks, but can turn out to be so if not estimated and planned properly.
Answer option D is incorrect. Pure risk is a risk that has only a negative effect on the project.
Pure risks are activities that are dangerous to complete and manage such as construction,
electrical work, or manufacturing.
Answer options A and B are incorrect. These terms are not applied for the risk that is generated
as a result of risk response.

Q100: You work as a project manager for BlueWell Inc. You want to create a visual diagram
depicting the resources that will be used within the project. Which of the following diagrams will
you create to accomplish the task?

B. RACI chart
C. Roles and responsibility matrix
A resource breakdown structure is a visual diagram depicting the resources that will be used
within the project.
The resource breakdown structure is a hierarchical structure that is used to represent the
enterprise resources. It also enables a user to create project plans with detailed resource
assignments. It also allows comparison of the workload with detailed resource availabilities. The
resource breakdown structure also enables roll-up of both resource assignments and availability
data to a higher level.
Answer option D is incorrect. The work breakdown structure is a visual diagram of the project
deliverables the project will create.
Answer option C is incorrect. The roles and responsibility matrix maps roles to the project
assignments.
Answer option B is incorrect. RACI chart is a responsibility assignment matrix using the legend
of responsible, accountable, consult, and inform.

Q101: Fill in the blank with the appropriate risk response option.
means that no action is taken relative to a particular risk; loss is accepted if it occurs.
Explanation: Risk acceptance means that no action is taken relative to a particular risk; loss is
accepted if it occurs. If an enterprise adopts a risk acceptance, it should carefully consider who
can accept the risk. Risks should be accepted only by the senior management and the board.
There are two alternatives to the acceptance strategy, i.e., passive and active.

Q102: You work as a project manager for the TYU project. You are planning for risk mitigation.
You need to identify the risks that will need a more in-depth analysis. Which of the following
activities will help you in this?
Quantitative analysis
Qualitative analysis
Estimate activity duration
Risk identification
Qualitative analysis of risks identifies the risks that will need a more in-depth analysis. This is
the part of the perform qualitative risk analysis process. Perform qualitative risk analysis is the
process of prioritizing risks for further analysis and action. It combines risks and their probability
of occurrences and ranks them accordingly. It enables organizations to improve the project's
performance by focusing on high-priority risks. Perform qualitative risk analysis is usually a
rapid and cost-effective means of establishing priorities for plan risk responses. It also lays the
foundation to perform quantitative risk analysis.
Answer option D is incorrect. Risk identification is performed under the Identify Risk process. It
identifies which risks may affect the project and documents their characteristics.
Answer option A is incorrect. Quantitative risk analysis is the process of numerically analyzing
the effect of identified risk on overall project objectives. It's performed on risks that qualitative
risk analysis has prioritized as potentially and substantially impacting the project's competing
demands, and thus generally follows that process. Quantitative risk analysis is best repeated after
planned risk responses, as well as part of monitor and control risks, to determine if overall
project risk has decreased.
Answer option C is incorrect. The estimate activity duration process is a part of the Planning
process group. This process is not involved in in-depth analysis of a risk.
Q103: Harry works as a project manager for the NHQ project. He is performing the quantitative
risk analysis for his project. One of the project risks has a 40 percent probability of happening,
and it will cost the project $65,000 if the risk happens. What is the expected monetary value of
this risk event?
A. $27,000
B. Zero - the risk event has not yet occurred
C. Negative $26,000
D. Negative $67,000
The expected monetary value of the risk is found by multiplying the risk probability times the
impact. In this instance, the expected monetary value is negative $26,000.

= .40 * 65,000
= 26000 (since it is a risk, it will be a negative value for EMV)
= - $26000
used within decision tree analysis. The EMV of opportunities are positive values, and risks are
negative values.

Q104: Which of the following is a questionnaire system based on system's principle and
extensive knowledge to evaluate the relative importance of all threats and vulnerabilities?
A. OCTAVE
B. Brainstorming
C. Delphi
D. COBRA
COBRA (Collective, Objective, and Bi-Functional Risk Analysis) is a questionnaire system

based on system's principle and extensive knowledge to evaluate the relative importance of all
threats and vulnerabilities.
Answer option A is incorrect. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability
Evaluation) is a strategic assessment based on the risk identified. It is also used as a planning
technique for security.
Answer option C is incorrect. Delphi is a group of experts who used to rate independently and
rate business risk of an organization. Each expert analyzes the risk independently and then
prioritizes the risk, and the results are combined into a consensus.
Answer option B is incorrect. Brainstorming is used extensively in formative project planning. It

can also be used to identify and postulate risk scenarios for a particular project.

Q105: John works as a project manager for uCertify Inc. He has identified two risks with a 25%
and 35 % chance of occurring. If both of these risks occur, they will cost you $2,000 and $3,000,
respectively. What is the expected monetary value of these risk events?
A. -$2,570
B. $6,500
C. -$1,550
D. $1,680
For calculating the expected monetary value, multiply the impact by the probability. Here's the
calculation:
Expected monetary value of two risk events = EMV of the first event + EMV of the second event
EMV of the first event = (0.25) * (-$2,000)
= -$500
EMV of the second event = (0.35) * (-$3,000)
= -$1050
Hence the EMV of these two risks events = (-$500) + (-$1050)

= -$1550

Q106: Work performance information and change requests are the key outputs of which of the
following processes of the project risk management knowledge area?

B. Control risks
D. Identify risks
throughout the project. Work performance information and change requests are the key outputs
of the control risks process.
Answer option A is incorrect. Risk management plan is the key output of the plan risk
management process.
Answer option C is incorrect. Project document updates is the key output of the plan risk
responses process.
Answer option D is incorrect. Risk register is the key output of the identify risks process.

Q107: Which of the following processes involves identifying and documenting all stakeholders
on the project, including their interests, interdependencies, and potential positive or negative
impacts on the project?
A. Identify stakeholders
B. Control stakeholder engagement
C. Manage stakeholder engagement
D. Plan stakeholder management
The identify stakeholders process involves identifying and documenting all stakeholders on the
project, including their interests, interdependencies, and potential positive or negative impacts on
the project. This process concerns identifying, assessing, and classifying stakeholders in a
stakeholder register. It allows a project manager to identify the appropriate focus for each
stakeholder or group of stakeholders.
Identifying key stakeholders seems like it should be fairly easy, but once you get beyond the
obvious stakeholders, the process can become difficult. Sometimes stakeholders, even key
stakeholders, will change throughout the project's life. The key stakeholders on a project might
include the project sponsor, the customer (who might also be the project sponsor), the project
manager, project team members, management personnel, contractors, suppliers, and so on. The
stakeholders involved in the project charter and the contract are obvious picks to be included in
the stakeholder register, one output of this process.
Answer option D is incorrect. The plan stakeholder management process focuses on effectively
engaging stakeholders, understanding their needs and interests, understanding the good and bad
things they might bring to the project, and how the project will impact them. This process
provides a clear, actionable plan to interact with project stakeholders to support the project's
interests.
Answer option C is incorrect. The manage stakeholder engagement process is about satisfying
the needs of stakeholders by managing communications with them, resolving issues, engaging
them on the project, managing their expectations, improving project performance by
implementing requested changes, and managing concerns in anticipation of potential problems. It
allows a project manager to increase support and minimize resistance from stakeholders,
significantly increasing the chances to achieve project success.
Answer option B is incorrect. The control stakeholder engagement process monitors stakeholder
relationships and ensures their continued engagement in the project. It's easy for stakeholders to
become distracted on long projects. As more time goes by, the current project fades in
importance and other issues can take their place. Keeping stakeholders engaged will help overall
project success, it will help you efficiently manage the processes as the project progresses, and it
will help your stakeholders stay up to date on issues and status as the project evolves so they can
make informed decisions.
Q108: Which of the following is a statistical technique that calculates the average, anticipated
future impact of the decision?
A. Trend analysis
B. Sensitive analysis
C. EMV analysis
EMV (expected monetary value) analysis is a statistical technique that calculates the average,
anticipated future impact of the decision. EMV is calculated by multiplying the probability of the
risk by its impact for two or more potential outcomes (for example, a good outcome and a poor
outcome) and then adding the results of the potential outcomes together.
Answer option B is incorrect. Sensitivity analysis is used to determine which risk has the greatest
impact on the project.
Answer option D is incorrect. Decision tree analysis is used when there are multiple possible
Answer option A is incorrect. Trend analysis helps in detecting new risks.

Q109: John works as a project manager for uCertify Inc. He's starting a new project. He needs to
define the project objectives and develop the course of action required to attain those objectives.
Under which of the following process groups does this come?
A. Executing
B. Planning
C. Initiating
stage, the system is designed. This process group defines the project objectives and develops the
course of action required to attain those objectives.
Answer option C is incorrect. The initiating process group authorizes, starts, and defines a new
project or phase.
Answer option A is incorrect. The executing process group starts after the planning phase of a
project is completed, and consists of the processes used to complete the work defined in the
project management plan and thereby accomplish the project's requirements.
Answer option D is incorrect. The monitoring and controlling process group tracks, reviews, and
regulates the project performance, and identify any necessary changes.

Q110: In which of the following types of power is an employee threatened with consequences if
expectations are not met?
A. Referent
B. Expert
C. Punishment
D. Legitimate
Power is the ability to influence others to do what you want them to do. Power can be used in a
positive manner or a negative one. Leaders, managers, and project managers use power to
convince others to do tasks in a specific way. The kind of power they use to accomplish this
depends on their personality, their personal values, and the company culture. A project manager
might use several forms of power. The following are the types of power:
 Punishment power: Punishment, also known as coercive or penalty power. The

employee is threatened with consequences if expectations are not met.
 Expert power: Expert power occurs when the person being influenced believes the
manager, or the person doing the influencing, is knowledgeable about the subject or has
special abilities that make them an expert. The person goes along just because they think
the influencer knows what they're doing and it's the best thing for the situation.
 Legitimate power: Legitimate, or formal, power comes about as a result of the
influencer's position. Because that person is the project manager, executive vice
president, or CEO, they have the power to call the shots and make decisions.
 Referent power: Referent power is inferred to the influencer by their subordinates.
Project team members who have a great deal of respect and high regard for their project
managers willingly go along with decisions made by the project manager because of
referent power.
 Reward power: Reward power is based on rewarding someone for doing something.
Punishment power should be used as a last resort and only after all other forms have been
exhausted. Reward and expert are the best types of power. The worst type of power is obtained
through penalty, which should be used as a last resort. Expert is earned power, whereas formal,
reward and penalty can be obtained simply through position.

Ucertify RMP QB

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ucertify RMP QB

Uploaded by

Copyright:

Available Formats

Question Bank - 1

Explanation: Answer option A is correct.

Explanation: Answer option B is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer options A and D are correct.

Answer option C is incorrect. The probability distribution includes normal, lognormal,

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer options C, D, and A are correct.

Answer option B is incorrect. Risk management is the identification, assessment, and

A. Probability of achieving cost and time objectives

Explanation: Answer option B is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer options A, B, C, and D are correct.

Reference: PMI Risk Management Professional (PMI-RMP) Exam Preparation Courseware,

Explanation: Answer option C is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer option D is correct.

Risk identification is an ongoing, iterative process. Its frequency is determined by situations

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer option C is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

A. Predecessor and successor diagramming

Explanation: Answer option C is correct.

Answer option D is incorrect. A cause-and-effect diagram, also known as an Ishikawa or

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

A. Probability and impact matrix

Explanation: Answer option A is correct.

Explanation: Answer option C is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer option C is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Q14: What is the project life cycle?

Explanation: Answer option C is correct.

The risk response strategies for positive risks are as follows:

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

A. Process flow charts

Explanation: Answer option B is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer option C is correct.

 Root node: It is a starting node in the decision tree.

Lesson: Risk analysis

Explanation: Answer option A is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer option A is correct.

Answer option D is incorrect. It is used to calculate performance efficiencies.

Answer option C is incorrect. It is a measure of schedule efficiency on a project.

Answer option B is incorrect. It is a measure of schedule performance on a project.

Explanation: Answer option B is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer option B is correct.

Total Number of Communication Channels = n (n-1) / 2

Number of communication channel = (n (n-1)) / 2

 Sponsor a project or,

A. Risk management plan

Explanation: Answer option B is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

Explanation: Answer option A is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

A. The CPI is .88 and the SPI is 1.14.

Explanation: Answer option A is correct.

Reference: "Project Management Body of Knowledge (PMBOK Guide)"

A. Plan risk management

Explanation: Answer option A is correct.