1. Right Answer: B
Explanation: Monitor and Control Risk is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project. It can involve choosing alternative strategies, executing a contingency or fallback plan, taking corrective action, and modifying the project management plan.Incorrect Answers:B: This is the process of numerically analyzing the effect of identified risks on overall project objectives.C: This is the process of determining which risks may affect the project and documenting their characteristics.D: This is the process of prioritizing risks for further analysis or action by accessing and combining their probability of occurrence and impact.

2. Right Answer: B,C,D
Explanation: The inputs to the plan risk management process are as follows: Project scope statement: It provides a clear sense of the range of possibilities associated with the project and establishes the framework for how significant the risk management effort may become. Cost management plan: It describes how risk budgets, contingencies, and management reserves will be reported and accessed. Schedule management plan: It describes how the schedule contingencies will be reported and assessed. Communication management plan: It describes the interactions, which occurs on the project and determines who will be available to share information on various risks and responses at different times. Enterprise environmental factors: It include, but are not limited to, risk attitudes and tolerances that describe the degree of risk that an organization withstand. Organizational process assets: It includes, but are not limited to, risk categories, risk statement formats, standard templates, roles and responsibilities, authority levels for decision-making, lessons learned, and stakeholder registers.Incorrect Answers:A: It is not an input for Plan risk management process.

3. Right Answer: C
Explanation: Risk register is a document that contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.Risk register is developed along with all processes of the risk management from Plan Risk Management through Monitor and Control Risks.Incorrect Answers:A: The quality management plan is a component of the project management plan. It describes how the project team will implement the organization's quality policy. The quality management plan addresses quality control (QC), quality assurance (QA), and continuous process improvement for the project. Based on the requirement of the project, the quality management plan may be formal or informal, highly detailed or broadly framed.B: Risk management plan includes roles and responsibilities, risk analysis definitions, timing for reviews, and risk threshold. The Plan Risk Responses process takes input from risk management plan and risk register to define the risk response.D: The project charter is the document that formally authorizes a project. The project charter provides the project manager with the authority to apply organizational resources to project activities.

4. Right Answer: B
Explanation: The inherent risk of a process is a given and cannot be affected by risk reduction or risk mitigation efforts. Hence it should be reduced as far as possible.Incorrect Answers:A: Risk reduction efforts can focus on either avoiding the frequency of the risk or reducing the impact of a risk.C: Risk reduction efforts can focus on either avoiding the frequency of the risk or reducing the impact of a risk.D: The objective of risk reduction is to reduce the residual risk to levels below the enterprise's risk tolerance level.

5. Right Answer: C
Explanation: Access control helps an organization implement effective access control. They ensure that users have the rights and permissions they need to perform their jobs, and no more. It includes principles such as least privilege and separation of duties.Incorrect Answers:A: System and Communications protection control is a large group of controls that cover many aspects of protecting systems and communication channels. Denial of service protection and boundary protection controls are included. Transmission integrity and confidentiality controls are also included.B: Audit and Accountability control helps an organization implement an effective audit program. It provides details on how to determine what to audit. It provides details on how to protect the audit logs. It also includes information on using audit logs for non-repudiation.D: Identification and Authentication control cover different practices to identify and authenticate users. Each user should be uniquely identified. In other words, each user has one account. This account is only used by one user. Similarly, device identifiers uniquely identify devices on the network.