1. Right Answer: C,D
Explanation: Enterprise having risk management capability maturity level 4 and 5 takes business decisions considering the probability of loss and the probability of reward, i.e., considering all the aspects of risk.Incorrect Answers:A: Enterprise having risk management capability maturity level 0 takes business decisions without considering risk credential information.B: At this low level of risk management capability the enterprise take decisions considering specific risk issues within functional and business silos (e.g., security, business continuity, operations).

2. Right Answer: A
Explanation: The best answer to include the project team members is that they'll need to develop a sense of ownership for the risks and associated risk responsibilities.Incorrect Answers:B: The reason to include the project team is that the project team needs to develop a sense of ownership for the risks and associated risk responsibilities, not to assign risk ownership and risk responses at this point.C: While the project manager shouldn't be the only person to identify the risk events, this isn't the best answer.D: The reason to include the project team is that the project team needs to develop a sense of ownership for the risks and associated risk responsibilities, not to assign risk ownership.

3. Right Answer: C
Explanation: Standard establishes mandatory rules, specifications and metrics used to measure compliance against quality, value, etc. Standards are usually intended for compliance purposes and to provide assurance to others who interact with a process or outputs of a process.Incorrect Answers:A: Frameworks are generally accepted, business-process-oriented structures that establish a common language and enable repeatable business processes.B: These are legal rules underneath which project has to be.D: Practices are frequent or usual actions performed as an application of knowledge. A leading practice would be defined as an action that optimally applies knowledge in a particular area. They are issued by a 'recognized authority' that is appropriate to the subject matter. issuing bodies may include professional associations and academic institutions or commercial entities such as software vendors. They are generally based on a combination of research, expert insight and peer review.

4. Right Answer: A
Explanation: Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level (having nonexistent or unstructured processes) to the most mature (having adopted and optimized the use of good practices).The levels within a capability maturity model are designed to allow an enterprise to identify descriptions of its current and possible future states. In general, the purpose is to: Identify, where enterprises are in relation to certain activities or practices. Suggest how to set priorities for improvementsIncorrect Answers:D: There is no such model exists in risk management process.B: Decision tree analysis is a risk analysis tool that can help the project manager in determining the best risk response. The tool can be used to measure probability, impact, and risk exposure and how the selected risk response can affect the probability and/or impact of the selected risk event. It helps to form a balanced image of the risks and opportunities connected with each possible course of action. This makes them mostly useful for choosing between different strategies, projects, or investment opportunities particularly when the resources are limited. A decision tree is a decision support tool that uses a tree-like graph or model of decisions and their possible consequences, including chance event outcomes, resource costs, and utility.C: Fishbone diagrams or Ishikawa diagrams shows the relationships between the causes and effects of problems.

5. Right Answer: A
Explanation: The monetary value of the server should be based on the cost of its replacement. However, the financial impact to the enterprise may be much broader, based on the function that the server performs for the business and the value it brings to the enterprise.Incorrect Answers:B, C, D: Cost of software is not been counted because it can be restored from the back-up media. On the other hand' Ale for all risk related to the server does not represent the server's value. Lastly, the original cost may be significantly different from the current cost and, therefore, not relevant to this.