1. Right Answer: A,B,C
Explanation: Risk identification is the process of determining which risks may affect the project. It also documents risks' characteristics.Following are high-level phases that are involved in risk identification and evaluation: Collecting data- Involves collecting data on the business environment, types of events, risk categories, risk scenarios, etc., to identify relevant data to enable effective risk identification, analysis and reporting. Analyzing risk- Involves analyzing risk to develop useful information which is used while taking risk-decisions. Risk-decisions take into account the business relevance of risk factors. Maintain a risk profile- Requires maintaining an up-to-date and complete inventory of known threats and their attributes (e.g., expected likelihood, potential impact, and disposition), IT resources, capabilities, and controls as understood in the context of business products, services and processes to effectively monitor risk over time.Incorrect Answers:D: It comes under risk management process, and not in risk identification and evaluation process.

2. Right Answer: D
Explanation: The potential choices of risk based decisions are represented in decision tree analysis via. Decision node, as decision nodes refers to the available choices.Incorrect Answers:A: End nodes are the final outcomes of the entire decision tree framework, especially in multilayered decision-making situations.B: Root nodes represent the start of a decision tree.C: Event nodes represents the possible uncertain outcomes of the decision, and not the available choices.

3. Right Answer: C
Explanation: Risks and the corresponding responses are documented in the risk register for the project. Risk register is a document that contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. Description, category, cause, probability of occurring, impact on objectives, proposed responses, owner, and the current status of all identified risks are put in the risk register.Incorrect Answers:A: The stakeholder management strategy defines how stakeholders and their threats, perceived threats, opinions, and influence over the project objectives will be addressed and managed.B: The outcome of risk events and the corresponding risk responses may be documented in the project's lessons learned documented, but the best answer is to document the risk responses as part of the risk register.D: The risk management plan defines how risks will be identified and analyzed, the available responses, and the monitoring and controlling of the risk events. The actual risk responses are included in the risk register.

4. Right Answer: A
Explanation: The cost of the response, which is applied so as to reduce risk within tolerance levels, is one of the most important parameter. By considering the cost of response, it is decided whether or not benefits of applying response is greater than accepting the risk; and according to this analysis it is decided whether the certain response should be applied or not. For example, if risk transfer response is applied by using insurance, then cost would be the cost of insurance.Incorrect Answers:B: This parameter is considered after analyzing the cost of response, which will further decide the level of sophistication of risk response. The enterprise's capability to implement the response means that if the risk management process is mature then the risk response is moreC: This is one of the parameters that is considered but is not as important as considering cost of response. The importance of the risk is determined by the combination of likelihood and magnitude levels along with its position on the risk map.D: Efficiency of response can only be analyzed after applying the response. So it is the latter stage in selection of response.

5. Right Answer: D
Explanation: Contingent response strategy, also known as contingency planning, involves adopting alternatives to deal with the risks in case of their occurrence. Unlike the mitigation planning in which mitigation looks to reduce the probability of the risk and its impact, contingency planning doesn't necessarily attempt to reduce the probability of a risk event or its impacts. Contingency comes into action when the risk event actually occurs.Incorrect Answers:A: Risk acceptance means that no action is taken relative to a particular risk; loss is accepted if it occurs. If an enterprise adopts a risk acceptance, it should carefully consider who can accept the risk. Risk should be accepted only by senior management in relationship with senior management and the board. There are two alternatives to the acceptance strategy, passive and active. Passive acceptance means that enterprise has made no plan to avoid or mitigate the risk but willing to accept the consequences of the risk. Active acceptance is the second strategy and might include developing contingency plans and reserves to deal with risks.B: Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together. The main control types are: Managerial(e.g.,policies) Technical (e.g., tools such as firewalls and intrusion detection systems) Operational (e.g., procedures, separation of duties) Preparedness activitiesC: Risk avoidance means to evade risk altogether, eliminate the cause of the risk event, or change the project plan to protect the project objectives from the risk event.