Chapter 4 Basics of IT and Governance (Domain 4.0)
Just allowing the consequences of a negative risk to happen is which type of risk response strategy?
Avoid
Transfer
Mitigate
Accept
What is the process of examining the risk and establishing the appropriate course of action should it occur called?
Risk analysis
Risk probability
Risk response planning
Risk trigger
Kevin is working on a project and he wants to store information on a portable hard drive as a backup to his work computer. What two security considerations should he take into account while using removal media storage? (Choose two)
Back up the data at a regular interval.
Encrypt the removable hard drive to prevent unauthorized access.
Lock the device in an out-of-view area such as a drawer or cabinet.
Do nothing, hackers do not target small projects or businesses.
A potential future event that can have either a negative or a positive impact on a project is known as which one of the following?
An issue
A risk
A hope
A requirement
As you identify all the potential risks that might impact a project, you should record them in which one of the following?
RACI chart
Risk register
Risk probability matrix
Issue log
The activity of selecting risks that have the greatest chance of occurring and the biggest impact on the project should they occur is called which one of the following?
Three-point estimating
Pareto diagraming
Monitoring and Controlling
Risk analysis
The consequence or opportunity the risk poses to the project is known as which one of the following?
Risk response plan
Risk impact
Risk register
Risk probability
Which of the following is defined as the likelihood that a risk will occur?
Risk response plan
Probability and impact matrix
Risk register
Risk probability
Which of the following techniques could be used to create an initial list of risks on a project? (Choose three.)
Parametric estimating
Brainstorming
Three-point estimating
Interviews
Fishbone diagrams
Facilitated workshops
What does it mean to share a positive risk?
Assign the risk to a third party who is best able to bring about opportunity.
Monitor the probability or impact of the risk event to ensure that benefits are realized.
Choose to accept the consequences of the risk.
Look for opportunities to take advantage of positive impacts.
When determining risk probability and impact, which tool typically offers the best results?
Expert judgment
Parametric estimating
Environmental factors
Project documentation
What tool would be used to prioritize and quantify risks, so the information is easy to understand and is visually informative?
Probability and impact matrix
Fishbone diagram
Histogram
Responsibility assignment matrix
All of these are common potential risks to a project EXCEPT:
Teams not attending status meetings
Insufficient budget assigned to the project
Scope changes after the project execution begins
Legal ramifications resulting from the project
What does it mean to exploit a positive risk?
Assign the risk to a third party who is best able to bring about opportunity.
Monitor the probability or impact of the risk event to ensure benefits are realized.
Choose to accept the consequences of the risk.
Look for opportunities to take advantage of positive impacts.
At a minimum, which of the following types of information would be recorded on a risk register? (Choose three.)
Risk score
Risk trigger scores
Risk document review
Risk owners
Description of risk
Mitigation strategy
Attempting to ensure that a risk doesn't happen at all, or eliminating the cause of a negative risk, is what type of risk response strategy?
Transfer
Mitigate
Accept
Avoid
If a project team wanted to enhance a positive risk, what are they trying to accomplish?
Assign the risk to a third party who is best able to bring about opportunity.
Monitor the probability or impact of the risk event to ensure benefits are realized.
Choose to accept the consequences of the risk.
Look for opportunities to take advantage of positive impacts.
What is the activity of determining and documenting any potential risks that might happen on a project?
Risk planning
Risk mitigation
Risk avoidance
Risk identification
What is an individual or organization's comfort level with how likely they are to accept or avoid risk?
Risk register
Risk avoider
Risk taker
Risk tolerance
Joey has been assigned a project where the deadline must be met before the start of the youth activities season, and there is a limited budget for the project. This is an example of what type of influence?
Scope creep
Interaction between constraints
Constraint reprioritization
Stakeholders opinions on the project
Nermit has been working on a chart that lists all the risks that have been identified on a project, along with a numerical score of the likelihood that the risk has of occurring and the score for how impactful the results of the risk occurring would be. What is Nermit creating?
Risk response plan
Risk register
Probability and impact matrix
RACI chart
A construction company has been monitoring tropical storms because of the impact a hurricane that might make landfall would have on the project. A tropical storm has just formed, and forecasters are calling for it to make landfall in a populated part of the country. The company begins to buy extra inventory in lumber and other materials. This is an example of which one of the following?
Risk register
Risk trigger
Risk taker
Risk tolerance
In which project phase would a risk response plan be activated?
Discovery/concept preparation
Initiation
Planning
Execution
Closing
In a briefing to the CEO, the project team explains that there is a risk that the company's two biggest competitors might merge. The CEO asks about the likelihood that this will happen. What exactly is she asking for?
A probability and impact matrix
The risk impact
The risk probability
The risk register
Wigit Construction has completed the risk assessment and cost estimating activities. For certain risks, they have set aside money to cover the costs resulting from possible adverse effects on the project. What are these funds referred to as?
Contingency reserve
Ready reserve
Resource reserve
Management reserve
What are the two forms of acceptance when considering risk response strategies?
Passive
Deliberate
Unintentional
Active
Management for Wigit Construction is concerned with understanding what the negative or positive impacts potential future events might have on a project. What is the management team asking about?
Contingency planning
MOU
Risk
Issues
Every project faces the following potential risks EXCEPT:
Quality defects
Not staying on budget
Scope creep
Project not finishing on time
Which of the following is a tool or technique used in identifying risks to a project?
RASI
SWOT
RACI
COQ
When a change is being considered, the change control board wants to know how the changes can be reversed if needed. What is this called?
Requirements change
Validation
Version control
Regression plan
What is the risk response strategy that attempts to minimize the impact or the probability of a negative risk known as?
Avoid
Transfer
Mitigate
Accept
WigitCom and DewDrops have entered into a partnership to complete a project. Wigitcom wants to ensure that their trade secrets are not revealed or used by DewDrops. What type of agreement should the two organizations use?
RFP
NDA
SLA
MOU
WigitCom is working on a cutover to a new phone system for an agency with a security component. During the planned outage, a problem is discovered that cannot be solved immediately. What should the project team do?
Continue to implement the change.
Implement the regression plan and reverse the changes.
Evaluate the impact and justification of an extended outage.
Identify and document the change.
At the completion of a government project requiring security clearance, what document would a vendor likely be asked to sign?
Service-level agreement
Warranty
Request for proposal
Nondisclosure agreement
Which of the following roles should be included in the identification of risk on a project?
Subject matter experts (SMEs)
Core team members
Stakeholders
All of the above
Both B and C
WigitCom is working on a revolutionary new technology that will potentially alter the entire industry. At an industry conference, a project team member is asked what the team is working on. The employee doesn't share any project details. What is most likely the cause of the employee refusing to share information?
Criticality factors
Cultural differences
Confidentiality constraints
Intraorganizational differences
A government agency has two different business units that have a fleet of trash trucks to pick up garbage. To help save money, the agency decides to move the garbage collection function to a single agency and sell the trash trucks of the other agency. What type of business change is this?
Business process change
Outsourcing
Internal reorganization
Staff turnover
Which of the following is not true regarding environmental, social, and governance (ESG) factors?
It is imperative the project manager understands ESG as it relates to the project so that regulations, standards, and guidelines are followed.
Awareness of applicable regulations and standards is an ESG factor.
PII is an ESG factor that relates to the social factor.
Project impact to company brand value is an ESG factor.
WigitCom is constructing a new mobile ridesharing app. Users of the service will be required to share their location data to sign up for a ride. Which of the following ESG factors would the company need to consider for this project?
DewDrops is the parent company for SunRays, Inc. and DaisyChains. SunRays and DaisyChains agree to provide services to each other and outline specific performance expectations acceptable to the parent company. Which ESG factors would impact the SunRays and DaisyChains projects?
Submitting to audits and inspections
DewDrops data security access policy
DewDrops's mission, vision, and values
Risk tolerance for each of the three companies
What does PII stand for?
Professional infrastructure information
Personally identifiable information
Professional identifiable information
Personal infrastructure information
DewDrops has established a project team in another country. Several stakeholders are irritated because of the difficulty in getting approvals to begin work from the provincial government. This is an example of what kind of ESG factor impacting the project?
Project impact to the local and global environment
Awareness of applicable regulations and standards
Awareness of company vision, mission statements, and values
Project impact to company brand value
What does PHI stand for?
Personal health information
Professional health initiative
Protected health information
Personal health initiative
A new U.S. state law gives customers the ability to request what data a company is storing about their users and how the company is using this information. A global company is having to adjust their product design to conform with this requirement. Which ESG factor is the cause for the project to change in this manner?
Project impact to the local and global environment
Awareness of applicable regulations and standards
Awareness of company vision, mission statements, and values
Project impact to company brand value
Which of the following data sources are considered SPII? (Choose two.)
City
Driver's license number
First name
Social Security number (SSN)
Political party
We Are Here for You! has done work for DewDrops in the past, and has begun to advertise and market that DewDrops is a current project client without DewDrops's consent. What ESG factor might cause DewDrops to issue a cease and desist letter to We Are Here for You! to correct this behavior?
Project impact to the local and global environment
Awareness of applicable regulations and standards
Awareness of company vision, mission statements, and values
Project impact to company brand value
A project manager is assembling a team for a medical company that looks for the highest standards in ethical behavior. The manager is excited by a candidate's skills, attitude, and experience, but a background check reveals the candidate misrepresented their education and work experience. Which ESG factor likely influenced the decision to move away from this candidate?
Project impact to the local and global environment
Awareness of applicable regulations and standards
Awareness of company vision, mission statements, and values
Project impact to company brand value
Which of the following is not true regarding ESG?
PII is an ESG factor that relates to the social factor.
It's imperative the project manager understands ESG as it relates to the project so that regulations, standards, and guidelines are followed.
Awareness of applicable regulations and standards is an ESG factor.
S in ESG stands for social.
Project impact to company brand value is an ESG factor.
DewDrops is growing rapidly. The company's leadership wants to install a system that will allow customers to interact with the company to learn more about the company's products and to obtain support. What kind of a system are they considering?
JAD
ERP
CRM
SAFe
The risk response strategy that focuses on shifting the liability for a negative risk to a third party is known as which one of the following?
Avoid
Transfer
Mitigate
Accept
Risk planning includes all the following activities EXCEPT:
Measuring the SPI and CPI
Analyzing the potential impacts of each risk
Identifying all potential risks to the project
Creating a response to each risk
In which phase of a project would you keep an eye on risks to see if any immediate action should be taken?
Discovery/concept preparation
Initiation
Planning
Execution
Closing
All of the following are response strategies to positive risks EXCEPT:
Mitigate
Exploit
Share
Enhance
All of the following are strategies to deal with negative risks EXCEPT:
Register
Avoid
Mitigate
Accept
With a forecast for a worse than average hurricane season, a construction company is aware that certain material costs could rise if a hurricane makes landfall. They begin daily monitoring of the National Weather Service and start actively tracking any tropical storm as they form so they can quickly act to purchase materials in case a hurricane becomes a legitimate threat. What type of risk response strategy is this?
Mitigate
Transfer
Share
Enhance
Katie is a project manager whose last performance review just barely met the core standards of the organization. Which of the following choices would most accurately express Katie's risk tolerance?
Risk avoider
Risk decider
Risk taker
Risk observer
Karen is a superstar for a company who has had several stellar performance reviews in a row. Which choice would most accurately express Karen's risk tolerance?
Risk avoider
Risk observer
Risk decider
Risk taker
The project team has done an in-depth root cause analysis as to why certain risks might happen. The impact of these risks would lead to positive outcomes. What type of strategy is this project employing?
Accept, negative risk strategy
Exploit, positive risk strategy
Enhance, positive risk strategy
Transfer, negative risk strategy
All of the following would be updates to the risk register following a qualitative risk analysis EXCEPT:
Causes of risks
Watch list of low-priority risks
Risks requiring near-term responses
Numerical evaluation of each risk
The process of determining what impact identified risks will have on project objectives and the probability that they will occur is called what?
Qualitative risk analysis
Identify risk
Quantitative risk analysis
Risk categorization
There is a section of the project management plan that contains elements of risk, including the project methodology, roles and responsibilities, stakeholder tolerances, and categories. What is this called?
Risk register
Risk matrix
Risk response plan
Risk management plan
Which of the following are risk response strategies? (Choose two.)
Avoidance
Assumptions
Acceptance
Analysis
Actual cost
DewDrops is working on building the project team, and it is attempting to conduct interviews with company employees located in a different city. Their company practice is to interview candidates in person, but they attempted to conduct video interviews instead due to global travel restrictions related to the ongoing pandemic. What ESG factors influenced this change in direction?
Project impact to the local and global environment
Awareness of applicable regulations and standards
Awareness of company vision, mission statements, and values
Project impact to company brand value
A company has a large datacenter with nearly a thousand servers and a host of enterprise applications. To align with the company's mission statement, there is a project to move away from high datacenter costs while keeping operational consistency. Which cloud environment should be pursued?
PaaS
IaaS
XaaS
SaaS
What is the purpose of a data warehouse?
To bring various data sources together for the purpose of analysis and decision-making
To separate the data's physical location from other applications
To handle extremely large data environments
To bring all the company's unstructured data together in a central location
WigitCom needs a third party to handle hardware and software tools for the application development team to complete a project. Which cloud model should the project team look to use?
SaaS
IaaS
XaaS
PaaS
What are some disadvantages of using a platform as a service (PaaS)? (Choose three.)
Increased pricing at large scales
More effective application development
Lack of operational features
Reduced control
Public, private and hybrid options
Greater product visibility
All of the following are advantages of using a PaaS EXCEPT:
Reduced complexity
Reduced control
Self-ramping up or down of infrastructure
Easier maintenance and enhancement of applications
What is a cloud model that offers essential compute, storage, and networking resources on demand using a pay-as-you-go model?
IaaS
PaaS
XaaS
SaaS
Which system would be used to help enforce document retention requirements for an IT project's documentation, including project plans and deliverables?
Data warehouse
Enterprise resource planning (ERP)
Customer relationship management (CRM)
Content management system (CMS)
All of the following would be considered drivers of adopting a SaaS application EXCEPT:
Decrease the need to update and maintain traditional client-server applications.
Standardization of the HTTPS protocol providing lightweight security.
Reduced costs of developing new software services.
Organization is forced to remain current as the hosting company updates features.
What is a software application that manages back-office activities such as accounting, human resources, supply chain, operations, and procurement called?
Enterprise resource planning (ERP)
Customer relationship management (CRM)
Content management system (CMS)
Database management system (DBMS)
Which software platform would a company use to easily track all communications and nurture the experience people have with their products and services?
Enterprise resource planning (ERP)
Customer relationship management (CRM)
Content management system (CMS)
Database management system (DBMS)
A transit company is looking to set up an application where riders can get from one location to another using a software application to coordinate all the legs of their journey. Which of the following identifies what type of model this is?
IaaS
PaaS
XaaS
SaaS
In a multitiered architecture, in which tier does the user interact with the system?
Presentation
Processing
Data
Application
What does MFA stand for?
Multifactor architecture
Multifactor authentication
Mid-tier form architecture
Middle factor authentication
Kaysie is applying for a job working on a passenger space flight project for a government agency. To help confirm her employment, what steps might be required for Kaysie to be hired as the project manager? (Choose two).
Background screening
Branding restrictions
Service-level agreement
Clearance requirements
Desiree has pulled into the parking lot at work and is approaching a door where she must scan her badge to gain entrance into the building. Which security concept does this action represent?
Facility access
Background screening
Multifactor authentication
Removable media considerations
When determining if a project team can view privileged information, which three elements must the team member possess to be allowed to view the information? (Choose three.)
Personally identifiable information (PII)
A need to know the information
Security clearance
Protected health information (PHI)
Access to the information
Industry specific compliance
A project is working on a new industry changing technology. To help protect this information, they mark this information as confidential and lock up all key documents and files when there is no one in the room. Why are these documents marked as confidential?
To project national security
To protect trade secrets
To coverup wrongdoing
To identify removable media considerations
DewDrops Medical has made a breakthrough in anxiety treatment with the development of a new medication. What is the best way for the company to protect their intellectual property?
File for a patent.
File for a trademark.
File for a copyright.
File for multifactor authentication.
We Are Here for You! temp agency has hired a firm to create a catchy new jingle that will help customers remember the name and purpose of the company when the company advertises. When they complete the song, what is the best way for the company to protect their intellectual property?
File for a patent.
File for a trademark.
File for a copyright.
File for multifactor authentication.
A project team has created an awesome logo for the new product they are creating that identifies the unique device customers can buy. What is the best way to protect their intellectual property?
File for a patent.
File for a trademark.
File for a copyright.
File for multifactor authentication.
A project team is working for a national department of defense in the creation of new technology to assist medical teams on the battlefield. What is the best answer on why this information might be classified?
To protect intellectual property
To protect national security information
To protect trade secrets
To establish background screening requirements
A project team working on an industry changing technology has a computer policy preventing USB drives from being accessed from the project team's computers. What type of physical security does this policy represent?
Data classification
Multifactor authentication
Mobile device considerations
Removable media considerations
What are all the reasons a company may lock down the use of removable media on the corporate network? (Choose two.)
To prevent malware and virus
To make users work experience harder
To prevent loss of protected data
To comply with the company's mission, vision, and value
Which law established protected health information and the rules governing its release?
OSHA
HIPPA
DoCRA
PgMP
Which of the following would not be considered personally identifiable information?
Name
Social Security number
Date of birth
Census data
What is the process used to document, identify, and authorize changes in an IT environment?
Organizational change management
Executive oversight
Change control
Promote to production
The project team is ready to make a change to a web application already in use by an organization. Which artifact should the project manager refer to in rolling out the changes?
Downtime/maintenance window schedules
Customer notifications
Tiered architecture
Data warehouse
The project team has been asked to identify what actions will be taken if a given IT change has a problem or causes a nonrepairable outage. What has the project team been asked to create?
Automate tests
Risk assessment
Rollback plan
Validation checks
David is the IT change manager supporting a large energy company. In support of an upcoming project change, he has established emails to be sent two weeks in advance, a week in advance and the day of the changes so users can expect an outage and a new layout when the service comes back online. What is David working on?
Rollback plan
Notifications
Validation checks
Maintenance windows
Jarred is a virtualization engineer on a project that is rolling out a configuration change to the whole server farm. After the change, he runs a script that checks to make sure all servers are back online and that their applications are running. What part of the change control process did he perform?
Check downtime schedule.
Execute a rollback plan.
Execute validation checks.
Send customer notifications.
While on a project, Jen has been asked to make a change to an e-commerce application responsible for 90 percent of the organization's revenue. She starts to analyze how long the change might take, what security vulnerabilities exist, and what downstream processes might be impacted by the change. What part of the change control process is Jen performing?
Risk assessment
Automated testing
Release management
Promote to production
The project team is setting up an application that will record all the steps in a timekeeping process. They can then run the steps whenever the team updates the software code. What did the project team set up?
Rollback plan
Automated testing
Manual testing
Risk assessment
The project team is doing all their work in a development environment. They move any changes to a testing environment for validation before they promote the code to production. What operational change control process concept does this represent?
Automate testing
Manual testing
Tiered architecture
Enterprise architecture
Eva has completed the software upgrade related to a project-required change. She calls Wally and asks him to verify the changes by logging in and entering a record to confirm the application is working. What is she asking Wally to do?
Automated testing
Manual testing
Risk assessment
Requirements definition
The project team has been asked to add some additional functionality to an existing application. A business analyst sits down with the stakeholders to be walked through what the application needs to do, how it needs to look, and what other applications or reports the data needs to be shared with. What part of the change control process is the business analyst performing?
Requirements definition
Customer notifications
Release management
Rollback planning
Denise is part of a change control meeting where she presents her proposed change, the timing and communication to stakeholders, and her rollback plan. She gets a green light to proceed. What was Denise seeking during the meeting?
Nothing, this was purely information.
Clarification of the maintenance window.
Approval of the change.
Validation of the change.
One project team member has been placed on a performance improvement plan while assigned to a project. The rest of the project team is upset because they do not see management correcting any of this team member's behaviors. What is causing this misunderstanding?
Cultural difference
Confidentiality constraints
Rapport building
Criticality factors
Which of the following is an example of linkable data becoming SPII?
When the link connects an individual's name to a corporate website
When an individual is shown to live within a specific zip code
When the computer IP address is shown
When an individual's name is linked to their Social Security number
A medical laboratory has a secure door that can only be accessed through a retinal scan and by scanning an authorized badge. What security concept is being enacted in this scenario?
Branding restrictions
Scrum retrospective
Legal and regulatory impacts
Facility access
Wigit Construction has focused on implementing sustainable practices into its processes and has been hired to build a new bridge over a rail line and a wildlife open space. The triple constraints would imply that the project manager work with time, budget, and scope as it relates to quality in getting this project done. What two aspects of sustainable practices should also govern the project manager's approach to completing this project? (Choose two.)
Ensure pollution prevention in the construction to preserve the wildlife habitat.
Create a fund to help convince local decision-makers to waive environmental regulations.
Create a task force to ensure property rights for the rail line and the wildlife habitat are maintained.
Maintain speed of completion as the most important factor even if crews must work long hours for weeks on end.
Time, budget, and scope are considered the triple constraints to tactical project management. What are the three factors that influence sustainable project management from a strategic context?
Environmentally sound, viral social media, economically viable
Economically viable, environmentally sound, return on investment
Which authentication method requires the user to provide two or more pieces of verification evidence to log into your account?
Certificate-based authentication
Token-based authentication
Multifactor authentication
Biometric authentication
For a sustainable-driven company, which of the following is not an area to be evaluated when planning the procurement activities of a project?
Suppliers' past performance or reputation
Unique local requirements of the supplier or project site
Focus on lowest bidder to control costs
The sustainable goals of the provider
Risk management focuses on identifying all the positive and negative events that might impact the success of a project or activity. Which of the following would be considered a nontechnical risk?
Project budget is lacking to complete the project.
Local regulations require 30 percent of the project team to live within the country.
The speed to market of the product will determine the market winner.
The time to complete the project is insufficient for the requirements requested.
WigitCom has a project to open a store in a new country in which it has never done business before. This new country has laws called the consumer bill of rights, which outline a company's responsibility to collecting private data as well as a consumer's ability to see and/or restrict the collection of this data. Which ESG factor would influence WigitCom's project activities?
Project impact to the local and global environment
Awareness of appliable regulations and standards
Awareness of company vision, mission statements, and values
Project impact to company brand value
In May 2018, Europe enacted the GDPR with widespread implications to privacy and the treatment of data. What does GDPR stand for?
Greater Data Privacy and Remediation
General Data Protection Regulation
Greater Discovery for Protecting Remote Access
General Data Privacy Regulation
The Payment Card Industry Data Security Standards (PCI DSS) address the handling and management of payment card data. This act covers all aspects of payment card data handling, including acquiring, transmitting, storing, and processing these data. What is the PCI DSS an example of?
Industry-specific compliance
Personally identifiable information
Regulatory impacts
Country-specific privacy stipulation
The Sarbanes–Oxley Act is a 2002 U.S. law and was enacted to protect against fraudulent financial transactions by corporations. Sarbanes–Oxley would be an example of which compliance consideration?
Industry-specific compliance
Protected health information
Country-specific compliance regulation
National security information
Deploying a new information system into production while failing to safeguard security and privacy would have all of these inherent risks EXCEPT:
Disclosure of information
Unauthorized access to systems and information
Failing a project gate review
Breach of legal requirements
All of the following are used in an Agile approach to project management EXCEPT:
Burndown charts
WBS
Continuous requirements gathering
Sprint planning
Which information security concept addresses where and how your data is stored?
Digital security
Physical security
Network and system security
Application security
Sam has been assigned to work remotely in the United States on a project in South America. Why might Sam have to take additional precautions to store data beyond his company's ordinary data practices?
To enhance the brand value to the company brought on by the project
To protect national security information since data is flowing internationally
To align to local security laws governing where and how to store data
To take advantage of a new data warehouse being constructed
Which of the following are examples of physical security considerations? (Choose three.)
Network uptime and availability
Smoke and fire alarms
Access control systems
User authentication
Risk management polices
Data backups
Which of the following is not an area of application security?
Data backup and availability
Data sharing and role-based access control
Project management software data encryption
User authentication
Which of the following is both a serious risk management issue and a compliance/legal matter?
Branding restrictions
Anything as a service
Data security classification
Data privacy
The commitment to keep a person's or organization's information private and protect unauthorized disclosure of information from being disclosed is known as which of the following?
Confidentiality
Security clearance
Privacy
Data sensitivity
Which project management tool helps determine whether a system, process, or program involving personal information raises privacy risks?
Multitiered architecture
Privacy impact assessment
Service-level agreement
Backlog prioritization
Crystal has applied for a job supporting a national space program and has been asked to complete documentation that will allow a thorough review of her trustworthiness to work on the project. Which information security concept is in play for this applicant?
Clearance requirements
Facility access
Background screening
Access on a need-to-know basis
What is the purpose of establishing security clearances for project team members?
Democratize data to even the playing field for all.
Create needed overhead to keep people employed.
Allow vetted individuals access to restricted information.
Protect the team members' personally identifiable information.
Project team members are required to get a badge that opens electronic locks for access to where a new product is being created. Which type of security access does this represent?
Physical security
Operational security
Digital security
Application security
A project has developed a new political polling application to help in an upcoming election. The application was originally developed for a single state's use, but now there seems to be a market for the application across the country. Which of the following is not one of the actions the project team should take next?
Assess legal and regulatory impacts for a national rollout
Identify country- and state-specific privacy regulations
Enable multifactor authentication for project team members
Conduct a privacy impact assessment
WigitCom's project manager is ready for the team to promote new code to production. In talking with the business, they decide the third Sunday between 8 p.m. and 11 p.m. would be the most ideal as business is the slowest during that time. What did the project manager and business just negotiate?
Promote to production plan
Automated testing
Customer notifications
Maintenance window
Which of the following are reasons to build sustainability into project management practices?
Reduces resource turnover
Reduces project crisis situations
Minimizes project cancellations and interruptions
Creates a competitive advantage
All of the above
None of the above
A project is underway to expand service to a new country. This new country has laws called the consumer bill of rights governing the collection of private data as well as a consumer's ability to see and/or restrict the collection of this data. Since the project team is part of a global company, would they have to adhere to these regulations?
No, as a global company they need to manage their service to the global need and not the local company.
No, the company was not doing business when the law was passed.
Yes, to avoid fines or a loss of the ability to do business in country, they must conform to the law.
Yes, as a gesture of goodwill, the company should start out following the law and then use their leverage later to avoid compliance.
A project manager is working on a new ride share system in the United States. The project manager is aware of the GDPR law that was passed in Europe. Although the project is based in the United States, why might the project manager need to adhere to the GDPR?
They would not; the laws of the United States are the only ones that matter.
For ease of scalability, in case the application is ever moved to Europe.
They would not, since the application would never be used in Europe.
When data on European citizens is stored, companies must abide by the GDPR.
Why might a company consider choosing to integrate sustainability concepts into their project management practices?
Organizations want to assume the responsibility for the societal impacts of their products and services.
Organizations want to avoid the risk associated with their products and services.
Organizations want their customers to assume responsibility for the societal impacts of their products and services.
Organizations do not want to integrate sustainability into their projects because it is bad for the bottom line.
What is the “triple bottom line” in creating sustainability in project management?
Balance between time, money, and scope as it pertains to quality
Harmony between time, scope, and economic sustainability
Balance between social sustainability, environmental sustainability, and scope as it pertains to quality
Harmony between economic, social, and environment sustainability
Where should the identification of relevant environmental and social risks and impacts be recorded?
They are not recorded as part of a project.
They are recorded in the risk register.
They are recorded in the meeting minutes.
They are recorded in the issue log.
Which ESG factor shows up as a criterion for deciding whether to take on a project and how to execute that project?
Environmental
Social
Governance
None of the above
Which ESG factor considers the relationships among stakeholders who take part in or are influenced by a project?
Environmental
Social
Governance
None of the above
Which ESG factor directs the way a project will be led as well as the regulations and standards that may dictate how the project will unfold and what processes must be followed?
Environmental
Social
Governance
None of the above
Which of the following are reasons to build sustainability into project management practices?
Increases resource turnover
Maximizes project crisis situations
Ensures project cancellations and interruptions
Creates a competitive advantage
All of the above
None of the above
Which ESG factor is most likely to get overlooked in project planning and execution?
Environmental
Social
Governance
All of the above
None of the above
Questions such as “Will the customer experience service be disrupted?,” “Will the project team be expected to work extended hours?,” and “How will a new organizational structure affect diversity?” are related to which ESG factor?
Environmental
Social
Governance
Organizational
WigitCom planned a project to decommission a datacenter but failed to consider how to properly dispose of retired servers, monitors, and network gear. The original plan had an activity to select the lowest bidder for the disposal, but a local regulation requires this type of equipment be disposed of through a certified electronics recycler. Which two ESG factors contributed to this project change? (Choose two.)
Environmental
Social
Governance
Organizational
Which of the following would be potential project impacts regarding governance? (Choose two.)
Pollution of the local environment's water supply and landfills
Project delays due to failing to consider regulatory requirements on the project schedule
Rework due to failing to meet standards related to personal data
Project team members not being appropriately compensated for overtime
For a sustainable-driven company, which of the following is not an area to be evaluated when planning the procurement activities of a project?
Suppliers' past performance or reputation
Unique local requirements of the supplier or project site
Ability to comply with industry standards such as HIPPA or PCI
The ability to adhere to meet time deadlines over all other requirements
DewDrops just launched a new vision to be the model for sustainable practices in their industry. A project is nearing completion when this new mission was announced through a press release. What steps, if any, should the project team take to account for this change in vision?
Do nothing; stakeholders will understand the project was almost complete when this was announced.
Put a warning on their product that the product will likely change in the future because of this announcement.
Perform a sustainability impact assessment to see if there are deliverables that need to be changed and update the project plan if so.
Move forward “as is” and incorporate the new philosophy into future projects.
The CEO of a large corporation has asked to be granted access to all digital files for a new project. Why might the CEO be denied this request despite being the highest-ranking individual in the organization?
Does not have clearance.
Does not have access.
Does not have a need to know.
This request should always be granted.
A software development project has changed project managers from Ellen to Michelle. Using the principle of least privilege, which level of access should Michelle be given to look at the project data?
Michelle should be granted the same access as Ellen.
Michelle should only be granted high-level access to data until she has been on the project longer.
Michelle does not need access granted to her to perform her duties on the project.
Michelle should be granted access to all information in the organization.
A project manager has asked for a legal review of a contract before it is awarded. The email the project manager receives from the legal team includes language stating “This correspondence represents privileged and confidential communication between a client and their attorney.” What type of data security protocol does this warning provide?
Multifactor authentication
Access on a need-to-know basis
Data classification
Background screening
Anvay is part of the IT security team and has been asked to grant permissions for a new employee to see the engineering team's file share. What step should Anvay take prior to performing this task?
Grant the access immediately.
Check the business justification and compare to established security protocols.
Do not grant the access.
Grant the access after an established waiting period.
A project team member is being terminated from a project involved with the development of intellectual property effective immediately. What is the appropriate course of action for the project manager?
Brief the terminated employee on brand restrictions.
Perform a background screening and check clearance requirements.
Immediately revoke the terminated employee's permissions.
Wait for guidance from human resources before doing anything.
A list of steps undertaken to undo a release and restore a system to its original state is known as what?
Risk assessment
Anything as a service
Continuous integration process
Rollback plan
Which form of quality assurance for a software release would include team members following a checklist and performing actions such as data entry, validating functionality, and viewing reports?
Automated testing
Turing testing
User acceptance testing
Manual testing
A system needs to be taken offline for maintenance to be performed. The project manager reviews the RACI chart and finds the dispatch center has to be informed about the outage. What change control step should the project manager take?
Perform a risk assessment.
Send customer notifications.
Perform software validation checks.
Release the software.
A company has gone through a rapid growth cycle and now has several one-off systems for activities like the company's finances, supply, and human resources. The leaders of the company want to have a system that brings these activities together. What kind of system would meet these needs?
CRM
LAN
ERP
XaaS
WigitCom has incorporated a sustainable focus into their project to build a new videoconferencing platform. Which of the following is not one of the elements the project manager would need to consider when adopting a more sustainable approach?
Work-line balance of the project team to reduce burnout
Limiting unnecessary travel of the project team to reduce emissions
Creating a compensation model to get the most affordable project team
Creating equitable hiring practices to support innovation and social inclusion
WigitCom has built a new application to allow customers to share their homes to guests who want to use the home for their vacation. They are excited for the opportunities this new software will provide to the property owners and renters alike. Which laws would make the most sense to design against from the inception of the project?
GDPR
HIPP-A
PMBOK®
PRINCE2
Trevor is the project manager over a civil engineering project, and one of the risks of the project has the potential for a sinkhole in the area where a road is supposed to be built. The project team reports that a sinkhole did in fact form in this area. Which two items are true about this event? (Choose two.)
The risk has now become an issue.
The project team accepted this risk.
The risk trigger has happened, calling for a response.
This needs to go through the change control process.
The project team is trying to update a software application that exists on a single-server environment. This is complicated testing, development, quality assurance, and training. What type of solution could they recommend to help the development of this application?
Automated testing
Requirements definition
Tiered architecture
Continuous deployment process
WigitCom has a problem on an e-commerce website that is causing an outage resulting in a million dollars of lost revenue every hour. In which environment should changes be made?
Testing
Production
Quality assurance
Development
In IT service management, what is the standard traditionally used for change control methods guiding the entire IT life cycle?
Information Technology Infrastructure Library (ITIL)
Which type of change management focuses on service transitions such as moving from one vendor to another or getting all your departments on board with a new ERP platform?
Organizational change management
On-premises change control
Cloud change control
Shift change management
Which change control method is divided into areas of focus such as business model, governance, and the use of a platform?
Organizational change management
On-premises change control
Cloud change control
Shift change management
All of the following are challenges with cloud change management EXCEPT:
Siloed communications
Restricted approval process
Rapid approval process
Legacy business processes lacking agility
Which change control approach needs to facilitate faster change processes?
Organizational change management
On-premises change control
Cloud change control
Shift change management
Which change control approach typically needs abundant planning for capacity upgrades and other infrastructure changes?
Organizational change management
On-premises change control
Cloud change control
Shift change management
Which change management philosophy is focused on the adoption of new business process, tools, and support models?
Organizational change management
On-premises change control
Cloud change control
Shift change management
Which process refers to the planning, design, scheduling, testing, and deploying of new applications or upgrades?
Cloud change control
Incident or problem management
On-premises change control
Software release control
Which type of management is primarily concerned with how changes flow through preproduction environments?
Problem management
Release management
Change management
Project management
Wigit Construction has been tasked with repaving a bridge that is a major thoroughfare for a large metropolitan community. They are allowed to shut down traffic from midnight until five in the morning for two weeks straight. What would this five-hour block be called in operational change control terms?
Release management
Validation check
Work breakdown structure
Maintenance window
Kayla has been working during an outage to upgrade a production database to its most current version. The upgrade is behind schedule, and she has three hours of work to complete in the next 45 minutes. What change control process should she execute?
Perform validation checks.
Initiate the rollback plan.
Start automated testing.
Modify the downtime window.
The build and unit testing stages of a software release process where every version committed triggers an automated build and test is known as which of the following?
Cloud change control
Anything as a service
Continuous integration/continuous deployment process
Tier architecture/promote to production process
What is a development process where programmers commit code to repositories frequently and ideally several times a day known as?
Continuous integration
Software release management
Software as a service
Enterprise resource planning
The collection of hardware and software that determines how fast computations can be made, when systems are connected, and what storage is available is known as which of the following?
Infrastructure as a service
Multitiered architecture
Electronic document and record management systems
Computing services
What is the correct definition of storage?
The processing power, memory, networking, and other resources needed for computational success of a program
The process through which digital data is saved and recovered through computer technology
A structured set of data held in a computer with multiple channels for access
A connected set of computers used to exchange data and share resources with each other
What is the definition of a database?
The processing power, memory, networking, and other resources needed for computational success of a program
The process through which digital data is saved and recovered through computer technology
A structured set of data held in a computer with multiple channels for access
A connected set of computers used to exchange data and share resources with each other
In terms of information technology, what is the best way to describe a network?
The processing power, memory, networking, and other resources needed for computational success of a program
The process through which digital data is saved and recovered through computer technology
A structured set of data held in a computer with multiple channels for access
A connected set of computers used to exchange data and share resources with each other
The facilities department has all the blueprints and support plans for the corporate buildings they manage. Which of the following would be the appropriate location to store this information?
Enterprise resource planning (ERP)
Customer relationship management (CRM)
Electronic document and records management system (EDRMS)
Database management system (DBMS)
May has completed her work for the week. She logs into a system to record her time and billing for the week. When she completes that task, she moves to another part of the system to record her expenses for reimbursement purposes. What kind of system is May logged into?
Data warehouse
Customer relationship management
Enterprise resource planning
Content management systems
Max has been assigned as the project manager for a new IT project. She has been assigned an account code to track and report on all budget and spending items related to the project. Which software application does the organization assign and use this code?
Financial systems
Software as a service
Data warehouse
Project management information system
The marketing department of DewDrops has just completed a campaign for a service in a new area. The team wants to share their data and findings with the rest of the company to help other departments and the corporate leadership look for trends and help guide future decision-making. Where should the team upload this information?
Data warehouse
Cloud storage
Print the data and distribute hard copies
To a PaaS provider
Which cloud model is a software licensing and delivery model where software is licensed on a subscription basis and is centrally hosted?
IaaS
PaaS
XaaS
SaaS
What would you call detailed explanations of how to execute a process, method, task, or program that also outlines precise steps needed to successfully complete the item?
Anything as a service
Data warehouse
Documentation
Computing services
Which system would you use to process expense reports, make entries into the general ledger, or process PCard (purchasing card) or POs (purchasing orders)?
Content management systems
Data warehouse
Electronic document and record management systems
Financial systems
Will works taking phone calls from the public dealing with a variety of issues, including billing, adding or ending service, or complaints about service quality. What type of system would Will be using to research the caller's history and find meaningful information related to their account?
Enterprise resource planning (ERP)
Customer relationship management (CRM)
Content management system (CMS)
Database management system (DBMS)
Nancy has been hired on to a project to help manage the social media presence and develop a website communicating the timing and upcoming products and services the project will deliver. Which software should she use to manage the website?
Electronic document and records management system (EDRMS)
Content management system (CMS)
Customer relationship management (CRM)
Enterprise resource planning (ERP)
Software development kits (SDKs), user guides, run books, and product manuals are all examples of which of the following?
Data warehouse
Customer relationship management
Documentation
Content management systems
The project team has been asked to turn over all relevant records regarding the project and to assign the documents a category determining how long to keep the documentations after the project is completed. Where should the project manager look to evaluate which categories should be used?
Organizational retention schedule
Project charter
Project management information systems
Data warehouse
A local government organization has determined the cost of hosting a disaster recovery site is prohibitive and so they are seeking a service provider capable of meeting their recovery time and recovery point objectives. What type of cloud model is this agency looking to use?
Software as a service (SaaS)
Platform as a service (PaaS)
Anything as a service (XaaS)
Infrastructure as a service (IaaS)
With the adoption of the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which organizational business unit becomes a more important stakeholder for projects?
Legal
Public relations
Finance
Information technology
Which privacy consideration law requires integrating specific data protection practices into business offerings as well as adding processes to address data subject requests?
GDPR
CCPS
HIPPA
All of the above
None of the above
Which discipline helps legal departments stay in compliance with emerging laws on an ongoing basis?
Project management
Asset management
Change management
Internal and external audit
All of the following are reasons project management needs to be involved to achieve regulatory compliance EXCEPT:
Regulations change over time.
Data is being collected on an exponential pace.
Laws of other countries do not carry regulatory impact.
New regulations are constantly being enacted.
All of the following are risks of noncompliance of country, state, or province-specific privacy regulations in project management EXCEPT:
Increase in security breaches
Increase in consumer privacy considerations
Loss of productivity
Reputational damage
A steering committee is questioning a proposed budget item in a project budget to ensure compliance with privacy laws. The committee debates the need for this activity to be completed as it carries a high cost. What is the best argument the project manager can make for the investment in compliance?
Compliance is the cost of doing business.
Noncompliance saves the company money and can be struck.
No one will find out if the project does not perform that activity.
Noncompliance costs the company more money.
Which of the following are not risks of failing to comply to regulatory requirements? (Choose two.)
Penalties and fines
Gain a competitive advantage
Compliance litigation
Reputational damage
Restricted access to markets and product delays
Regulated out of business
What is a project manager's responsibility to behave ethically?
Project managers abide by a code of ethics.
It depends on the organization.
Project managers must focus on schedule, budget, and scope above all things.
Ethical behavior does not apply to project management.
Professionals who act in an honest, responsible, and respectful way are exhibiting which type of behavior?
Unethical
Criminal
Ethical
Regulatory
In which project life cycle phase should the regulatory impact assessment process begin?
Discovery/concept preparation
Initiation
Planning
Execution
Closing
All of the following would be considered basics for compliance in project management EXCEPT:
Add compliance activities to the project schedule.
Ensure regulatory management responsibility is assigned.
Monitor changes in regulation.
Manage compliance risk and activities as its own project.
Wigit Construction has been hired to create a new highway road signage system for a large state. They have undertaken this project in other states as well, so they have a solid boilerplate for their project activities. Does a regulatory scan still make sense for this project due to repeatability of successful projects delivered in other states?
No, highway and constructions projects are beholden to national laws and regulations, so compliance is assured.
Yes, state-level regulations may differ, and a regulatory scan will help to illuminate the requirements.
No, highway projects are not concerned with privacy implications as it serves a public good.
Yes, even as a non-value-added activity, the documentation of performing the step will reduce future liability.
In 2015, the U.S. federal government enacted the Program Management Improvement and Accountability Act. What area of compliance is this area focused on?
Privacy
Project management
Financial management
Healthcare
A company utilizing its offshore team has just won a contract to work on replacing a government agency's financial system. The contract stipulates there is personally identifiable information stored in the system and has a service-level agreement enforcing this clause. What steps if any should the project manager take as the project team is built?
Educate the team on the importance of cybersecurity.
Educate the team on the contract clause and their responsibilities.
Educate the team on personally identifiable data and how to handle it.
All of the above.
Only A and C.
Benched resources are when the project has which of the following issues?
Individuals who are finished with the project but have not yet started a new assignment
Individuals who have too much work for them to be able to complete the project
A lack of talent in the industry, which leads to a shortage of qualified personnel on the project
Individuals ordered to the sidelines because of their performance
In which of the following situations would team-building efforts provide the most impact on a project? (Choose three.)
Team discord
Schedule changes
Missed deliverables
Project phase completion
Lessons learned meeting
Change in project manager
Which of the following statements is true regarding a SWOT analysis?
Strengths/weaknesses are external to the organization; opportunities/threats are internal to the organization.
Strengths/weaknesses/opportunities/threats are all external to the organization.
Strengths/weaknesses are internal to the organization; opportunities/threats are external to the organization.
Strengths/weaknesses/opportunities/threats are all internal to the organization.
In the project management context, what does COQ stand for?
Cost of quality
Critical to quality
Cost of quantities
Critical of quantities
Which of the following would you need in the calculation of the risk score? (Choose two.)
SPI
Risk impact
CPI
Risk probability
Risk trigger scores
EAC
What is the critical chain method?
Schedule network analysis technique
Dependency model
Signature path for project charter approval
Earned value method
Harry works for a research and development firm trying to create a revolutionary new product. The likely risk tolerance for the company is which one of the following?