Pass CIMA Risk Management Exam in First Attempt Guaranteed Updated Dump from VCEPrep!
Pass P3 Exam with 268 Questions - Verified By VCEPrep
NEW QUESTION 126
HBN is a service company that offers cloud-based data storage and management on behalf of clients HBN pays an independent accountancy firm to review its cybersecurity arrangements, conduct penetration tests and report to HBN's Board on the results Which TWO of the following are correct?
- A. Potential clients for HBN's services will expect to receive copies of these independent reports immediately after they are submitted.
- B. HBN could save time and reduce cost by having its own internal audit department conduct these investigations and report accordingly.
- C. The independent accountancy firm will disclose all of the shortcomings that it identifies in its report, even if they embarrass HBN
- D. The independent accountancy firm will guarantee that there are no control weaknesses in HBN's systems, provided its results prove satisfactory
- E. It would prove simpler for HBN to permit clients to conduct their own cybersecurity reviews that would take account of the sensitivity of their data
Answer: B,E
NEW QUESTION 127
D is a large oil refinery.
The managers have identified four risks shown in the risk map below:
Which of the risk mitigations listed below would be the best for dealing with the two risks classified as medium likelihood and high impact?
- A. Transfer
- B. Accept
- C. Reduce
- D. Avoid
Answer: A
NEW QUESTION 128
YHJ is considering an investment in a project that will cost $20 million. Annual fixed costs will be $12 million per year, excluding depreciation. Annual sales are forecast at 5 million units, with a contribution per unit of
$8. After five years the equipment will be worn out and YHJ will have to spend $50 million on disposal costs.
The discount rate is 10%.
Calculate the sensitivity of the net present value of this project to a 20% increase in the disposal costs.
- A. 13%
- B. 20%
- C. 31%
- D. 11%
Answer: D
NEW QUESTION 129
Assuming a company has both internal auditors and risk managers, indicate which of these would perform the duties listed below:
Answer:
Explanation:
NEW QUESTION 130
Which TWO of the following are benefits of carrying out a post-completion audit of capital projects?
- A. A post-completion audit can help management understand what went wrong with a project in order to try and prevent the same problem occurring in the future.
- B. A post-completion audit can investigate variances from the budget on completed projects.
- C. A post-completion audit can help find out where a project went wrong so it can be fixed immediately.
- D. A post-completion audit can help find out who was to blame for a project exceeding the budget.
Answer: A,B
NEW QUESTION 131
Company N is considering opening another production plant in Northland, a country 2000 km from its current production plant location N would also sell its products in Northland Which TWO of the following are business risks'
- A. The risk that the Northland currency may strengthen making it expensive.
- B. The risk that interest rates may rise making N's loans expensive.
- C. The risk that Northland may not be able to support N's technology requirements.
- D. The risk that Northland's government may introduce policies that would be unfavorable to N.
- E. The risk that it may be difficult to sell its products in Northland.
Answer: C,E
NEW QUESTION 132
AZX sells electrical components.
AZX's annual turnover is S24 million. Half of all sales are on 30 days' (1 month) credit
5% of credit sales have to be written off as unrecovered debt
25% of such write off is subsequently recovered through debt collection and legal action.
What is the expected loss each year due to credit risk?
- A. 51,200,000
- B. $900,000
- C. S450,000
- D. $600,000
Answer: C
NEW QUESTION 133
TDC is a company which runs gas-fired power stations in western Europe. The Risk Committee has just received a report that a power station built to the same design and specification in a developing country has recently collapsed. The causes of the collapse are unclear but the consequences for TDC would be catastrophic if something similar were to happen in Europe Which of the following actions being considered by the Risk Committee are ethical?
Select ALL that apply
- A. Draw up contingency plans in case some of TDC's power stations need to be shut down
- B. Commission a reputable firm of structural engineers to carry out a review of all power stations owned by TDC
- C. Decide that the information available to date is too uncertain to take any action for now
- D. Attempt to increase the level of insurance cover against this type of eventuality
- E. Issue a press release confirming that all TDC's power stations are "entirely safe'.
- F. Send experts employed by TDC to the site of the collapse so that they can gather information first hand on what happened
Answer: A,B,F
NEW QUESTION 134
ABC is an online retail chain which operates on a 24/7 basis It has been updating its Cyber Security processes and has implemented a centralised monitoring process to track activity through its web access portal Which of the following activities will increase the awareness of its cyber security risk most effectively?
- A. ABC should monitor and record every keystroke of every user.
- B. ABC should monitor and record every device type used for access
- C. ABC should monitor and record all failed access attempts.
- D. ABC should monitor and record every out of hours access
Answer: C
NEW QUESTION 135
Systems Development Lifecycle (SDLC) is used to manage risk within the development of new computer systems.
Which THREE of the following are appropriate controls to manage risk within the SDLC Process?
- A. When doing the analysis for the new system particular care should be taken over the data specification, transformation and manipulation, ensuring that expected outputs are defined and that such output meets the needs and expectations of the business users.
- B. When developing the new system, the developers must follow defined programming standards and carry out component test to specified test harness outputs.
- C. When the implementation of the new system is taking place, parallel running must be undertaken to ensure the output for the new system exactly matches that from the old system.
- D. When planning the new system, a clear business case must be approved specifying functionality, data transformation, expected costs and benefits.
- E. When designing the new system, controls must be put in place to ensure that all the functionalities of the old system are replicated.
- F. The Post Completion Review should take place immediately after the implementation while all the facts are still fresh in everyone's minds.
Answer: A,B,D
NEW QUESTION 136
Which of the following best describes the relevance of value at risk (VaR) as a decision tool?
- A. VaR can only measure downside risk
- B. VaR quantifies past volatility
- C. VaR quantifies future volatility
- D. VaR quantifies the maximum loss that could ever be incurred
Answer: B
NEW QUESTION 137
YY is a company which generates electricity from alternative energy sources It has just begun constructing a wind farm near a well-known beauty spot The protect has been controversial as campaigners say it will be noisy and unsightly.
The campaigners took legal action but lost the case Some of them have started a campaign of direct action against YY and are physically blocking roads leading to the site and attempting to intimidate YY's staff YY has hired a security company to help it to protect its staff Which of the following statements are view in relation to the ethics of this scenario'' Select ALL that apply.
- A. The generation of electricity from clean renewable and sustainable sources is too important for the protestors' concerns to be considered
- B. Since the protestors have already lost their court case they would no longer be ethically justified in engaging in political lobbying to try to get the government to change the law in this area
- C. The security firm must take care not to use more force against the protestors than is absolutely necessary.
- D. YY is within its rights to hire the security firm because it has duty of care to its employees
- E. YY no longer has any duty of care to the protestors since their actions are illegal because they lost their court case
Answer: A,C,D
NEW QUESTION 138
P has decided to invest in a new warehouse at a cost of $2,000,000. The discount rate of the project is 18% and the present value of the tax shield is £26,000.
What is the minimum acceptable Internal Rate of Return of the project?
- A. 18%
- B. 18.23%
- C. 16.50%
- D. 17.77%
Answer: D
NEW QUESTION 139
A junior sales clerk at BCD, a wholesale jewellers, received an email which appeared to be from a well known parcel delivery company informing her that a delivery had been attempted outside office hours and had consequently failed She was asked to click on a link and complete some seemingly innocent but logical questions to effect the delivery on the next day She thought no more about it but was very surprised the next month to be awarded salesperson of the month as her sales had doubled Unfortunately, on investigation it was found that this was as a result of several fraudulent orders for high-value items that had seemingly been placed by an existing customer but delivered to a new address, which turned out to be a temporary box number The existing customer's credit card had been fraudulently charged for these orders Which of the following types of cyber-attack had the sales clerk been a victim of?
- A. Botnets
- B. Trojan
- C. Ransomware
- D. Malvertising
Answer: D
NEW QUESTION 140
CDE an online ticket sales agent, has unwittingly become an accomplice in cyber crime and is suffering attacks on its own business as a result CDE's website was poorly designed and cyber-attackers have managed to inject the site with malware, so that it collects all of CDE's customer log-in information and enables the cyber-attackers to retrieve it.
The cyber-attackers subsequently use this information to set up Botnet agents in the customers' devices which are then used in a Distributed Denial of Service (DDoS) attack whenever very popular tickets are being placed on sale such as international football matches.
The cyber-attackers secure access to a single portal on the site and buy multiple tickets for subsequent sale on the black market while the DDoS causes all other portals to be overloaded preventing real fans acquiring the tickets at face value.
Which TWO of the following apply in this scenario?
- A. CDE customers will turn to other ticket sources for their tickets
- B. CDE is likely to lose the ticket franchise for international football events
- C. CDE will need to implement a new firewall to prevent this type of attack.
- D. CDE will remain just as profitable selling to the black market as to real fans
- E. CDE is likely to face significant fines for the breach.
Answer: C,E
NEW QUESTION 141
You are a junior accountant in a local accountancy firm with many clients in various businesses.
Your immediate manager has asked you to collect certain personal details about clients' staff from the firm's records. You suspect that his intentions are malicious.
You asked your manager to explain why he required these details and he told you it is none of your business.
What should you do? Select TWO responses.
- A. You should seek to have a confidential discussion with the manager's superior and express your concerns.
- B. You should keep a log of all the facts that the manager has requested, including the dates on which those requests were made.
- C. You should raise the matter with the firm's external auditors.
- D. You should stop being impertinent and obtain the details as instructed.
- E. You should try to find out what the manager wishes to use the details for.
Answer: A,B
NEW QUESTION 142
......
Penetration testers simulate P3 exam: https://www.vceprep.com/P3-latest-vce-prep.html