Which of the following statements correctly describes DIACAP residual risk?
A. It is the remaining risk to the information system after risk palliation has occurred.
B. It is a process of security authorization.
C. It is the technical implementation of the security design.
D. It is used to validate the information system.
A
Which of the following is a standard that sets basic requirements for assessing the effectiveness of
computer security controls built into a computer system?
A
A security policy is an overall general statement produced by senior management that dictates what
role security plays within the organization. What are the different types of policies?
Each correct answer represents a complete solution. Choose all that apply.
B,C,D
Which of the following processes is a structured approach to transitioning individuals, teams, and
organizations from a current state to a desired future state?
C
Which of the following is used to indicate that the software has met a defined quality level and is
ready for mass distribution either by electronic means or by physical media?
B
Which of the following statements about Discretionary Access Control List (DACL) is true?
C
During qualitative risk analysis you want to define the risk urgency assessment. All of the following
are indicators of risk priority except for which one?
B
During which of the following processes, probability and impact matrix is prepared?
C
Walter is the project manager of a large construction project. He'll be working with several vendors
on the project. Vendors will be providing materials and labor for several parts of the project. Some of
the works in the project are very dangerous so Walter has implemented safety requirements for all
of the vendors and his own project team. Stakeholders for the project have added new requirements,
which have caused new risks in the project. A vendor has identified a new risk that could affect the
project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and
created potential risk responses to mitigate the risk. What should Walter also update in this scenario
considering the risk event?
C
Which of the following is NOT an objective of the security program?
B
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.
What levels of potential impact are defined by FIPS 199?
Each correct answer represents a complete solution. Choose all that apply.
A,C,D
An authentication method uses smart cards as well as usernames and passwords for authentication.
Which of the following authentication methods is being referred to?
B
You work as a project manager for BlueWell Inc. There has been a delay in your project work that is
adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track
the project work to get the project done faster. When you fast track the project which of the
following are likely to increase?
A
Which of the following RMF phases is known as risk analysis?
C
Which one of the following is the only output for the qualitative risk analysis process?
C