Question 1

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

Accepted Answer

The Configuration Management System is responsible for evaluating, testing, and documenting changes to the project scope.

Question 2

Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

Accepted Answer

The data owner is responsible for determining the classification of data and making initial classification assignments, while the data custodian is responsible for implementing and maintaining the data classification scheme as directed by the data owner.

Question 3

Amy is the project manager for her company. In her current project the organization has a very low tolerance for risk events that will affect the project schedule. Management has asked Amy to consider the affect of all the risks on the project schedule. What approach can Amy take to create a bias against risks that will affect the schedule of the project?

Accepted Answer

Creating an overall project rating scheme to reflect the bias towards risks that affect the project schedule allows Amy to systematically prioritize and address risks that could impact the schedule, aligning with the organization's low tolerance for such risks.

Question 4

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

Accepted Answer

Risk management aims to identify risks, assess their potential impact, and find a cost-effective balance between risk impact and countermeasures. Identifying the accused is not a goal of risk management.

Question 5

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Accepted Answer

A contingency plan includes specific strategies and actions to address variances to assumptions that result in particular security problems, emergencies, or states of affairs.

Question 6

Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

Accepted Answer

An Access Control Entry (ACE) is an entry in a DACL that specifies the permissions granted to a user or group.

Question 7

You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan?

Accepted Answer

Crashing the project involves adding more resources to the project, which would require an update to the human resource management plan to accommodate the changes in resource allocation.

Question 8

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation? Each correct answer represents a complete solution. Choose all that apply.

Accepted Answer

System accreditation, Type accreditation, and Site accreditation are the different types of NIACAP accreditation. Secure accreditation is not a recognized type under NIACAP.

Question 9

Which of the following are the types of assessment tests addressed in NIST SP 800-53A?

Accepted Answer

The answer of Which of the following are the types...

Question 10

Which of the following is used throughout the entire C&A process?

Accepted Answer

The System Security Authorization Agreement (SSAA) is used throughout the entire Certification and Accreditation (C&A) process to document the security requirements and the level of effort required to achieve accreditation.

Question 11

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

Accepted Answer

The Trusted Computer System Evaluation Criteria (TCSEC) is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.

Question 12

Which of the following assessment methodologies defines a six-step technical security evaluation?

Accepted Answer

The answer of Which of the following assessment methodologies defines...

Question 13

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.

Accepted Answer

The answer of A security policy is an overall general...

Question 14

NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?

Accepted Answer

The Abbreviated assessment method in NIST SP 800-53A involves informal and ad hoc interviews, focusing on a less detailed examination compared to other methods.

Question 15

Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

Accepted Answer

Change control management is specifically designed to ensure that changes do not negatively impact security or other critical aspects of a system.

Question 16

Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation?

Accepted Answer

The Five Pillars model of Information Assurance includes availability, integrity, authentication, confidentiality, and non-repudiation, aligning with the description provided.

Question 17

Who is responsible for the stakeholder expectations management in a high-profile, high-risk project?

Accepted Answer

The project manager is responsible for managing stakeholder expectations in a project, ensuring that their needs and concerns are addressed throughout the project lifecycle.

Question 18

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

Accepted Answer

Integrity refers to the assurance that data is accurate and has not been altered or tampered with.

Question 19

Which of the following statements correctly describes DIACAP residual risk?

Accepted Answer

Residual risk refers to the risk that remains after all risk management efforts have been applied. In the context of DIACAP (Department of Defense Information Assurance Certification and Accreditation Process), it is the remaining risk to the information system after risk mitigation measures have been implemented.

Question 20

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

Accepted Answer