- All Exams Instant Download
What are the different categories of risk?
Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk? Each correct answer represents a complete solution. Choose all that apply.A . System interactionB . Human...
Why would the risk response planning cause Tom the need to update the cost and schedule baselines?
Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost and schedule baselines. Why would the risk response planning cause Tom the need to update the cost and...
What phases are identified by DIACAP?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.A . AccreditationB . IdentificationC . System DefinitionD ....
How often should you and the project team do risk identification?
You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a long list of risks that need to be analyzed. How often should you and the project team do risk identification?A...
Which one of the following is the only output for the qualitative risk analysis process?
Which one of the following is the only output for the qualitative risk analysis process?A . Project management planB . Risk register updatesC . Enterprise environmental factorsD . Organizational process assetsView AnswerAnswer: B
Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology?
Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology?A . Computer Misuse ActB . Lanham ActC . Clinger-Cohen ActD . Paperwork Reduction ActView AnswerAnswer: C
Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?
You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a...
Which of the following are included in Administrative Controls? Each correct answer represents a complete solution. Choose all that apply.
Which of the following are included in Administrative Controls? Each correct answer represents a complete solution. Choose all that apply.A . Conducting security-awareness trainingB . Screening of personnelC . Monitoring for intrusionD . Implementing change control proceduresE . Developing policyView AnswerAnswer: ABDE
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?A . FITSAFB . FIPSC . TCSECD . SSAAView AnswerAnswer: D
Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?
Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?A . Access control entry (ACE)B . Discretionary access control entry (DACE)C . Access control list (ACL)D . Security Identifier (SID)View AnswerAnswer: A
