The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE? Each correct answer represents a complete solution. Choose all that apply.

A. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
B. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
C. An ISSE provides advice on the continuous monitoring of the information system.
D. An ISSO takes part in the development activities that are required to implement system ch anges.
E. An ISSE provides advice on the impacts of system changes.

Which types of project tends to have more well-understood risks?

A. State-of-art technology projects
B. Recurrent projects
C. Operational work projects
D. First-of-its kind technology projects

Which of the following statements about Discretionary Access Control List (DACL) is true?

A. It is a rule list containing access control entries.
B. It specifies whether an audit activity should be performed when an object attempts to access a resource.
C. It is a unique number that identifies a user, group, and computer account.
D. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

Harry is a project manager of a software development project. In the early stages of planning, he and the stakeholders operated with the belief that the software they were developing would work with their organization's current computer operating system. Now that the project team has started developing the software it has become apparent that the software will not work with nearly half of the organization's computer operating systems. The incorrect belief Harry had in the software compatibility is an example of what in project management?

A. Issue
B. Risk
C. Constraint
D. Assumption

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.

A. Medium
B. High
C. Low
D. Moderate

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies? Each correct answer represents a complete solution. Choose all that apply.

A. Systematic
B. Informative
C. Regulatory
D. Advisory

Virginia is the project manager for her organization. She has hired a subject matter expert to interview the project stakeholders on certain identified risks within the project. The subject matter expert will assess the risk event with what specific goal in mind?

A. To determine the bias of the risk event based on each person interviewed
B. To determine the probability and cost of the risk event
C. To determine the validity of each risk event
D. To determine the level of probability and impact for each risk event

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?

A. DoD 8000.1
B. DoD 5200.40
C. DoD 5200.22-M
D. DoD 8910.1

Which of the following individuals makes the final accreditation decision?

A. ISSE
B. DAA
C. CRO
D. ISSO

Your organization has named you the project manager of the JKN Project. This project has a BAC of $1,500,000 and it is expected to last 18 months. Management has agreed that if the schedule baseline has a variance of more than five percent then you will need to crash the project. What happens when the project manager crashes a project?

A. Project costs will increase.
B. The amount of hours a resource can be used will diminish.
C. The project will take longer to complete, but risks will diminish.
D. Project risks will increase.