The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.

A. Information Assurance Manager
B. Designated Approving Authority
C. IS program manager
D. User representative
E. Certification agent

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

A. FIPS
B. TCSEC
C. SSAA
D. FITSAF

The Software Configuration Management (SCM) process defines the need to trace changes, and the ability to verify that the final delivered software has all of the planned enhancements that are supposed to be included in the release. What are the procedures that must be defined for each software project to ensure that a sound SCM process is implemented? Each correct answer represents a complete solution. Choose all that apply.

A. Configuration status accounting
B. Configuration change control
C. Configuration deployment
D. Configuration audits
E. Configuration identification
F. Configuration implementation

You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register? Each correct answer represents a complete solution. Choose two.

A. List of potential responses
B. List of identified risks
C. List of mitigation techniques
D. List of key stakeholders

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing? Each correct answer represents a complete solution. Choose all that apply.

A. Full-box
B. Zero-knowledge test
C. Full-knowledge test
D. Open-box
E. Partial-knowledge test
F. Closed-box

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

A. Acceptance
B. Mitigation
C. Sharing
D. Transference

Which of the following are included in Technical Controls? Each correct answer represents a complete solution. Choose all that apply.

A. Implementing and maintaining access control mechanisms
B. Password and resource management
C. Configuration of the infrastructure
D. Identification and authentication methods
E. Conducting security-awareness training
F. Security devices

Information Security management is a process of defining the security controls in order to protect information assets. What are the security management responsibilities? Each correct answer represents a complete solution. Choose all that apply.

A. Evaluating business objectives, security risks, user productivity, and functionality requirem ents
B. Determining actual goals that are expected to be accomplished from a security program
C. Defining steps to ensure that all the responsibilities are accounted for and properly address ed
D. Determining objectives, scope, policies, priorities, standards, and strategies

You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project which of the following are likely to increase?

A. Quality control concerns
B. Costs
C. Risks
D. Human resource needs

What NIACAP certification levels are recommended by the certifier? Each correct answer represents a complete solution. Choose all that apply.

A. Minimum Analysis
B. Basic System Review
C. Detailed Analysis
D. Maximum Analysis
E. Comprehensive Analysis
F. Basic Security Review