Which of the following refers to a process that is used for implementing information security?

A. Certification and Accreditation (C&A)
B. Information Assurance (IA)
C. Five Pillars model
D. Classic information security model

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.

A. NIST
B. FIPS
C. Office of Management and Budget (OMB)
D. FISMA

Who is responsible for the stakeholder expectations management in a high-profile, high-risk project?

A. Project management office
B. Project sponsor
C. Project risk assessment officer
D. Project manager

You are the project manager of the NNQ Project for your company and are working you’re your project team to define contingency plans for the risks within your project. Mary, one of your project team members, asks what a contingency plan is. Which of the following statements best defines what a contingency response is?

A. Some responses are designed for use only if certain events occur.
B. Some responses have a cost and a time factor to consider for each risk event.
C. Some responses must counteract pending risk events.
D. Quantified risks should always have contingency responses.

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

A. Administrative
B. Automatic
C. Technical
D. Physical

Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program? Each correct answer represents a complete solution. Choose all that apply.

A. Security organization
B. System classification
C. Information classification
D. Security education

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

A. Safeguard
B. Single Loss Expectancy (SLE)
C. Exposure Factor (EF)
D. Annualized Rate of Occurrence (ARO)

Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

A. The Change Manager
B. The IT Security Manager
C. The Service Level Manager
D. The Configuration Manager

Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

A. Configuration management
B. Procurement management
C. Risk management
D. Change management

The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0? Each correct answer represents a complete solution. Choose all that apply.

A. Review documentation and technical data.
B. Apply classification criteria to rank data assets and related IT resources.
C. Establish criteria that will be used to classify and rank data assets.
D. Identify threats, vulnerabilities, and controls that will be evaluated.
E. Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.