Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

A. Acceptance
B. Mitigation
C. Avoidance
D. Transference

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

A. SSAA
B. FIPS
C. FITSAF
D. TCSEC

You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

A. You will use organizational process assets for studies of similar projects by risk specialists.
B. You will use organizational process assets to determine costs of all risks events within the current project.
C. You will use organizational process assets for information from prior similar projects.
D. You will use organizational process assets for risk databases that may be available from industry sources.

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

A. Full operational test
B. Penetration test
C. Paper test
D. Walk-through test

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

A. Finding an economic balance between the impact of the risk and the cost of the countermeasure
B. Identifying the risk
C. Assessing the impact of potential threats
D. Identifying the accused

Which of the following objectives are defined by integrity in the C.I.A triad of information security systems? Each correct answer represents a part of the solution. Choose three.

A. It preserves the internal and external consistency of information.
B. It prevents the unauthorized or unintentional modification of information by the authorized users.
C. It prevents the intentional or unintentional unauthorized disclosure of a message's contents .
D. It prevents the modification of information by the unauthorized users.

The Project Risk Management knowledge area focuses on which of the following processes? Each correct answer represents a complete solution. Choose all that apply.

A. Potential Risk Monitoring
B. Risk Management Planning
C. Quantitative Risk Analysis
D. Risk Monitoring and Control

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.

A. Who is expected to exploit the vulnerability?
B. What is being secured?
C. Where is the vulnerability, threat, or risk?
D. Who is expected to comply with the policy?

Which of the following phases of the DITSCAP C&A process is used to define the C&A level of effort, to identify the main C&A roles and responsibilities, and to create an agreement on the method for implementing the security requirements?

A. Phase 3
B. Phase 2
C. Phase 4
D. Phase 1

Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

A. Sammy is correct, because organizations can create risk scores for each objective of the project.
B. Harry is correct, because the risk probability and impact considers all objectives of the project.
C. Harry is correct, the risk probability and impact matrix is the only approach to risk assessment.
D. Sammy is correct, because she is the project manager.