In which type of access control do user ID and password system come under?

A. Administrative
B. Technical
C. Physical
D. Power

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

A. No, the ZAS Corporation did not complete all of the work.
B. Yes, the ZAS Corporation did not choose to terminate the contract work.
C. It depends on what the outcome of a lawsuit will determine.
D. It depends on what the termination clause of the contract stipulates

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

A. Authenticity
B. Integrity
C. Availability
D. Confidentiality

Management wants you to create a visual diagram of what resources will be utilized in the project deliverables. What type of a chart is management asking you to create?

A. Work breakdown structure
B. Roles and responsibility matrix
C. Resource breakdown structure
D. RACI chart

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

A. DoD 5200.22-M
B. DoD 5200.1-R
C. DoD 8910.1
D. DoDD 8000.1
E. DoD 7950.1-M

Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost and schedule baselines. Why would the risk response planning cause Tom the need to update the cost and schedule baselines?

A. New or omitted work as part of a risk response can cause changes to the cost and/or schedule baseline.
B. Risk responses protect the time and investment of the project.
C. Risk responses may take time and money to implement.
D. Baselines should not be updated, but refined through versions.

Which of the following guidance documents is useful in determining the impact level of a particular threat on agency systems?

A. NIST SP 800-41
B. NIST SP 800-37
C. FIPS 199
D. NIST SP 800-14

Which of the following documents is used to provide a standard approach to the assessment of NIST SP 800-53 security controls?

A. NIST SP 800-53A
B. NIST SP 800-66
C. NIST SP 800-41
D. NIST SP 800-37

Which of the following individuals is responsible for configuration management and control task?

A. Common control provider
B. Information system owner
C. Authorizing official
D. Chief information officer

Which of the following are the types of assessment tests addressed in NIST SP 800-53A?

A. Functional, penetration, validation
B. Validation, evaluation, penetration
C. Validation, penetration, evaluation
D. Functional, structural, penetration