Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost and schedule baselines. Why would the risk response planning cause Tom the need to update the cost and schedule baselines?

A. New or omitted work as part of a risk response can cause changes to the cost and/or schedule baseline.
B. Risk responses protect the time and investment of the project.
C. Baselines should not be updated, but refined through versions.
D. Risk responses may take time and money to implement.

The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations issued by the DAA? Each correct answer represents a complete solution. Choose all that apply.

A. IATO
B. ATO
C. IATT
D. ATT
E. DATO

Your organization has a project that is expected to last 20 months but the customer would really like the project completed in 18 months. You have worked on similar projects in the past and believe that you could fast track the project and reach the 18 month deadline. What increases when you fast track a project?

A. Risks
B. Costs
C. Resources
D. Communication

Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

A. Chief Information Security Officer
B. Senior Management
C. Information Security Steering Committee
D. Business Unit Manager

Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.

A. Privacy
B. Integrity
C. Availability
D. Confidentiality

A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?

A. Add the identified risk to a quality control management control chart.
B. Add the identified risk to the risk register.
C. Add the identified risk to the issues log.
D. Add the identified risk to the low-level risk watchlist.

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

A. Configuration Management System
B. Project Management Information System
C. Scope Verification
D. Integrated Change Control

You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. You will need all of the following as inputs to the qualitative risk analysis process except for which one?

A. Risk management plan
B. Risk register
C. Stakeholder register
D. Project scope statement

Jeff, a key stakeholder in your project, wants to know how the risk exposure for the risk events is calculated during quantitative risk analysis. He is worried about the risk exposure which is too low for the events surrounding his project requirements. How is the risk exposure calculated?

A. The probability of a risk event plus the impact of a risk event determines the true risk expo sure.
B. The risk exposure of a risk event is determined by historical information.
C. The probability of a risk event times the impact of a risk event determines the true risk exposure.
D. The probability and impact of a risk event are gauged based on research and in-depth analysis.

An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official? Each correct answer represents a complete solution. Choose all that apply.

A. Establishing and implementing the organization's continuous monitoring program
B. Determining the requirement of reauthorization and reauthorizing information systems when required
C. Reviewing security status reports and critical security documents
D. Ascertaining the security posture of the organization's information system