Adrian is the project manager of the NHP Project. In her project there are several work packages that deal with electrical wiring. Rather than to manage the risk internally she has decided to hire a vendor to complete all work packages that deal with the electrical wiring. By removing the risk internally to a licensed electrician Adrian feels more comfortable with project team being safe. What type of risk response has Adrian used in this example?

A. Mitigation
B. Transference
C. Avoidance
D. Acceptance

Your project uses a piece of equipment that if the temperature of the machine goes above 450 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. Should this machine overheat even once it will delay the project's end date. You work with your project to create a response that should the temperature of the machine reach 430, the machine will be paused for at least an hour to cool it down. The temperature of 430 is called what?

A. Risk identification
B. Risk response
C. Risk trigger
D. Risk event

You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

A. These risks can be accepted.
B. These risks can be added to a low priority risk watch list.
C. All risks must have a valid, documented risk response.
D. These risks can be dismissed.

In which type of access control do user ID and password system come under?

A. Administrative
B. Technical
C. Power
D. Physical

Neil works as a project manager for SoftTech Inc. He is working with Tom, the COO of his company, on several risks within the project. Tom understands that through qualitative analysis Neil has identified many risks in the project. Tom's concern, however, is that the priority list of these risk events are sorted in "high-risk," "moderate-risk," and "low-risk" as conditions apply within the project. Tom wants to know that is there any other objective on which Neil can make the priority list for project risks. What will be Neil's reply to Tom?

A. Risk may be listed by the responses in the near-term
B. Risks may be listed by categories
C. Risks may be listed by the additional analysis and response
D. Risks may be listed by priority separately for schedule, cost, and performance

Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk? Each correct answer represents a complete solution. Choose all that apply.

A. System interaction
B. Human interaction
C. Equipment malfunction
D. Inside and outside attacks
E. Social status
F. Physical damage

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

A. Develop DIACAP strategy.
B. Assign IA controls.
C. Assemble DIACAP team.
D. Initiate IA implementation plan.
E. Register system with DoD Component IA Program.
F. Conduct validation activity.

Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the information from the past project to help him and the project team to identify the risks that may be present in the project. Management agrees that this checklist approach is ideal and will save time in the project. Which of the following statement is most accurate about the limitations of the checklist analysis approach for Gary?

A. The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
B. The checklist analysis approach only uses qualitative analysis.
C. The checklist analysis approach saves time, but can cost more.
D. The checklist is also known as top down risk assessment

The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.

A. Identify threats, vulnerabilities, and controls that will be evaluated.
B. Document and implement a mitigation plan.
C. Agree on a strategy to mitigate risks.
D. Evaluate mitigation progress and plan next assessment.

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

A. DoDD 8000.1
B. DoD 7950.1-M
C. DoD 5200.22-M
D. DoD 8910.1
E. DoD 5200.1-R