Which of the following C&A professionals plays the role of an advisor?

A. Information System Security Engineer (ISSE)
B. Chief Information Officer (CIO)
C. Authorizing Official
D. Information Owner

What does OCTAVE stand for?

A. Operationally Computer Threat, Asset, and Vulnerability Evaluation
B. Operationally Critical Threat, Asset, and Vulnerability Evaluation
C. Operationally Computer Threat, Asset, and Vulnerability Elimination
D. Operationally Critical Threat, Asset, and Vulnerability Elimination

Which of the following is used throughout the entire C&A process?

A. DAA
B. DITSCAP
C. SSAA
D. DIACAP

In which of the following DITSCAP phases is the SSAA developed?

A. Phase 2
B. Phase 4
C. Phase 1
D. Phase 3

Which of the following individuals is responsible for preparing and submitting security status reports to the organizations?

A. Chief Information Officer
B. Senior Agency Information Security Officer
C. Common Control Provider
D. Authorizing Official

Which of the following individuals is responsible for configuration management and control task?

A. Authorizing official
B. Information system owner
C. Chief information officer
D. Common control provider

Which of the following assessment methods involves observing or conducting the operation of physical devices?

A. Interview
B. Deviation
C. Examination
D. Testing

In which of the following phases does the change management process start?

A. Phase 2
B. Phase 1
C. Phase 4
D. Phase 3

In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?

A. Continuous Monitoring Phase
B. Accreditation Phase
C. Preparation Phase
D. DITSCAP Phase

Which of the following statements is true about the continuous monitoring process?

A. It takes place in the middle of system security accreditation.
B. It takes place before and after system security accreditation.
C. It takes place before the initial system security accreditation.
D. It takes place after the initial system security accreditation.