In which of the following DITSCAP phases is the SSAA developed?

A. Phase 4
B. Phase 2
C. Phase 1
D. Phase 3

In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?

A. Phase 3
B. Phase 1
C. Phase 2
D. Phase 0

Which of the following individuals is responsible for ensuring the security posture of the organization's information system?

A. Authorizing Official
B. Chief Information Officer
C. Security Control Assessor
D. Common Control Provider

Which of the following system security policies is used to address specific issues of concern to the organization?

A. Program policy
B. Issue-specific policy
C. Informative policy
D. System-specific policy

Which of the following NIST C&A documents is the guideline for identifying an information system as a National Security System?

A. NIST SP 800-53
B. NIST SP 800-59
C. NIST SP 800-37
D. NIST SP 800-53A

Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

A. The custodian implements the information classification scheme after the initial assignment by the operations manager.
B. The data custodian implements the information classification scheme after the initial assignment by the data owner.
C. The data owner implements the information classification scheme after the initial assignment by the custodian.
D. The custodian makes the initial information classification assignments, and the operations manager implements the scheme.

You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?

A. Qualitative risk analysis
B. Quantitative analysis
C. Historical information
D. Rolling wave planning

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

A. DITSCAP
B. NIACAP
C. NSA-IAM
D. ASSET

Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

A. Auditor
B. User
C. Data custodian
D. Data owner

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?

A. Exploit
B. Share
C. Enhance
D. Acceptance