NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?

A. Substantial
B. Significant
C. Abbreviated
D. Comprehensive

You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and high-level review of each identified risk event?

A. Qualitative risk analysis
B. Seven risk responses
C. Quantitative risk analysis
D. A risk probability-impact matrix

Which of the following statements about the authentication concept of information security management is true?

A. It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.
B. It ensures that modifications are not made to data by unauthorized personnel or processes .
C. It establishes the users' identity and ensures that the users are who they say they are.
D. It ensures the reliable and timely access to resources.

You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of lack of space, casting it is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following?

A. Mitigation
B. Avoidance
C. Transference
D. Acceptance

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?

A. Adaptive controls
B. Preventive controls
C. Detective controls
D. Corrective controls

Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply.

A. Clinger-Cohen Act
B. Lanham Act
C. Computer Misuse Act
D. Paperwork Reduction Act (PRA)

Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?

A. Uncertainty in values such as duration of schedule activities
B. Bias towards risk in new resources
C. Risk probability and impact matrixes
D. Risk identification

Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response?

A. Diane
B. Risk owner
C. Subject matter expert
D. Project sponsor

Fred is the project manager of the CPS project. He is working with his project team to prioritize the identified risks within the CPS project. He and the team are prioritizing risks for further analysis or action by assessing and combining the risks probability of occurrence and impact. What process is Fred completing?

A. Risk identification
B. Perform qualitative analysis
C. Perform quantitative analysis
D. Risk Breakdown Structure creation

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

A. Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.
B. Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
C. Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
D. Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.