Explanation: A hypervisor is a virtualization technique that allows multiple operating systems (guests) to run concurrently on a host computer. It is also called the virtual machine monitor (VMM). The hypervisor provides a virtual operating platform to the guest operating systems and checks their execution process. It provides isolation to the host’s resources. The hypervisor is installed on server hardware. Answer: A is incorrect. Emulator duplicates the functions of one system using a different system, so that the second system behaves like the first system. Answer: D is incorrect. CP/CMS is a time-sharing operating system of the late 60s and early 70s, and it is known for its excellent performance and advanced features. Answer: C is incorrect. Grid computing refers to the combination of computer resources from multiple administrative domains to achieve a common goal.

Explanation: The minimum security requirements cover seventeen security related areas to protect the confidentiality, integrity, and availability of federal information systems and information processed by those systems. They are as follows: Access control Awareness and training Audit and accountability Certification, accreditation, and security assessment Configuration management Contingency planning Identification and authentication Incident response Maintenance Media protection Physical and environmental protection Planning Personnel security Risk assessment Systems and services acquisition System and communications protection System and information integrity

Explanation: The risk management plan, part of the comprehensive management plan, defines how risks will be identified, analyzed, monitored and controlled, and even responded to. A Risk management plan is a document arranged by a project manager to estimate the effectiveness, predict risks, and build response plans to mitigate them. It also consists of the risk assessment matrix. Risks are built in with any project, and project managers evaluate risks repeatedly and build plans to address them. The risk management plan consists of analysis of possible risks with both high and low impacts, and the mitigation strategies to facilitate the project and avoid being derailed through which the common problems arise. Risk management plans should be timely reviewed by the project team in order to avoid having the analysis become stale and not reflective of actual potential project risks. Most critically, risk management plans include a risk strategy for project execution. Answer: C is incorrect. The project management plan is a comprehensive plan that communicates the intent of the project for all project management knowledge areas. Answer: B is incorrect. The project plan is not an official PMBOK project management plan. Answer: D is incorrect. The resource management plan defines the management of project resources, such as project team members, facilities, equipment, and contractors.

Explanation: Following are the benefits of information classification for an organization: It helps identify which protections apply to which information. It helps identify which information is the most sensitive or vital to an organization. It supports the tenets of confidentiality, integrity, and availability as it pertains to data. Answer: D is incorrect. The concept of integrity ensures that modifications are not made to data by unauthorized personnel or processes. It also ensures that unauthorized modifications are not made to data by authorized personnel or processes. Answer: A is incorrect. Information classification cannot reduce the Total Cost of Ownership (TCO).

Explanation: Dumpster diving technique is used for searching paper disposal areas for unshredded or otherwise improperly disposed-of reports. Answer: B is incorrect. In scanning and probing technique, various scanners, like a port scanner, can reveal information about a network’s infrastructure and enable an intruder to access the network’s unsecured ports. Answer: D is incorrect. Demon dialing technique automatically tests every phone line in an exchange to try to locate modems that are attached to the network. Answer: A is incorrect. In sniffing technique, protocol analyzer can be used to capture data packets that are later decoded to collect information such as passwords or infrastructure configurations.

Explanation: When you are hiring a third party to own risk, it is known as transference risk response. Transference is a strategy to mitigate negative risks or threats. In this strategy, consequences and the ownership of a risk is transferred to a third party. This strategy does not eliminate the risk but transfers responsibility of managing the risk to another party. Insurance is an example of transference. Answer: B is incorrect. The act of spending money to reduce a risk probability and impact is known as mitigation. Answer: A is incorrect. Exploit is a strategy that may be selected for risks with positive impacts where the organization wishes to ensure that the opportunity is realized. Answer: D is incorrect. When extra activities are introduced into the project to avoid the risk, this is an example of avoidance.

Explanation: Programming languages are categorized into two technologies: 1.Managed code: This computer program code is compiled into an intermediate code format. Managed code is referred to as byte code. It executes under the management of a runtime environment. Java EE and Microsoft.NET are the examples of managed code. 2.Unmanaged code: This computer code is compiled into machine code. Unmanaged code is executed by the CPU of a computer system. C and C++ are the examples of unmanaged code. Answer: A is incorrect. Managed code is referred to as byte code. Answer: B is incorrect. C and C++ are the examples of unmanaged code, whereas Java EE and Microsoft.NET are the examples of managed code.

Explanation: Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. According to NIST SP 800-42 (Guideline on Network Security Testing), ST&E is used for the following purposes: To assess the degree of consistency between the system documentation and its implementation To determine the adequacy of security mechanisms, assurances, and other properties to enforce the security policy To uncover design, implementation, and operational flaws that may allow the violation of security policy Answer: A is incorrect. ST&E is not used for the implementation of the system architecture.

Explanation: FISMA defines the following three security objectives for information and information systems: Confidentiality: It means that the data should only be accessible to authorized users. Access includes printing, displaying, and other such forms of disclosure, including simply revealing the existence of an object. Integrity: It means that only authorized users are able to modify data. Modification admits changing, changing the status, deleting, and creating. Availability: It means that the data should only be available to authorized users. Answer: A is incorrect. Authenticity is not defined by the FISMA as one of the security objectives for information and information systems.

Explanation: Assessment, monitoring, and assurance determines the necessary compliance that are offered by risk management practices and assessment of risk levels.