Which of the following provides a means of predicting the outcome of the next software project
conducted by an organization?

Which of the following SSE-CMM security engineering Process Areas (PA) provides the security
input?

Which of the following terms describes the determination of the effect of changes to the
information system on the security of the information system?

Which of the following processes helps the organization to identify appropriate controls for
reducing or eliminating risk during the risk mitigation process?

Which of the following components in a TCB acts as the boundary that separates the TCB from
the remainder of the system?

Which of the following TCB components is a hardware, firmware, and software element that
implements the reference monitor concept?

Which of the following terms describes the annually expected financial loss to an organization from
a threat?

Which of the following processes is NOT included in the risk mitigation?

Which of the following processes is used by organizations to set the risk tolerance, identify the
potential risks, and prioritize the tolerance for risk?

Which of the following security procedures is related to the SDLC’s implementation?