Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee’s computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified.
What should Jenny do with these risk events?

Which of the following tasks are identified by the Plan of Action and Milestones document?

Each correct answer represents a complete solution. Choose all that apply.

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the

Mark works as a project manager for TechSoft Inc. Mark, the project team, and the key project stakeholders have completed a round of qualitative risk analysis. He needs to update the risk register with his findings so that he can communicate the risk results to the project stakeholders – including management. Mark will need to update all of the following information except for which one?

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric’s organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric’s organization liable to pay the
ZAS Corporation for the work they have completed so far on the project?

Which of the following processes is described in the statement below?
“This is the process of numerically analyzing the effect of identified risks on overall project objectives.”

Which types of project tends to have more well-understood risks?

Which of the following statements about Discretionary Access Control List (DACL) is true?

Harry is a project manager of a software development project. In the early stages of planning, he and the stakeholders operated with the belief that the software they were developing would work with their organization’s current computer operating system. Now that the project team has started developing the software it has become apparent that the software will not work with nearly half of the organization’s computer operating systems. The incorrect belief Harry had in the software compatibility is an example of what in project management?