Which of the following is NOT a type of penetration test?

Which of the following is NOT considered an environmental threat source?

Which of the following formulas was developed by FIPS 199 for categorization of an information type?

Which of the following phases begins with a review of the SSAA in the DITSCAP accreditation?

Which of the following is a security policy implemented by an organization due to compliance, regulation, or other legal requirements?

Which of the following administrative policy controls requires individuals or organizations to be engaged in good business practices relative to the organization’s industry?

In which of the following Risk Management Framework (RMF) phases is strategic risk assessment planning performed?

Which of the following methods of authentication uses finger prints to identify users?

Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States.
Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project’s deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?

Walter is the project manager of a large construction project. He’ll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?