Which of the following organizations is a USG initiative designed to meet the security testing,
evaluation, and assessment needs of both information technology (IT) producers and consumers

The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates
a contractual-relationship for the third party to manage the risk on behalf of the performing
organization. Which one of the following is NOT an example of the transference risk response

You work as a security engineer for BlueWell Inc. According to you, which of the following
DITSCAPNIACAP model phases occurs at the initiation of the project, or at the initial C&A effort of
a legacy system

Fill in the blank with an appropriate phrase. A ____________________ is defined as any activity
that has an effect on defining, designing, building, or executing a task, requirement, or procedure.

According to which of the following DoD policies, the implementation of DITSCAP is mandatory for
all the systems that process both DoD classified and unclassified information?

Which of the following federal laws are related to hacking activities Each correct answer
represents a complete solution. Choose three.

Which of the following Registration Tasks notifies the DAA, Certifier, and User Representative that
the system requires C&A Support

Which of the following are the most important tasks of the Information Management Plan (IMP)
Each correct answer represents a complete solution. Choose all that apply.

FIPS 199 defines the three levels of potential impact on organizations. Which of the following
potential impact levels shows limited adverse effects on organizational operations, organizational
assets, or individuals

The principle of the SEMP is not to repeat the information, but rather to ensure that there are
processes in place to conduct those functions. Which of the following sections of the SEMP
template describes the work authorization procedures as well as change management approval
processes