A part of a project deals with the hardware work. As a project manager, you have decided to hire a
company to deal with all hardware work on the project. Which type of risk response is this?

You work as a security manager for BlueWell Inc. You are performing the external vulnerability
testing, or penetration testing to get a better snapshot of your organization’s security posture.
Which of the following penetration testing techniques will you use for searching paper disposal
areas for unshredded or otherwise improperly disposed-of reports?

Which of the following are the benefits of information classification for an organization? Each
correct answer represents a complete solution. Choose two.

Frank is the project manager of the NHH Project. He is working with the project team to create a
plan to document the procedures to manage risks throughout the project. This document will
define how risks will be identified and quantified. It will also define how contingency plans will be
implemented by the project team. What document is Frank and the NHH Project team creating in
this scenario?

Which of the following security related areas are used to protect the confidentiality, integrity, and
availability of federal information systems and information processed by those systems?

Which of the following allows multiple operating systems (guests) to run concurrently on a host
computer?

Which of the following fields of management focuses on establishing and maintaining consistency
of a system’s or product’s performance and its functional and physical attributes with its
requirements, design, and operational information throughout its life?

Which of the following US Acts emphasized a “risk-based policy for cost-effective security” and
makes mandatory for agency program officials, chief information officers, and inspectors general
(IGs) to conduct annual reviews of the agency’s information security program and report the
results to Office of Management and Budget?

Which of the following security models focuses on data confidentiality and controlled access to
classified information?

Which of the following processes describes the elements such as quantity, quality, coverage,
timelines, and availability, and categorizes the different functions that the system will need to
perform in order to gather the documented mission/business needs?