Certification and Accreditation (C&A or CnA) is a process for implementing information security.
Which of the following is the correct order of C&A phases in a DITSCAP assessment?

Which of the following is NOT a responsibility of a data owner?

ISO 27003 is an information security standard published by the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the
following elements does this standard contain? Each correct answer represents a complete
solution. Choose all that apply.

John works as a security manager for SoftTech Inc. He is working with his team on the disaster
recovery management plan. One of his team members has a doubt related to the most cost
effective DRP testing plan. According to you, which of the following disaster recovery testing plans
is the most cost-effective and efficient way to identify areas of overlap in the plan before
conducting more demanding training exercises?

Which of the following statements describe the main purposes of a Regulatory policy? Each
correct answer represents a complete solution. Choose all that apply.

Audit trail or audit log is a chronological sequence of audit records, each of which contains
evidence directly pertaining to and resulting from the execution of a business process or system
function. Under which of the following controls does audit control come?

Which of the following is generally used in packages in order to determine the package or product
tampering?

In which of the following testing methods is the test engineer equipped with the knowledge of

system and designs test cases or test data based on system knowledge?

Fill in the blank with an appropriate phrase. A is defined as any activity that has an effect on
defining, designing, building, or executing a task, requirement, or procedure.

Which of the following configuration management system processes keeps track of the changes
so that the latest acceptable configuration specifications are readily available?