What system is considered the parent of the change control system documented in Donna’s plan?
Donna is the project manager for her organization. She is preparing a plan to manage changes to the project should changes be requested. Her change management plan defines the process for documenting, tracking, and determining if the changes should be approved or declined. What system is considered the parent of the change control system documented in Donna’s plan?
Which of the following persons is responsible for testing and verifying whether the security policy is properl
Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?
Why is the schedule management plan needed for quantitative risk analysis?
Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?
Which of the following areas can be exploited in a penetration test?
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test? Each correct answer represents a complete solution. Choose all that apply.
Which of the following refers to a process that is used for implementing information security?
Which of the following refers to a process that is used for implementing information security?
which could cause delays in subsequent work beginning. This is an example of what type of risk event?
You are the project manager for your organization. You have determined that an activity is too dangerous to complete internally so you hire licensed contractor to complete the work. The contractor, however, may not complete the assigned work on time which could cause delays in subsequent work beginning. This is an example of what type of risk event?
How many months will you need to use the solution to pay for the internal solution in comparison to the vendor
You are the project manager for your organization. You have identified a risk event that your organization could manage internally or externally. If you manage the event internally it will cost your project $578,000 and an additional $12,000 per month the solution is in use. A vendor can manage the risk event for you. The vendor will charge $550,000 and $14,500 per month that the solution is in use. How many months will you need to use the solution to pay for the internal solution in comparison to the vendor’s solution?
What should you do with these identified risk events?
You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won’t affect your project much if they happen. What should you do with these identified risk events?
Which of the following FITSAF levels shows that the procedures and controls have been implemented?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
What phases are identified by DIACAP?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP?
Each correct answer represents a complete solution. Choose all that apply.