Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing. Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?

You are the project manager of the NHH project for your company. You have completed the first round of risk management planning and have created four outputs of the risk response planning process. Which one of the following is NOT an output of the risk response planning?

In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

Which of the following roles is also known as the accreditor?

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team.
What document is Frank and the NHH Project team creating in this scenario?

Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?
Each correct answer represents a complete solution. Choose all that apply.

Risks with low ratings of probability and impact are included on a ____ for future monitoring.