Which of the following are required to be addressed in a well designed policy?
A security policy is an overall general statement produced by senior management that
dictates what role security plays within the organization. Which of the following are required
to be addressed in a well designed policy? Each correct answer represents a part of the
solution. Choose all that apply.
Which of the following phases of the DITSCAP C&A process is used to define…?
Which of the following phases of the DITSCAP C&A process is used to define the C&A level
of effort, to identify the main C&A roles and responsibilities, and to create an agreement on
the method for implementing the security requirements?
which of the following processes?
The Project Risk Management knowledge area focuses on which of the following
processes? Each correct answer represents a complete solution. Choose all that apply.
Which of the following are the goals of risk management?
Which of the following are the goals of risk management? Each correct answer represents a
complete solution. Choose three.
Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the qua
You are the project manager of the GHG project. You are preparing for the quantitative risk
analysis process. You are using organizational process assets to help you complete the
quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize
organizational process assets as a part of the quantitative risk analysis process?
What risk response has been enacted in this project?
Bill is the project manager of the JKH Project. He and the project team have identified a risk
event in the project with a high probability of occurrence and the risk event has a high cost
impact on the project. Bill discusses the risk event with Virginia, the primary project
customer, and she decides that the requirements surrounding the risk event should be
removed from the project. The removal of the requirements does affect the project scope,
but it can release the project from the high risk exposure. What risk response has been
enacted in this project?
Which of the following statements is true about residual risks?
Which of the following statements is true about residual risks?
Which of the following documents is described in the statement below?
Which of the following documents is described in the statement below? “It is developed
along with all processes of the risk management. It contains the results of the qualitative risk
analysis, quantitative risk analysis, and risk response planning.”
What type of a response strategy is this?
Mary is the project manager of the HGH Project for her company. She and her project team
have agreed that if the vendor is late by more than ten days they will cancel the order and
hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within
three days, but the costs of their products are significantly more expensive than the current
vendor. What type of a response strategy is this?
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer
Which of the following is a standard that sets basic requirements for assessing the
effectiveness of computer security controls built into a computer system?