What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in
the DIACAP process? Each correct answer represents a complete solution. Choose all that
apply.

Which of the following DITSCAP C&A phases takes place between the signing of the initial
version of the SSAA and the formal accreditation of the system?

The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment
planning. Which of the following processes take place in phase 0? Each correct answer
represents a complete solution. Choose all that apply.

Which of the following terms related to risk management represents the estimated
frequency at which a threat is expected to occur?

Which of the following roles is used to ensure that the confidentiality, integrity, and
availability of the services are maintained to the levels approved on the Service Level
Agreement (SLA)?

Which of the following fields of management focuses on establishing and maintaining
consistency of a system’s or product’s performance and its functional and physical attributes
with its requirements, design, and operational information throughout its life?

Information Security management is a process of defining the security controls in order to
protect information assets. The first action of a management program to implement
information security is to have a security program in place. What are the objectives of a
security program? Each correct answer represents a complete solution. Choose all that
apply.

Which of the following are the types of access controls? Each correct answer represents a
complete solution. Choose three.

You are the project manager of the NNQ Project for your company and are working you’re
your project team to define contingency plans for the risks within your project. Mary, one of
your project team members, asks what a contingency plan is. Which of the following
statements best defines what a contingency response is?

Who is responsible for the stakeholder expectations management in a high-profile, high-risk
project?