Which of the following statements are true about Certification and Accreditation?
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It
is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or
after a system is in operation. Which of the following statements are true about Certification and
Accreditation? Each correct answer represents a complete solution. Choose two.
What are the process activities of this phase?
The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define
the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement
on the method for implementing the security requirements. What are the process activities of this
phase? Each correct answer represents a complete solution. Choose all that apply.
Which of the following NIST Special Publication documents provides a guideline on network security testing?
Which of the following NIST Special Publication documents provides a guideline on network
security testing?
What type of analysis of the risks provides a quick and high-level review of each identified risk event?
You and your project team have identified the project risks and now are analyzing the probability
and impact of the risks. What type of analysis of the risks provides a quick and high-level review of
each identified risk event?
What component of the change management system is responsible for evaluating, testing, and documenting changes
What component of the change management system is responsible for evaluating, testing, and
documenting changes created to the project scope?
What will you reply to your team member?
You work as a project manager for BlueWell Inc. You with your team are using a method or a
(technical) process that conceives the risks even if all theoretically possible safety measures
would be applied. One of your team member wants to know that what is a residual risk. What will
you reply to your team member?
Which of the following risk processes is repeated after the plan risk responses to determine if the overall pr
You are the project manager of the NNN project for your company. You and the project team are
working together to plan the risk responses for the project. You feel that the team has successfully
completed the risk response planning and now you must initiate what risk process it is. Which of
the following risk processes is repeated after the plan risk responses to determine if the overall
project risk has been satisfactorily decreased?
Which of the following statements is true about residual risks?
Which of the following statements is true about residual risks?
which of the following controls consists of incident response processes, management oversight, security awaren
To help review or design security controls, they can be classified by several criteria . One of these
criteria is based on their nature. According to this criterion, which of the following controls consists
of incident response processes, management oversight, security awareness, and training?
Which of the following Internet laws has the credit card issuing company violated?
A Web-based credit card company had collected financial and personal details of Mark before
issuing him a credit card. The company has now provided Mark’s financial and personal details to
another company. Which of the following Internet laws has the credit card issuing company
violated?