Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&am
Which of the following documents were developed by NIST for conducting Certification &
Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that apply.
which of the following controls are intended to prevent an incident from occurring?
To help review or design security controls, they can be classified by several criteria. One of these
criteria is based on time. According to this criteria, which of the following controls are intended to
prevent an incident from occurring?
Which of the following processes does the decomposition and definition sequence of the Vee model include?
Which of the following processes does the decomposition and definition sequence of the Vee
model include? Each correct answer represents a part of the solution. Choose all that apply.
which systems can be evaluated for compliance against specific control objectives?
Which of the following NIST Special Publication documents provides a guideline on questionnaires
and checklists through which systems can be evaluated for compliance against specific control
objectives?
Which of the following patterns are applicable to aspects of authentication in Web applications?
A number of security patterns for Web applications under the DARPA contract have been
developed by Kienzle, Elder, Tyree, and Edwards-Hewitt. Which of the following patterns are
applicable to aspects of authentication in Web applications?b Each correct answer represents a
complete solution. Choose all that apply.
Which of the following security objectives are defined for information and information systems by the FISMA?
Which of the following security objectives are defined for information and information systems by
the FISMA? Each correct answer represents a part of the solution. Choose all that apply.
Which of the following steps of the LeGrand Vulnerability-Oriented Risk Management method determines the neces
Which of the following steps of the LeGrand Vulnerability-Oriented Risk Management method
determines the necessary compliance offered by risk management practices and assessment of
risk levels?
what purposes is ST&E used?
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering
system vulnerabilities. For what purposes is ST&E used? Each correct answer represents a
complete solution. Choose all that apply.
What are the differences between managed and unmanaged code technologies?
What are the differences between managed and unmanaged code technologies? Each correct
answer represents a complete solution. Choose two.
Which type of risk response is this?
A part of a project deals with the hardware work. As a project manager, you have decided to hire a
company to deal with all hardware work on the project. Which type of risk response is this?