What are the responsibilities of a system owner?
What are the responsibilities of a system owner?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?
According to this criteria, which of the following controls are intended to prevent an incident from occurring
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?
Which of the following acts promote a risk-based policy for cost effective security?
Which of the following acts promote a risk-based policy for cost effective security?
Each correct answer represents a part of the solution. Choose all that apply.
What process is Fred completing?
Fred is the project manager of the CPS project. He is working with his project team to prioritize the identified risks within the CPS project. He and the team are prioritizing risks for further analysis or action by assessing and combining the risks probability of occurrence and impact.
What process is Fred completing?
Which of the following RMF phases identifies key threats and vulnerabilities that could compromise the confide
Which of the following RMF phases identifies key threats and vulnerabilities that could compromise the confidentiality, integrity, and availability of the institutional critical assets?
Which of the following are the goals of risk management?
Which of the following are the goals of risk management?
Each correct answer represents a complete solution. Choose three.
For what purposes is ST&E used?
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used?
Each correct answer represents a complete solution. Choose all that apply.
What component of the change control system would review the proposed changes’ impact on the features an
Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work.
What component of the change control system would review the proposed changes’ impact on the features and functions of the project’s product?
Which of the following is violated in a shoulder surfing attack?
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee’s computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?