Which of the following security models dictates that subjects can only access objects through
applications?

The Project Risk Management knowledge area focuses on which of the following processes?
Each correct answer represents a complete solution. Choose all that apply.

Which of the following is used by attackers to record everything a person types, including
usernames, passwords, and account information?

Which of the following policies can explain how the company interacts with partners, the
company’s goals and mission, and a general reporting structure in different situations?

Which of the following terms related to risk management represents the estimated frequency at

which a threat is expected to occur?

What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the
DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

Which of the following is an open source network intrusion detection system?

You work as a Security Manager for Tech Perfect Inc. The company has a Windows based
network. It is required to determine compatibility of the systems with custom applications. Which of
the following techniques will you use to accomplish the task?

Adrian is the project manager of the NHP Project. In her project there are several work packages
that deal with electrical wiring. Rather than to manage the risk internally she has decided to hire a
vendor to complete all work packages that deal with the electrical wiring. By removing the risk
internally to a licensed electrician Adrian feels more comfortable with project team being safe.
What type of risk response has Adrian used in this example?

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and
you want to discuss it with your team members for getting appropriate responses of the disaster.
In which of the following disaster recovery tests can this task be performed?