Which of the following processes has the goal to ensure that any change does not lead to
reduced or compromised security?

Which of the following is not a part of Identify Risks process?

In which of the following phases does the SSAA maintenance take place?

In which of the following phases do the system security plan update and the Plan of Action
and Milestones (POAM) update take place?

Which of the following processes is used to protect the data based on its secrecy,
sensitivity, or confidentiality?

Which of the following assessment methods is used to review, inspect, and analyze
assessment objects?

Which of the following documents is used to provide a standard approach to the
assessment of NIST SP 800-53 security controls?

What is the objective of the Security Accreditation Decision task?

You are the project manager for your organization. You are working with your key
stakeholders in the qualitative risk analysis process. You understand that there is certain

bias towards the risk events in the project that you need to address, manage, and ideally
reduce. What solution does the PMBOK recommend to reduce the influence of bias during
qualitative risk analysis?

Numerous information security standards promote good security practices and define
frameworks or systems to structure the analysis and design for managing information
security controls. Which of the following are the international information security
standards? Each correct answer represents a complete solution. Choose all that apply.