NIST SP 800-53A defines three types of interview depending on the level of assessment
conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad
hoc interviews?

What are the responsibilities of a system owner? Each correct answer represents a
complete solution. Choose all that apply.

During which of the following processes, probability and impact matrix is prepared?

You work as a project manager for BlueWell Inc. Your project is running late and you must
respond to the risk. Which risk response can you choose that will also cause you to update

the human resource management plan?

Which of the following groups represents the most likely source of an asset loss through the
inappropriate use of computers?

You are the project manager of the NNN project for your company. You and the project
team are working together to plan the risk responses for the project. You feel that the team
has successfully completed the risk response planning and now you must initiate what risk

process it is. Which of the following risk processes is repeated after the plan risk responses
to determine if the overall project risk has been satisfactorily decreased?

You are the project manager of QSL project for your organization. You are working you’re
your project team and several key stakeholders to create a diagram that shows how various
elements of a system interrelate and the mechanism of causation within the system. What
diagramming technique are you using as a part of the risk identification process?

Which of the following statements about role-based access control (RBAC) model is true?

Certification and Accreditation (C&A or CnA) is a process for implementing information
security. Which of the following is the correct order of C&A phases in a DITSCAP
assessment?

Which of the following persons is responsible for testing and verifying whether the security
policy is properly implemented, and the derived security solutions are adequate or not?