Which of the following phases of the DITSCAP C&A process is used to define the C&A level of effort, to identify the main C&A roles and responsibilities, and to create an agreement on the method for implementing the security requirements?

Sammy is the project manager for her organization. She would like to rate each risk based on its probability and

affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process.
Why is the schedule management plan needed for quantitative risk analysis?

Which of the following approaches can be used to build a security program?
Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the tasks performed by the owner in the information classification schemes?
Each correct answer represents a part of the solution. Choose three.

Thomas is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are also known as what?

You are the project manager of the GGG project. You have completed the risk identification process for the initial phases of your project. As you begin to document the risk events in the risk register what additional information can you associate with the identified risk events?

Which of the following is the acronym of RTM?

What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?

There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?