You are the project manager of the NHH project for your company. You have completed the first round of risk management planning and have created four outputs of the risk response planning process. Which one of the following is NOT an output of the risk response planning?
A. Risk-related contract decisions
B. Project document updates
C. Risk register updates
D. Organizational process assets updates
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation?
A. Parkerian Hexad
B. Capability Maturity Model (CMM)
C. Classic information security model
D. Five Pillars model
You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan?
A. Teamingagreements
B. Crashing the project
C. Transference
D. Fast tracking the project
You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks. Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?
A. A qualitative risk analysis requires fast and simple data to complete the analysis.
B. A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
C. A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
D. A qualitative risk analysis encourages biased data to reveal risk tolerances.
You are the project manager of the GHY project for your organization. You are about to start the qualitative risk analysis process for the project and you need to determine the roles and responsibilities for conducting risk management. Where can you find this information?
A. Risk management plan
B. Enterprise environmental factors
C. Staffing management plan
D. Risk register
Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program? Each correct answer represents a complete solution. Choose all that apply.
A. Security organization
B. System classification
C. Information classification
D. Security education
BS 7799 is an internationally recognized ISM standard that provides high level, conceptual
recommendations on enterprise security. BS 7799 is basically divided into three parts. Which of the
following statements are true about BS 7799?
Each correct answer represents a complete solution. Choose all that apply.
A. BS 7799 Part 1 was adopted by ISO as ISO/IEC 27001 in November 2005.
B. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.
C. BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995.
D. BS 7799 Part 3 was published in 2005, covering risk analysis and management.
Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.
A. Finding an economic balance between the impact of the risk and the cost of the counterme asure
B. Identifying the risk
C. Assessing the impact of potential threats
D. Identifying the accused
Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response?
A. Diane
B. Risk owner
C. Subject matter expert
D. Project sponsor
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?
A. Phase 3
B. Phase 2
C. Phase 4
D. Phase 1
