| Question.26 Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual? (A) DoDD 8000.1 (B) DoD 7950.1-M (C) DoD 5200.22-M (D) DoD 8910.1 (E) DoD 5200.1-R |
26. Click here to View Answer
Correct Answer: B
| Question.27 The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply. (A) Identify threats, vulnerabilities, and controls that will be evaluated. (B) Document and implement a mitigation plan. (C) Agree on a strategy to mitigate risks. (D) Evaluate mitigation progress and plan next assessment. |
27. Click here to View Answer
Correct Answer: B, C & D
| Question.28 Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the information from the past project to help him and the project team to identify the risks that may be present in the project. Management agrees that this checklist approach is ideal and will save time in the project. Which of the following statement is most accurate about the limitations of the checklist analysis approach for Gary? (A) The checklist analysis approach is fast but it is impossible to build and exhaustive checklist. (B) The checklist analysis approach only uses qualitative analysis. (C) The checklist analysis approach saves time, but can cost more. (D) The checklist is also known as top down risk assessment |
28. Click here to View Answer
Correct Answer: A
| Question.29 What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply. (A) Develop DIACAP strategy. (B) Assign IA controls. (C) Assemble DIACAP team. (D) Initiate IA implementation plan. (E) Register system with DoD Component IA Program. (F) Conduct validation activity. |
29. Click here to View Answer
Correct Answer: A, B, C, D & E
| Question.30 Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk? Each correct answer represents a complete solution. Choose all that apply. (A) System interaction (B) Human interaction (C) Equipment malfunction (D) Inside and outside attacks (E) Social status (F) Physical damage |
30. Click here to View Answer
Correct Answer: B, C, D, E & F