Question 1

You work as a Network Administrator for uCertify Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security?

Options :

A : HTTP

B : VPN

C : S/MIME

D : SSL

Answer: D

Question 2

Your project has several risks that may cause serious financial impact should they happen. You have

studied the risk events and made some potential risk responses for the risk events but management

wants you to do more. They'd like for you to create some type of a chart that identified the risk

probability and impact with a financial amount for each risk event. What is the likely outcome of

creating this type of chart?

Options :

A : Risk response plan

B : Quantitative analysis

C : Risk response

D : Contingency reserve

Answer: D

Question 3

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

Options :

A : Security Certification

B : Security Accreditation

C : Initiation

D : Continuous Monitoring

Answer: D

Question 4

Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system?

Options :

A : System Owner

B : Information Systems Security Officer (ISSO)

C : Designated Approving Authority (DAA)

D : Chief Information Security Officer (CISO)

Answer: C

Question 5

Which of the following documents contains the threats to the information management, and the security services and controls required to counter those threats?

Options :

A : System Security Context

B : Information Protection Policy (IPP)

C : CONOPS

D : IMM

Answer: B