Which of the following would MOST likely drive the need to review and update key performance indicators (KPIs) for critical IT assets?

• A.Changes in service level objectives
• B.Findings from continuous monitoring
• C.Outcomes of periodic risk assessments
• D.The outsourcing of related IT processes

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration when performing a risk assessment of a fire suppression system within a data center?

• A.Maintenance procedures
• B.Onsite replacement availability
• C.Insurance coverage
• D.Installation manuals

Comment: *

Name: *

Email: *

Verification: *

Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes. What is the primary advantage to group risks by common causes during qualitative risk analysis?

• A.It helps the project team realize the areas of the project most laden with risks.
• B.It assist in developing effective risk responses.
• C.It saves time by collecting the related resources, such as project team members, to analyze the risk events.
• D.It can lead to the creation of risk categories unique to each project.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important data attribute of key risk indicators (KRIs)?

• A.The data is relevant.
• B.The data is calculated continuously.
• C.The data is measurable.
• D.The data is automatically produced.

Comment: *

Name: *

Email: *

Verification: *

NIST SP 800-53 identifies controls in three primary classes. What are they?

• A.Technical, Administrative, and Environmental
• B.Preventative, Detective, and Corrective
• C.Technical, Operational, and Management
• D.Administrative, Technical, and Operational

Correct Answer: C

Explanation/Reference:
Explanation:
NIST SP 800-53 is used to review security in any organization, that is, in reviewing physical security. The Physical and Environmental Protection family includes 19 different controls. Organizations use these controls for better physical security. These controls are reviewed to determine if they are relevant to a particular organization or not. Many of the controls described include additional references that provide more details on how to implement them. The National Institute of Standards and Technology (NIST) SP
800-53 rev 3 identifies 18 families of controls. It groups these controls into three classes:
Technical

Operational

Management

Comment: *

Name: *

Email: *

Verification: *