FISMA requires federal agencies to protect IT systems and data. How often should compliance be audited by an external organization?

• A.Annually
• B.Quarterly
• C.Every three years
• D.Never

Comment: *

Name: *

Email: *

Verification: *

You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

• A.Risk Management Plan
• B.Stakeholder management strategy
• C.Communications Management Plan
• D.Resource Management Plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important for a risk practitioner to consider when evaluating plans for changes to IT services?

• A.Impact assessment of the change
• B.Change communication plan
• C.User acceptance testing (UAT)
• D.Change testing schedule

Comment: *

Name: *

Email: *

Verification: *

Which of the following represents lack of adequate controls?

• A.Vulnerability
• B.Threat
• C.Asset
• D.Impact
• E.Explanation:
  Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing
  harm to the information systems or networks. It can exist in hardware, operating systems,
  firmware, applications, and configuration files. Hence lack of adequate controls represents
  vulnerability and would ultimately cause threat to the enterprise.
• F.is incorrect. Threat is the potential cause of unwanted incident.
• G.is incorrect. Impact is the measure of the financial loss that the threat event may have.

Comment: *

Name: *

Email: *

Verification: *

An organization is implementing encryption for data at rest to reduce the risk associated with unauthorized access. Which of the following MUST be considered to assess the residual risk?

• A.Data destruction requirements
• B.Cloud storage architecture
• C.Data retention requirements
• D.Key management

Comment: *

Name: *

Email: *

Verification: *