A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

A. Avoidance

B. Mitigation

C. Exploit

D. Transference

A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?

A. Add the identified risk to a quality control management control chart.

B. Add the identified risk to the risk register.

C. Add the identified risk to the issues log.

D. Add the identified risk to the low-level risk watchlist.

You are the project manager of the NNH Project. In this project you have created a contingency response that the schedule performance index should be less than 0.93. The NHH Project has a budget at completion of $945,000 and is 45 percent complete though the project should be 49 percent complete. The project has spent $455,897 to reach the 45 percent complete milestone. What is the project's schedule performance index?

A. 1.06

B. 0.93

C. -$37,800

D. 0.92

Which of the following formulas was developed by FIPS 199 for categorization of an information type?

A. SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}

B. SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}

C. SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}

D. SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}

Which of the following formulas was developed by FIPS 199 for categorization of an information system?

A. SC information system = {(confidentiality, impact), (integrity, controls), (availability, risk)}

B. SC information system = {(confidentiality, impact), (integrity, impact),(availability, impact)}

C. SC information system = {(confidentiality, controls), (integrity, controls), (availability, controls )}

D. SC information system = {(confidentiality, risk), (integrity, impact), (availability, controls)}

Nancy is the project manager of the NHH project. She and the project team have identified a significant risk in the project during the qualitative risk analysis process. Bob is familiar with the technology that the risk is affecting and proposes to Nancy a solution to the risk event. Nancy tells Bob that she has noted his response, but the risk really needs to pass through the quantitative risk analysis process before creating responses. Bob disagrees and ensures Nancy that his response is most appropriate for the identified risk. Who is correct in this scenario?

A. Bob is correct. Bob is familiar with the technology and the risk event so his response should be implemented.

B. Nancy is correct. Because Nancy is the project manager she can determine the correct procedures for risk analysis and risk responses. In addition, she has noted the risk response that Bob recommends.

C. Nancy is correct. All risks of significant probability and impact should pass the quantitative risk analysis process before risk responses are created.

D. Bob is correct. Not all riskevents have to pass the quantitative risk analysis process to develop effective risk responses.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing? Each correct answer represents a complete solution. Choose all that apply.

A. Full-box

B. Zero-knowledge test

C. Full-knowledge test

D. Open-box

E. Partial-knowledge test

F. Closed-box

John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

A. Risk Response Plan

B. Risk Management Plan

C. Project ManagementPlan

D. Communications Management Plan

Which of the following is not a part of Identify Risks process?

A. Decision tree diagram

B. Cause and effect diagram

C. Influence diagram

D. System or process flow chart

What does OCTAVE stand for?

A. Operationally Computer Threat, Asset, and Vulnerability Evaluation

B. Operationally Critical Threat, Asset, and Vulnerability Evaluation

C. Operationally Computer Threat, Asset, and Vulnerability Elimination

D. Operationally Critical Threat, Asset, and Vulnerability Elimination