<< Prev Question Next Question >>

Question 220/375

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (375q)
Question 1: Which of the following NIST C&amp;A documents is the guideli...
Question 2: Which of the following is used throughout the entire C&amp;A...
Question 3: Which of the following NIST publications defines impact?...
Question 4: A Web-based credit card company had collected financial and ...
Question 5: A ________ points to a statement in a policy or procedure th...
Question 6: Which of the following groups represents the most likely sou...
Question 7: You are the project manager of the NHQ project for your comp...
Question 8: Which of the following individuals is responsible for the fi...
Question 9: Which of the following formulas was developed by FIPS 199 fo...
Question 10: James work as an IT systems personnel in SoftTech Inc. He pe...
Question 11: The Phase 2 of DITSCAP C&amp;A is known as Verification. The...
Question 12: In which of the following phases does the SSAA maintenance t...
Question 13: In which of the following Risk Management Framework (RMF) ph...
Question 14: You are the project manager for your organization. You have ...
Question 15: There are seven risk responses for any project. Which one of...
Question 16: Which of the following RMF phases is known as risk analysis?...
Question 17: Certification and Accreditation (C&amp;A or CnA) is a proces...
Question 18: Tom is the project manager for his organization. In his proj...
Question 19: Which of the following access control models uses a predefin...
Question 20: Penetration tests are sometimes called white hat attacks bec...
Question 21: You are the project manager for your company and a new chang...
Question 22: ISO 17799 has two parts. The first part is an implementation...
Question 23: DIACAP applies to the acquisition, operation, and sustainmen...
Question 24: Your organization has named you the project manager of the J...
Question 25: What project management plan is most likely to direct the qu...
Question 26: You and your project team are just starting the risk identif...
Question 27: Which of the following refers to an information security doc...
Question 28: Gary is the project manager for his organization. He is work...
Question 29: You are the project manager of QSL project for your organiza...
Question 30: You are responsible for network and information security at ...
Question 31: Which of the following refers to an information security doc...
Question 32: System Authorization is the risk management process. System ...
Question 33: You work as a project manager for TechSoft Inc. You are work...
Question 34: Which of the following individuals informs all C&amp;A parti...
Question 35: A security policy is an overall general statement produced b...
Question 36: Which of the following documents is used to provide a standa...
Question 37: Who is responsible for the stakeholder expectations manageme...
Question 38: Which of the following are included in Physical Controls? Ea...
Question 39: Risks with low ratings of probability and impact are include...
Question 40: Bill is the project manager of the JKH Project. He and the p...
Question 41: Walter is the project manager of a large construction projec...
Question 42: You work as the project manager for Bluewell Inc. There has ...
Question 43: Which of the following NIST documents provides a guideline f...
Question 44: Which of the following statements about System Access Contro...
Question 45: Which of the following roles is also known as the accreditor...
Question 46: You are the project manager of the NNH Project. In this proj...
Question 47: Sam is the project manager of a construction project in sout...
Question 48: Which of the following are the goals of risk management? Eac...
Question 49: Which of the following is used in the practice of Informatio...
Question 50: You work as a project manager for BlueWell Inc. Management h...
Question 51: Your project uses a piece of equipment that if the temperatu...
Question 52: To help review or design security controls, they can be clas...
Question 53: Eric is the project manager of the NQQ Project and has hired...
Question 54: Which of the following statements about Discretionary Access...
Question 55: Which of the following refers to an information security doc...
Question 56: Gary is the project manager of his organization. He is manag...
Question 57: Which of the following professionals plays the role of a mon...
Question 58: Which of the following governance bodies directs and coordin...
Question 59: Which of the following processes is described in the stateme...
Question 60: Which of the following individuals is responsible for monito...
Question 61: Which of the following DITSCAP C&amp;A phases takes place be...
Question 62: Which of the following C&amp;A professionals plays the role ...
Question 63: Which of the following statements correctly describes DIACAP...
Question 64: FITSAF stands for Federal Information Technology Security As...
Question 65: Which of the following professionals is responsible for star...
Question 66: Which of the following formulas was developed by FIPS 199 fo...
Question 67: Which of the following statements is true about the continuo...
Question 68: Billy is the project manager of the HAR Project and is in mo...
Question 69: During qualitative risk analysis you want to define the risk...
Question 70: James work as an IT systems personnel in SoftTech Inc. He pe...
Question 71: Mary is the project manager of the HGH Project for her compa...
Question 72: Which of the following is NOT an objective of the security p...
Question 73: The phase 0 of Risk Management Framework (RMF) is known as s...
Question 74: Which of the following documents is described in the stateme...
Question 75: Which of the following techniques are used after a security ...
Question 76: Numerous information security standards promote good securit...
Question 77: You are the project manager of the GHG project. You are prep...
Question 78: Which of the following techniques are used after a security ...
Question 79: Kelly is the project manager of the BHH project for her orga...
Question 80: According to U.S. Department of Defense (DoD) Instruction 85...
Question 81: Eric is the project manager of the NQQ Project and has hired...
Question 82: Mark works as a project manager for TechSoft Inc. Mark, the ...
Question 83: In which of the following phases does the SSAA maintenance t...
Question 84: What are the subordinate tasks of the Initiate and Plan IA C...
Question 85: BS 7799 is an internationally recognized ISM standard that p...
Question 86: Tom is the project manager for his organization. In his proj...
Question 87: System Authorization is the risk management process. System ...
Question 88: The risk transference is referred to the transfer of risks t...
Question 89: Which of the following are the tasks performed by the owner ...
Question 90: You are preparing to complete the quantitative risk analysis...
Question 91: Where can a project manager find risk-rating rules?...
Question 92: Certification and Accreditation (C&amp;A or CnA) is a proces...
Question 93: Frank is the project manager of the NHH Project. He is worki...
Question 94: You and your project team are identifying the risks that may...
Question 95: A high-profile, high-priority project within your organizati...
Question 96: Certification and Accreditation (C&amp;A or CnA) is a proces...
Question 97: The Project Risk Management knowledge area focuses on which ...
Question 98: Virginia is the project manager for her organization. She ha...
Question 99: Which of the following statements about Discretionary Access...
Question 100: Your project is an agricultural-based project that deals wit...
Question 101: There are five inputs to the quantitative risk analysis proc...
Question 102: Jenny is the project manager of the NHJ Project for her comp...
Question 103: Henry is the project manager of the QBG Project for his comp...
Question 104: There are seven risk responses for any project. Which one of...
Question 105: Ned is the project manager of the HNN project for your compa...
Question 106: You are the project manager of the GHG project. You are prep...
Question 107: Which of the following is NOT an objective of the security p...
Question 108: Which of the following describes residual risk as the risk r...
Question 109: Mark is the project manager of the BFL project for his organ...
Question 110: Which of the following objectives are defined by integrity i...
Question 111: Thomas is the project manager of the NHJ Project for his com...
Question 112: Which of the following classification levels defines the inf...
Question 113: Which of the following requires all general support systems ...
Question 114: In which type of access control do user ID and password syst...
Question 115: In what portion of a project are risk and opportunities grea...
Question 116: A security policy is an overall general statement produced b...
Question 117: What course of action can be taken by a party if the current...
Question 118: Which of the following parts of BS 7799 covers risk analysis...
Question 119: Which of the following phases of the DITSCAP C&amp;A process...
Question 120: There are seven risks responses that a project manager can c...
Question 121: Rob is the project manager of the IDLK Project for his compa...
Question 122: You are the project manager of the GHY project for your orga...
Question 123: Neil works as a project manager for SoftTech Inc. He is work...
Question 124: The Project Risk Management knowledge area focuses on which ...
Question 125: Beth is the project manager of the BFG Project for her compa...
Question 126: There are seven risk responses for any project. Which one of...
Question 127: You and your project team have identified the project risks ...
Question 128: Which of the following DoD directives defines DITSCAP as the...
Question 129: The Phase 3 of DITSCAP C&amp;A is known as Validation. The g...
Question 130: In which of the following phases of the DITSCAP process does...
Question 131: Which of the following acts promote a risk-based policy for ...
Question 132: Which of the following are included in Technical Controls? E...
Question 133: Which of the following processes provides a standard set of ...
Question 134: Which of the following NIST documents includes components fo...
Question 135: Which of the following NIST Special Publication documents pr...
Question 136: The phase 3 of the Risk Management Framework (RMF) process i...
Question 137: An authentication method uses smart cards as well as usernam...
Question 138: Diane is the project manager of the HGF Project. A risk that...
Question 139: Which of the following processes is a structured approach to...
Question 140: Walter is the project manager of a large construction projec...
Question 141: Which of the following requires all general support systems ...
Question 142: An authentication method uses smart cards as well as usernam...
Question 143: During which of the following processes, probability and imp...
Question 144: Wendy is about to perform qualitative risk analysis on the i...
Question 145: Which of the following is NOT a phase of the security certif...
Question 146: Gary is the project manager for his project. He and the proj...
Question 147: Which of the following acts is used to recognize the importa...
Question 148: What is the objective of the Security Accreditation Decision...
Question 149: Which of the following statements about role-based access co...
Question 150: In which of the following elements of security does the obje...
Question 151: The Information System Security Officer (ISSO) and Informati...
Question 152: Which of the following individuals is responsible for ensuri...
Question 153: Which of the following processes has the goal to ensure that...
Question 154: The only output of the perform qualitative risk analysis are...
Question 155: Which of the following persons is responsible for testing an...
Question 156: Which of the following is a temporary approval to operate ba...
Question 157: You work as the project manager for Bluewell Inc. You are wo...
Question 158: Harry is a project manager of a software development project...
Question 159: Which of the following individuals makes the final accredita...
Question 160: Which of the following documents is used to provide a standa...
Question 161: Ned is the program manager for his organization and he's con...
Question 162: Which of the following is the acronym of RTM?...
Question 163: Which of the following objectives are defined by integrity i...
Question 164: The Phase 2 of DITSCAP C&amp;A is known as Verification. The...
Question 165: Which of the following concepts represent the three fundamen...
Question 166: DIACAP applies to the acquisition, operation, and sustainmen...
Question 167: Which of the following NIST documents defines impact?...
Question 168: FITSAF stands for Federal Information Technology Security As...
Question 169: In which of the following testing methodologies do assessors...
Question 170: FITSAF stands for Federal Information Technology Security As...
Question 171: What does RTM stand for?
Question 172: You are the project manager of the NNQ Project for your comp...
Question 173: Diana is the project manager of the QPS project for her comp...
Question 174: During qualitative risk analysis you want to define the risk...
Question 175: Which of the following assessment methodologies defines a si...
Question 176: Which one of the following is the only output for the qualit...
Question 177: Numerous information security standards promote good securit...
Question 178: An Authorizing Official plays the role of an approver. What ...
Question 179: You and your project team are just starting the risk identif...
Question 180: Lisa is the project manager of the SQL project for her compa...
Question 181: Shoulder surfing is a type of in-person attack in which the ...
Question 182: The Information System Security Officer (ISSO) and Informati...
Question 183: Which of the following is a 1996 United States federal law, ...
Question 184: Which of the following DITSCAP phases validates that the pre...
Question 185: In which of the following DIACAP phases is residual risk ana...
Question 186: Mark works as a Network Administrator for NetTech Inc. He wa...
Question 187: According to U.S. Department of Defense (DoD) Instruction 85...
Question 188: You are the project manager for your organization. You are w...
Question 189: Jeff, a key stakeholder in your project, wants to know how t...
Question 190: You are the project manager of the GHQ project for your comp...
Question 191: Harry is the project manager of the MMQ Construction Project...
Question 192: Which of the following recovery plans includes a monitoring ...
Question 193: A part of a project deals with the hardware work. As a proje...
Question 194: In which type of access control do user ID and password syst...
Question 195: The National Information Assurance Certification and Accredi...
Question 196: Which of the following is NOT a type of penetration test?...
Question 197: You are the project manager of the NHH project for your comp...
Question 198: You are the project manager of the GGH Project in your compa...
Question 199: Which of the following is NOT a responsibility of a data own...
Question 200: Thomas is a key stakeholder in your project. Thomas has requ...
Question 201: Which of the following refers to the ability to ensure that ...
Question 202: Management wants you to create a visual diagram of what reso...
Question 203: Which of the following administrative policy controls requir...
Question 204: Which of the following DoD directives is referred to as the ...
Question 205: Which of the following NIST Special Publication documents pr...
Question 206: Adrian is a project manager for a new project using a techno...
Question 207: Sammy is the project manager for her organization. She would...
Question 208: Which of the following DoD directives is referred to as the ...
Question 209: Which of the following roles is responsible for review and r...
Question 210: In which of the following Risk Management Framework (RMF) ph...
Question 211: You are working as a project manager in your organization. Y...
Question 212: You are the project manager for GHY Project and are working ...
Question 213: According to FIPS Publication 199, what are the three levels...
Question 214: Which one of the following is the only output for the qualit...
Question 215: You are the project manager for your company and a new chang...
Question 216: What approach can a project manager use to improve the proje...
Question 217: You are the project manager of the HJK Project for your orga...
Question 218: You are the project manager of the BlueStar project in your ...
Question 219: Which of the following is a subset discipline of Corporate G...
Question 220: In which of the following testing methodologies do assessors...
Question 221: What are the subordinate tasks of the Implement and Validate...
Question 222: Which of the following is used to indicate that the software...
Question 223: You work as a project manager for BlueWell Inc. You are curr...
Question 224: Which of the following formulas was developed by FIPS 199 fo...
Question 225: Which of the following documents is described in the stateme...
Question 226: Certification and Accreditation (C&amp;A or CnA) is a proces...
Question 227: Sammy is the project manager for her organization. She would...
Question 228: Which of the following are the common roles with regard to d...
Question 229: In which of the following phases do the system security plan...
Question 230: Which of the following statements best describes the differe...
Question 231: The Identify Risk process determines the risks that affect t...
Question 232: You work as a project manager for TechSoft Inc. You, the pro...
Question 233: Which of the following processes has the goal to ensure that...
Question 234: Adrian is the project manager of the NHP Project. In her pro...
Question 235: Which of the following phases begins with a review of the SS...
Question 236: Which of the following processes is a structured approach to...
Question 237: Mary is the project manager of the HGH Project for her compa...
Question 238: FITSAF stands for Federal Information Technology Security As...
Question 239: Joan is a project management consultant and she has been hir...
Question 240: David is the project manager of HGF project for his company....
Question 241: Certification and Accreditation (C&amp;A or CnA) is a proces...
Question 242: The Information System Security Officer (ISSO) and Informati...
Question 243: Which of the following individuals makes the final accredita...
Question 244: An organization monitors the hard disks of its employees' co...
Question 245: The Phase 4 of DITSCAP C&amp;A is known as Post Accreditatio...
Question 246: You are the project manager for a construction project. The ...
Question 247: Which of the following RMF phases identifies key threats and...
Question 248: Which of the following professionals is responsible for star...
Question 249: John is the project manager of the NHQ Project for his compa...
Question 250: Information Security management is a process of defining the...
Question 251: John is the project manager of the NHQ Project for his compa...
Question 252: Amy is the project manager for her company. In her current p...
Question 253: Which of the following risk responses delineates that the pr...
Question 254: Which of the following individuals is responsible for the fi...
Question 255: Which of the following are the goals of risk management? Eac...
Question 256: Which of the following governance bodies provides management...
Question 257: Which of the following methods of authentication uses finger...
Question 258: Jenny is the project manager for the NBT projects. She is wo...
Question 259: You are the program manager for your project. You are workin...
Question 260: Which of the following terms related to risk management repr...
Question 261: Your organization has a project that is expected to last 20 ...
Question 262: Which of the following is an Information Assurance (IA) mode...
Question 263: Bill is the project manager of the JKH Project. He and the p...
Question 264: You are the project manager for your organization. You have ...
Question 265: Which of the following are the types of assessment tests add...
Question 266: Which types of project tends to have more well-understood ri...
Question 267: You work as a project manager for BlueWell Inc. Your project...
Question 268: Which of the following processes is described in the stateme...
Question 269: Which of the following components ensures that risks are exa...
Question 270: You are the project manager of the NKJ Project for your comp...
Question 271: Which of the following is a risk that is created by the resp...
Question 272: SIMULATION Fill in the blank with an appropriate word. _____...
Question 273: You are the project manager for a construction project. The ...
Question 274: Penetration testing (also called pen testing) is the practic...
Question 275: For which of the following reporting requirements are contin...
Question 276: Joan is the project manager of the BTT project for her compa...
Question 277: Which of the following assessment methods involves observing...
Question 278: You are preparing to start the qualitative risk analysis pro...
Question 279: Your project uses a piece of equipment that if the temperatu...
Question 280: Mary is the project manager for the BLB project. She has ins...
Question 281: Your project has several risks that may cause serious financ...
Question 282: Which of the following individuals is responsible for prepar...
Question 283: In 2003, NIST developed a new Certification &amp; Accreditat...
Question 284: Which of the following is a risk response planning technique...
Question 285: ISO 17799 has two parts. The first part is an implementation...
Question 286: Which of the following refers to a process that is used for ...
Question 287: Information risk management (IRM) is the process of identify...
Question 288: You work as a project manager for BlueWell Inc. There has be...
Question 289: Which of the following assessment methodologies defines a si...
Question 290: Which of the following professionals plays the role of a mon...
Question 291: Elizabeth is a project manager for her organization and she ...
Question 292: The Chief Information Officer (CIO), or Information Technolo...
Question 293: You are the project manager of the NNN project for your comp...
Question 294: Which of the following NIST documents defines impact?...
Question 295: Gary is the project manager for his project. He and the proj...
Question 296: You are the project manager of the GGG project. You have com...
Question 297: Which of the following is NOT considered an environmental th...
Question 298: The National Information Assurance Certification and Accredi...
Question 299: What NIACAP certification levels are recommended by the cert...
Question 300: You work as a project manager for BlueWell Inc. You are abou...
Question 301: You work as a project manager for BlueWell Inc. You are prep...
Question 302: What are the responsibilities of a system owner? Each correc...
Question 303: You work as a project manager for BlueWell Inc. There has be...
Question 304: Your project has several risks that may cause serious financ...
Question 305: Which of the following statements about the authentication c...
Question 306: You are the project manager of the CUL project in your organ...
Question 307: You work as a project manager for BlueWell Inc. You are work...
Question 308: Nancy is the project manager of the NHH project. She and the...
Question 309: Joan is a project management consultant and she has been hir...
Question 310: Which of the following are the objectives of the security ce...
Question 311: Which of the following relations correctly describes total r...
Question 312: The Chief Information Officer (CIO), or Information Technolo...
Question 313: Which of the following guidance documents is useful in deter...
Question 314: To help review or design security controls, they can be clas...
Question 315: Walter is the project manager of a large construction projec...
Question 316: Fred is the project manager of the CPS project. He is workin...
Question 317: You are the project manager for TTP project. You are in the ...
Question 318: Which of the following are the types of access controls? Eac...
Question 319: Which of the following statements about the availability con...
Question 320: In which of the following DITSCAP phases is the SSAA develop...
Question 321: Which of the following is an entry in an object's discretion...
Question 322: Which of the following statements are true about security ri...
Question 323: You work as a project manager for SoftTech Inc. You are work...
Question 324: Which of the following assessment methods is used to review,...
Question 325: What component of the change management system is responsibl...
Question 326: Tracy is the project manager of the NLT Project for her comp...
Question 327: Which of the following individuals is responsible for config...
Question 328: Eric is the project manager of the MTC project for his compa...
Question 329: You are the project manager of a large construction project....
Question 330: You are the project manager of the GHY project for your orga...
Question 331: The IAM/CA makes certification accreditation recommendations...
Question 332: Courtney is the project manager for her organization. She is...
Question 333: Which of the following statements reflect the 'Code of Ethic...
Question 334: Which of the following is NOT an objective of the security p...
Question 335: You work as a project manager for BlueWell Inc. You are work...
Question 336: Which of the following is a security policy implemented by a...
Question 337: Mark works as a Network Administrator for NetTech Inc. He wa...
Question 338: The Phase 1 of DITSCAP C&amp;A is known as Definition Phase....
Question 339: Which of the following system security policies is used to a...
Question 340: Penetration testing (also called pen testing) is the practic...
Question 341: Which of the following approaches can be used to build a sec...
Question 342: NIST SP 800-53A defines three types of interview depending o...
Question 343: A project team member has just identified a new project risk...
Question 344: The National Information Assurance Certification and Accredi...
Question 345: The Software Configuration Management (SCM) process defines ...
Question 346: Which of the following statements is true about residual ris...
Question 347: Management wants you to create a visual diagram of what reso...
Question 348: Which of the following processes is used to protect the data...
Question 349: Which of the following roles is used to ensure that the conf...
Question 350: Amy is the project manager for her company. In her current p...
Question 351: Which of the following relations correctly describes residua...
Question 352: Ben is the project manager of the YHT Project for his compan...
Question 353: Which of the following recovery plans includes a monitoring ...
Question 354: Which of the following individuals is responsible for config...
Question 355: You are the project manager for your organization. You are w...
Question 356: Which of the following processes is described in the stateme...
Question 357: Which of the following fields of management focuses on estab...
Question 358: You are the project manager of the GHY Project for your comp...
Question 359: A security policy is an overall general statement produced b...
Question 360: Which of the following RMF phases is known as risk analysis?...
Question 361: Which of the following is not a part of Identify Risks proce...
Question 362: During which of the following processes, probability and imp...
Question 363: In which of the following phases do the system security plan...
Question 364: Your project team has identified a project risk that must be...
Question 365: Which of the following recovery plans includes specific stra...
Question 366: What does OCTAVE stand for?
Question 367: Which of the following is a standard that sets basic require...
Question 368: In 2003, NIST developed a new Certification &amp; Accreditat...
Question 369: Shoulder surfing is a type of in-person attack in which the ...
Question 370: You work as a project manager for BlueWell Inc. You are work...
Question 371: Security Test and Evaluation (ST&amp;E) is a component of ri...
Question 372: Which of the following recovery plans includes specific stra...
Question 373: You are the project manager for the NHH project. You are wor...
Question 374: You are the project manager for your organization. You are p...
Question 375: You are the project manager of the NKQ project for your orga...