Q423. Who initiates system authorization process and has the full responsibility over the life cycle of an information system?
Response:

Q424. Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation?
Response:

Q425. Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management?
Response:

Q426. Who determines the required level of independence for security control assessors? Response:

Q427. Who is primarily responsible for categorizing the Information System? Response:

Q428. Fred is the project manager of the PKL project. He is working with his project team to complete the quantitative risk analysis process as a part of risk management planning. Fred understands that once the quantitative risk analysis process is complete, the process will need to be completed again in at least two other times in the project.
When will the quantitative risk analysis process need to be repeated? Response:

Q429. __________ of Effort will drive size of testing team, rigor of testing, & amount of documentation required.
Response:

Q430. The Security Content Automation Protocol (SCAP) is a method for which of the following?
Response:

Q431. Which of the following statements about the authentication concept of information security management is true?
Response:

Q432. A system or system element that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application or required controls of the assessment of control effectiveness best defines:
Response:

Q433. According to NIST SP 800-37 Rev 2, which role has a primary responsibility to report the security status of the information system to the authorizing official (OA) and other appropriate organizational officials on an ongoing basis in accordance with the monitoring strategy?
Response:

Q434. Who is the official with the authority to formally assume responsibility for operating an IS at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.
Response:

Q435. Risk acceptance when the external subsystem owner or service provider cannot fully meet security expectations should be based on the implementation of……..
Response:

Q436. Which of the following statements about the availability concept of Information security management is true?
Response:

Q437. A business-based framework for government wide improvement developed by the Office of Management and Budget that is intended to facilitate efforts to transform the federal government to one that is citizen- centered, results-oriented, and market-based.
Response:

Q438. The security control assessor for Colvine Tech will be conducting a comprehensive level assessment on an information system at Colvine Tech. Which controls must be assessed separately, not by the assessor for colvine Tech?
Response:

Q439. What is not a responsibility of the Risk Executive (Function) in an organization’s ISCM?
Response:

Q440. Which of the following administrative policy controls requires individuals or organizations to be engaged in good business practices relative to the organization’s industry? Response: