ISSEP Free Practice Test

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control

1. A. Quantitative risk analysis
2. B. Risk audits
3. C. Requested changes
4. D. Qualitative risk analysis

Correct Answer: C

Fill in the blank with the appropriate phrase. The is the risk that remains after the implementation of new or enhanced controls.

1. A. residual risk

Correct Answer: A

Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred

1. A. SSAA
2. B. ISSO
3. C. DAA
4. D. DIACAP

Correct Answer: D

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan Each correct answer represents a part of the solution. Choose all that apply.

1. A. Certification
2. B. Authorization
3. C. Post-certification
4. D. Post-Authorization
5. E. Pre-certification

Correct Answer: ABDE

Which of the following organizations is a USG initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers

1. A. NSA
2. B. NIST
3. C. CNSS
4. D. NIAP

Correct Answer: D