You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project.
You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?
Response:

All components of an information system to be authorized for operation by an authorizing official and excludes separately authorized systems, to which the information system is connected best defines:
Response:

When does monitoring security controls take place?
Response:

Wendy is about to perform qualitative risk analysis on the identified risks within her project. Which one of the following will NOT help Wendy to perform this project management activity?
Response:

Which of the following NIST documents includes components for penetration testing? Response: