1. Your security team has just been contacted to audit a company. You are sitting with the members of the team and one of them asks that a printing of all firewall holes and interface security ratings be turned over to the team. You tell them that needs to be discussed at the a. Controlled Unclassified Information b. Body of Evidence C. People-Process-Technology Model d. Test Readiness Review 2. Although the network diagram says the firewall only has two holes allowing http and https network from the user network and ssh traffic from the IT network you see (while looking over a network admin's shoulder while they're in the firewall) a hole that allows all IP traffic from the wireless network zone. You take a cellphone picture and you should include this in a. PEOPLE-PROCESS-TECHNOLOGY MODEL b. Body of Evidence C. Rules of Engagement d. PLAN OF ACTION AND MILESTONES (POAM) 3. Before the audit of a company your team lead says that the company does not have any wireless networks on their network so that your audit will not cover wireless security. This is an example of a. Controlled Unclassified Information b. System Security Plans C. People Process-Technology d. Tailoring Controls 4. It was negotiated that your audit team will be allowed to scan servers for open ports from the wireless network, but your team cannot attempt to penetrate them. This will be included in the a. Plan of Action and Milestones b. People Process-Technology Model C. Body of Evidence d. Rules of Engagement