Certbus > ISC > ISC Certification > CAP > CAP Online Practice Questions and Answers

CAP Online Practice Questions and Answers

Questions 4

DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores,

transmits, or processes unclassified or classified information since December 1997. What phases are

identified by DIACAP?

Each correct answer represents a complete solution. Choose all that apply.

A. Accreditation

B. Identification

C. System Definition

D. Verification

E. Validation

F. Re-Accreditation

Browse 395 Q&As
Questions 5

Which one of the following is the only output for the qualitative risk analysis process?

A. Project management plan

B. Risk register updates

C. Enterprise environmental factors

D. Organizational process assets

Browse 395 Q&As
Questions 6

Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project documents including the plans, assumptions lists, project files, and contracts. What key thing will help Joan to discover risks within the review of the project documents?

A. Lack of consistency between the plans and the project requirements and assumptions can bethe indicators of risk in the project.

B. The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursue.

C. Plans that have loose definitions of terms and disconnected approaches will revealrisks.

D. Poorly written requirements will reveal inconsistencies in the project plans and documents.

Browse 395 Q&As
Questions 7

Which of the following formulas was developed by FIPS 199 for categorization of an information system?

A. SC information system = {(confidentiality, impact), (integrity, controls), (availability, risk)}

B. SC information system = {(confidentiality, impact), (integrity, impact),(availability, impact)}

C. SC information system = {(confidentiality, controls), (integrity, controls), (availability, controls )}

D. SC information system = {(confidentiality, risk), (integrity, impact), (availability, controls)}

Browse 395 Q&As
Questions 8

Rob is the project manager of the IDLK Project for his company. This project has a budget of $5,600,000 and is expected to last 18 months. Rob has learned that a new law may affect how the project is allowed to proceed - even though the organization has already invested over $750,000 in the project. What risk response is the most appropriate for this instance?

A. Transference

B. Mitigation

C. Enhance

D. Acceptance

Browse 395 Q&As
Questions 9

Kelly is the project manager of the BHH project for her organization. She is completing the risk identification process for this portion of her project. Which one of the following is the only thing that the risk identification process will create for Kelly?

A. Project document updates

B. Risk register updates

C. Change requests

D. Risk register

Browse 395 Q&As
Questions 10

You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project which of the following are likely to increase?

A. Quality control concerns

B. Costs

C. Risks

D. Human resource needs

Browse 395 Q&As
Questions 11

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

A. Acceptance

B. Mitigation

C. Sharing

D. Transference

Browse 395 Q&As
Questions 12

David is the project manager of HGF project for his company. David, the project team, and several key stakeholders have completed risk identification and are ready to move into qualitative risk analysis. Tracy, a project team member, does not understand why they need to complete qualitative risk analysis. Which one of the following is the best explanation for completing qualitative risk analysis?

A. It isa rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.

B. It is a cost-effective means of establishing probability and impact for the project risks.

C. Qualitative risk analysis helps segment the project risks, create a risk breakdown structure, and create fast and accurate risk responses.

D. All risks must pass through quantitative risk analysis before qualitative risk analysis.

Browse 395 Q&As
Questions 13

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards? Each correct answer represents a complete solution. Choose all that apply.

A. SA System and Services Acquisition

B. CA Certification, Accreditation, and Security Assessments

C. IR Incident Response

D. Information systems acquisition, development, and maintenance

Browse 395 Q&As
Questions 14

Jenny is the project manager for the NBT projects. She is working with the project team and several

subject matter experts to perform the quantitative risk analysis process. During this process she and the

project team uncover several risks events that were not previously identified.

What should Jenny do with these risk events?

A. The events should be determined if they need to be accepted or responded to.

B. The events should be entered into qualitative risk analysis.

C. The events should continue on with quantitative risk analysis.

D. The events should be entered into the risk register.

Browse 395 Q&As
Questions 15

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

A. Finding an economic balance between the impact of the risk and the cost of the counterme asure

B. Identifying the risk

C. Assessing the impact of potential threats

D. Identifying the accused

Browse 395 Q&As
Questions 16

Which of the following statements is true about the continuous monitoring process?

A. It takes place in the middle of system security accreditation.

B. It takes place before and after system security accreditation.

C. It takes place before the initial system security accreditation.

D. It takes place after the initial system security accreditation.

Browse 395 Q&As
Questions 17

For which of the following reporting requirements are continuous monitoring documentation reports used?

A. FISMA

B. NIST

C. HIPAA

D. FBI

Browse 395 Q&As
Questions 18

Which of the following documents is used to provide a standard approach to the assessment of NIST SP 800-53 security controls?

A. NIST SP 800-53A

B. NIST SP 800-66

C. NIST SP 800-41

D. NIST SP 800-37

Browse 395 Q&As
Exam Code: CAP
Exam Name: CAP - Certified Authorization Professional
Last Update: Mar 25, 2024
Questions: 395 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99