ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?
Which of the following NIST documents includes components for penetration testing?

Question 1

Report
Export
Collapse

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?

A.
Senior Agency Information Security Officer
A.
Senior Agency Information Security Officer
Answers
B.
Authorizing Official
B.
Authorizing Official
Answers
C.
Common Control Provider
C.
Common Control Provider
Answers
D.
Chief Information Officer
D.
Chief Information Officer
Answers
Suggested answer: C

Question 2

Report
Export
Collapse

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer?

Each correct answer represents a complete solution. Choose all that apply.

A.
Preserving high-level communications and working group relationships in an organization
A.
Preserving high-level communications and working group relationships in an organization
Answers
B.
Facilitating the sharing of security risk-related information among authorizing officials
B.
Facilitating the sharing of security risk-related information among authorizing officials
Answers
C.
Establishing effective continuous monitoring program for the organization
C.
Establishing effective continuous monitoring program for the organization
Answers
D.
Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
D.
Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
Answers
Suggested answer: A, C, D

Question 3

Report
Export
Collapse

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?

Each correct answer represents a complete solution. Choose all that apply.

A.
An ISSE provides advice on the impacts of system changes.
A.
An ISSE provides advice on the impacts of system changes.
Answers
B.
An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
B.
An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
Answers
C.
An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
C.
An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
Answers
D.
An ISSO takes part in the development activities that are required to implement system changes.
D.
An ISSO takes part in the development activities that are required to implement system changes.
Answers
E.
An ISSE provides advice on the continuous monitoring of the information system.
E.
An ISSE provides advice on the continuous monitoring of the information system.
Answers
Suggested answer: A, C, E

Question 4

Report
Export
Collapse

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

A.
Information system owner
A.
Information system owner
Answers
B.
Authorizing Official
B.
Authorizing Official
Answers
C.
Chief Risk Officer (CRO)
C.
Chief Risk Officer (CRO)
Answers
D.
Chief Information Officer (CIO)
D.
Chief Information Officer (CIO)
Answers
Suggested answer: A

Question 5

Report
Export
Collapse

Which of the following assessment methodologies defines a six-step technical security evaluation?

A.
FITSAF
A.
FITSAF
Answers
B.
FIPS 102
B.
FIPS 102
Answers
C.
OCTAVE
C.
OCTAVE
Answers
D.
DITSCAP
D.
DITSCAP
Answers
Suggested answer: B

Question 6

Report
Export
Collapse

DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.

A.
Accreditation
A.
Accreditation
Answers
B.
Identification
B.
Identification
Answers
C.
System Definition
C.
System Definition
Answers
D.
Verification
D.
Verification
Answers
E.
Validation
E.
Validation
Answers
F.
Re-Accreditation
F.
Re-Accreditation
Answers
Suggested answer: C, D, E, F

Question 7

Report
Export
Collapse

Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

A.
Mandatory Access Control
A.
Mandatory Access Control
Answers
B.
Role-Based Access Control
B.
Role-Based Access Control
Answers
C.
Discretionary Access Control
C.
Discretionary Access Control
Answers
D.
Policy Access Control
D.
Policy Access Control
Answers
Suggested answer: B

Question 8

Report
Export
Collapse

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

A.
FITSAF
A.
FITSAF
Answers
B.
FIPS
B.
FIPS
Answers
C.
TCSEC
C.
TCSEC
Answers
D.
SSAA
D.
SSAA
Answers
Suggested answer: D

Question 9

Report
Export
Collapse

James work as an IT systems personnel in SoftTech Inc. He performs the following tasks:

Runs regular backups and routine tests of the validity of the backup data.

Performs data restoration from the backups whenever required.

Maintains the retained records in accordance with the established information classification policy. What is the role played by James in the organization?

A.
Manager
A.
Manager
Answers
B.
Owner
B.
Owner
Answers
C.
Custodian
C.
Custodian
Answers
D.
User
D.
User
Answers
Suggested answer: C

Question 10

Report
Export
Collapse

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems.

Which of the following FITSAF levels shows that the procedures and controls have been implemented?

A.
Level 4
A.
Level 4
Answers
B.
Level 1
B.
Level 1
Answers
C.
Level 3
C.
Level 3
Answers
D.
Level 5
D.
Level 5
Answers
E.
Level 2
E.
Level 2
Answers
Suggested answer: C
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms