ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.

Question 101

Report
Export
Collapse

Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes. What is the primary advantage to group risks by common causes during qualitative risk analysis?

A.
It can lead to developing effective risk responses.
A.
It can lead to developing effective risk responses.
Answers
B.
It can lead to the creation of risk categories unique to each project.
B.
It can lead to the creation of risk categories unique to each project.
Answers
C.
It helps the project team realize the areas of the project most laden with risks.
C.
It helps the project team realize the areas of the project most laden with risks.
Answers
D.
It saves time by collecting the related resources, such as project team members, to analyze the risk events.
D.
It saves time by collecting the related resources, such as project team members, to analyze the risk events.
Answers
Suggested answer: A

Question 102

Report
Export
Collapse

You work as a project manager for BlueWell Inc. You are working with Nancy, the COO of your company, on several risks within the project. Nancy understands that through qualitative analysis you have identified 80 risks that have a low probability and low impact as the project is currently planned. Nancy's concern, however, is that the impact and probability of these risk events may change as conditions within the project may change. She would like to know where will you document and record these 80 risks that have low probability and low impact for future reference. What should you tell Nancy?

A.
Risk identification is an iterative process so any changes to the low probability and low impact risks will be reassessed throughout the project life cycle.
A.
Risk identification is an iterative process so any changes to the low probability and low impact risks will be reassessed throughout the project life cycle.
Answers
B.
Risks with low probability and low impact are recorded in a watchlist for future monitoring.
B.
Risks with low probability and low impact are recorded in a watchlist for future monitoring.
Answers
C.
All risks, regardless of their assessed impact and probability, are recorded in the risk log.
C.
All risks, regardless of their assessed impact and probability, are recorded in the risk log.
Answers
D.
All risks are recorded in the risk management plan
D.
All risks are recorded in the risk management plan
Answers
Suggested answer: B

Question 103

Report
Export
Collapse

You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve the goal of improving the project's performance through risk analysis with your project stakeholders?

A.
Involve subject matter experts in the risk analysis activities
A.
Involve subject matter experts in the risk analysis activities
Answers
B.
Focus on the high-priority risks through qualitative risk analysis
B.
Focus on the high-priority risks through qualitative risk analysis
Answers
C.
Use qualitative risk analysis to quickly assess the probability and impact of risk events
C.
Use qualitative risk analysis to quickly assess the probability and impact of risk events
Answers
D.
Involve the stakeholders for risk identification only in the phases where the project directly affects them
D.
Involve the stakeholders for risk identification only in the phases where the project directly affects them
Answers
Suggested answer: B

Question 104

Report
Export
Collapse

Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profityou're your organization seizes this opportunity it would be an example of what risk response?

A.
Opportunistic
A.
Opportunistic
Answers
B.
Positive
B.
Positive
Answers
C.
Enhancing
C.
Enhancing
Answers
D.
Exploiting
D.
Exploiting
Answers
Suggested answer: D

Question 105

Report
Export
Collapse

You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

A.
Cost plus incentive fee
A.
Cost plus incentive fee
Answers
B.
Time and materials
B.
Time and materials
Answers
C.
Cost plus percentage of costs
C.
Cost plus percentage of costs
Answers
D.
Fixed fee
D.
Fixed fee
Answers
Suggested answer: C

Question 106

Report
Export
Collapse

Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?

A.
NIST SP 800-53
A.
NIST SP 800-53
Answers
B.
NIST SP 800-59
B.
NIST SP 800-59
Answers
C.
NIST SP 800-53A
C.
NIST SP 800-53A
Answers
D.
NIST SP 800-37
D.
NIST SP 800-37
Answers
E.
NIST SP 800-60
E.
NIST SP 800-60
Answers
Suggested answer: B

Question 107

Report
Export
Collapse

You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

A.
Cost management plan
A.
Cost management plan
Answers
B.
Procurement management plan
B.
Procurement management plan
Answers
C.
Stakeholder register
C.
Stakeholder register
Answers
D.
Quality management plan
D.
Quality management plan
Answers
Suggested answer: B

Question 108

Report
Export
Collapse

There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?

A.
Acceptance
A.
Acceptance
Answers
B.
Mitigation
B.
Mitigation
Answers
C.
Sharing
C.
Sharing
Answers
D.
Transference
D.
Transference
Answers
Suggested answer: A

Question 109

Report
Export
Collapse

What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?

A.
PON
A.
PON
Answers
B.
ZOPA
B.
ZOPA
Answers
C.
BATNA
C.
BATNA
Answers
D.
Bias
D.
Bias
Answers
Suggested answer: C

Question 110

Report
Export
Collapse

Which of the following is the acronym of RTM?

A.
Resource tracking method
A.
Resource tracking method
Answers
B.
Requirements Traceability Matrix
B.
Requirements Traceability Matrix
Answers
C.
Resource timing method
C.
Resource timing method
Answers
D.
Requirements Testing Matrix
D.
Requirements Testing Matrix
Answers
Suggested answer: B
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms