ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Question 111

Report
Export
Collapse

Thomas is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are also known as what?

A.
Opportunities
A.
Opportunities
Answers
B.
Benefits
B.
Benefits
Answers
C.
Ancillary constituent components
C.
Ancillary constituent components
Answers
D.
Contingency risks
D.
Contingency risks
Answers
Suggested answer: A

Question 112

Report
Export
Collapse

You are the project manager of the GGG project. You have completed the risk identification process for the initial phases of your project. As you begin to document the risk events in the risk register what additional information can you associate with the identified risk events?

A.
Risk schedule
A.
Risk schedule
Answers
B.
Risk potential responses
B.
Risk potential responses
Answers
C.
Risk cost
C.
Risk cost
Answers
D.
Risk owner
D.
Risk owner
Answers
Suggested answer: B

Question 113

Report
Export
Collapse

Which of the following are the tasks performed by the owner in the information classification schemes? Each correct answer represents a part of the solution.

Choose three.

A.
To make original determination to decide what level of classification the information requires, which is based on the business requirements for the safety of the data.
A.
To make original determination to decide what level of classification the information requires, which is based on the business requirements for the safety of the data.
Answers
B.
To perform data restoration from the backups whenever required.
B.
To perform data restoration from the backups whenever required.
Answers
C.
To review the classification assignments from time to time and make alterations as the business requirements alter.
C.
To review the classification assignments from time to time and make alterations as the business requirements alter.
Answers
D.
To delegate the responsibility of the data safeguard duties to the custodian.
D.
To delegate the responsibility of the data safeguard duties to the custodian.
Answers
Suggested answer: A, C, D

Question 114

Report
Export
Collapse

Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.

A.
Bottom-Up Approach
A.
Bottom-Up Approach
Answers
B.
Right-Up Approach
B.
Right-Up Approach
Answers
C.
Top-Down Approach
C.
Top-Down Approach
Answers
D.
Left-Up Approach
D.
Left-Up Approach
Answers
Suggested answer: A, C

Question 115

Report
Export
Collapse

Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for the quantitative risk analysis process. Why is the schedule management plan needed for quantitative risk analysis?

A.
Mary will utilize the schedule controls and the nature of the schedule for the quantitative analysis of the schedule.
A.
Mary will utilize the schedule controls and the nature of the schedule for the quantitative analysis of the schedule.
Answers
B.
Mary will schedule when the identified risks are likely to happen and affect the project schedule.
B.
Mary will schedule when the identified risks are likely to happen and affect the project schedule.
Answers
C.
Mary will utilize the schedule controls to determine how risks may be allowed to change the project schedule.
C.
Mary will utilize the schedule controls to determine how risks may be allowed to change the project schedule.
Answers
D.
Mary will use the schedule management plan to schedule the risk identification meetings throughout the remaining project.
D.
Mary will use the schedule management plan to schedule the risk identification meetings throughout the remaining project.
Answers
Suggested answer: A

Question 116

Report
Export
Collapse

Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

A.
Sammy is correct, because organizations can create risk scores for each objective of the project.
A.
Sammy is correct, because organizations can create risk scores for each objective of the project.
Answers
B.
Harry is correct, because the risk probability and impact considers all objectives of the project.
B.
Harry is correct, because the risk probability and impact considers all objectives of the project.
Answers
C.
Harry is correct, the risk probability and impact matrix is the only approach to risk assessment.
C.
Harry is correct, the risk probability and impact matrix is the only approach to risk assessment.
Answers
D.
Sammy is correct, because she is the project manager.
D.
Sammy is correct, because she is the project manager.
Answers
Suggested answer: A

Question 117

Report
Export
Collapse

Which of the following phases of the DITSCAP C&A process is used to define the C&A level of effort, to identify the main C&A roles and responsibilities, and to create an agreement on the method for implementing the security requirements?

A.
Phase 3
A.
Phase 3
Answers
B.
Phase 2
B.
Phase 2
Answers
C.
Phase 4
C.
Phase 4
Answers
D.
Phase 1
D.
Phase 1
Answers
Suggested answer: D

Question 118

Report
Export
Collapse

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy?

Each correct answer represents a part of the solution. Choose all that apply.

A.
Who is expected to exploit the vulnerability?
A.
Who is expected to exploit the vulnerability?
Answers
B.
What is being secured?
B.
What is being secured?
Answers
C.
Where is the vulnerability, threat, or risk?
C.
Where is the vulnerability, threat, or risk?
Answers
D.
Who is expected to comply with the policy?
D.
Who is expected to comply with the policy?
Answers
Suggested answer: B, C, D

Question 119

Report
Export
Collapse

The Project Risk Management knowledge area focuses on which of the following processes? Each correct answer represents a complete solution. Choose all that apply.

A.
Potential Risk Monitoring
A.
Potential Risk Monitoring
Answers
B.
Risk Management Planning
B.
Risk Management Planning
Answers
C.
Quantitative Risk Analysis
C.
Quantitative Risk Analysis
Answers
D.
Risk Monitoring and Control
D.
Risk Monitoring and Control
Answers
Suggested answer: B, C, D

Question 120

Report
Export
Collapse

Which of the following objectives are defined by integrity in the C.I.A triad of information security systems? Each correct answer represents a part of the solution.

Choose three.

A.
It preserves the internal and external consistency of information.
A.
It preserves the internal and external consistency of information.
Answers
B.
It prevents the unauthorized or unintentional modification of information by the authorized users.
B.
It prevents the unauthorized or unintentional modification of information by the authorized users.
Answers
C.
It prevents the intentional or unintentional unauthorized disclosure of a message's contents .
C.
It prevents the intentional or unintentional unauthorized disclosure of a message's contents .
Answers
D.
It prevents the modification of information by the unauthorized users.
D.
It prevents the modification of information by the unauthorized users.
Answers
Suggested answer: A, B, D
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms