ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 13

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Question 121

Report
Export
Collapse

Which of the following are the goals of risk management?

Each correct answer represents a complete solution. Choose three.

A.
Finding an economic balance between the impact of the risk and the cost of the countermeasure
A.
Finding an economic balance between the impact of the risk and the cost of the countermeasure
Answers
B.
Identifying the risk
B.
Identifying the risk
Answers
C.
Assessing the impact of potential threats
C.
Assessing the impact of potential threats
Answers
D.
Identifying the accused
D.
Identifying the accused
Answers
Suggested answer: A, B, C

Question 122

Report
Export
Collapse

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

A.
Full operational test
A.
Full operational test
Answers
B.
Penetration test
B.
Penetration test
Answers
C.
Paper test
C.
Paper test
Answers
D.
Walk-through test
D.
Walk-through test
Answers
Suggested answer: B

Question 123

Report
Export
Collapse

You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

A.
You will use organizational process assets for studies of similar projects by risk specialists.
A.
You will use organizational process assets for studies of similar projects by risk specialists.
Answers
B.
You will use organizational process assets to determine costs of all risks events within the current project.
B.
You will use organizational process assets to determine costs of all risks events within the current project.
Answers
C.
You will use organizational process assets for information from prior similar projects.
C.
You will use organizational process assets for information from prior similar projects.
Answers
D.
You will use organizational process assets for risk databases that may be available from industry sources.
D.
You will use organizational process assets for risk databases that may be available from industry sources.
Answers
Suggested answer: B

Question 124

Report
Export
Collapse

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

A.
SSAA
A.
SSAA
Answers
B.
FIPS
B.
FIPS
Answers
C.
FITSAF
C.
FITSAF
Answers
D.
TCSEC
D.
TCSEC
Answers
Suggested answer: A

Question 125

Report
Export
Collapse

Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

A.
Acceptance
A.
Acceptance
Answers
B.
Mitigation
B.
Mitigation
Answers
C.
Avoidance
C.
Avoidance
Answers
D.
Transference
D.
Transference
Answers
Suggested answer: C

Question 126

Report
Export
Collapse

Which of the following statements is true about residual risks?

A.
It is a weakness or lack of safeguard that can be exploited by a threat.
A.
It is a weakness or lack of safeguard that can be exploited by a threat.
Answers
B.
It can be considered as an indicator of threats coupled with vulnerability.
B.
It can be considered as an indicator of threats coupled with vulnerability.
Answers
C.
It is the probabilistic risk after implementing all security measures.
C.
It is the probabilistic risk after implementing all security measures.
Answers
D.
It is the probabilistic risk before implementing all security measures.
D.
It is the probabilistic risk before implementing all security measures.
Answers
Suggested answer: C

Question 127

Report
Export
Collapse

Which of the following documents is described in the statement below?

"It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

A.
Risk register
A.
Risk register
Answers
B.
Risk management plan
B.
Risk management plan
Answers
C.
Project charter
C.
Project charter
Answers
D.
Quality management plan
D.
Quality management plan
Answers
Suggested answer: A

Question 128

Report
Export
Collapse

You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

A.
Cost management plan
A.
Cost management plan
Answers
B.
Quality management plan
B.
Quality management plan
Answers
C.
Procurement management plan
C.
Procurement management plan
Answers
D.
Stakeholder register
D.
Stakeholder register
Answers
Suggested answer: C

Question 129

Report
Export
Collapse

Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of a response strategy is this?

A.
External risk response
A.
External risk response
Answers
B.
Internal risk management strategy
B.
Internal risk management strategy
Answers
C.
Contingent response strategy
C.
Contingent response strategy
Answers
D.
Expert judgment
D.
Expert judgment
Answers
Suggested answer: C

Question 130

Report
Export
Collapse

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

A.
FITSAF
A.
FITSAF
Answers
B.
TCSEC
B.
TCSEC
Answers
C.
FIPS
C.
FIPS
Answers
D.
SSAA
D.
SSAA
Answers
Suggested answer: B
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms