ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

Question 171

Report
Export
Collapse

In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?

A.
Continuous Monitoring Phase
A.
Continuous Monitoring Phase
Answers
B.
Accreditation Phase
B.
Accreditation Phase
Answers
C.
Preparation Phase
C.
Preparation Phase
Answers
D.
DITSCAP Phase
D.
DITSCAP Phase
Answers
Suggested answer: A

Question 172

Report
Export
Collapse

Which of the following processes is used to protect the data based on its secrecy, sensitivity, or confidentiality?

A.
Change Control
A.
Change Control
Answers
B.
Data Hiding
B.
Data Hiding
Answers
C.
Configuration Management
C.
Configuration Management
Answers
D.
Data Classification
D.
Data Classification
Answers
Suggested answer: D

Question 173

Report
Export
Collapse

Which of the following assessment methods is used to review, inspect, and analyze assessment objects?

A.
Testing
A.
Testing
Answers
B.
Examination
B.
Examination
Answers
C.
Interview
C.
Interview
Answers
D.
Debugging
D.
Debugging
Answers
Suggested answer: B

Question 174

Report
Export
Collapse

Which of the following documents is used to provide a standard approach to the assessment of NIST SP 800-53 security controls?

A.
NIST SP 800-37
A.
NIST SP 800-37
Answers
B.
NIST SP 800-41
B.
NIST SP 800-41
Answers
C.
NIST SP 800-53A
C.
NIST SP 800-53A
Answers
D.
NIST SP 800-66
D.
NIST SP 800-66
Answers
Suggested answer: C

Question 175

Report
Export
Collapse

What is the objective of the Security Accreditation Decision task?

A.
To determine whether the agency-level risk is acceptable or not.
A.
To determine whether the agency-level risk is acceptable or not.
Answers
B.
To make an accreditation decision
B.
To make an accreditation decision
Answers
C.
To accredit the information system
C.
To accredit the information system
Answers
D.
To approve revisions of NIACAP
D.
To approve revisions of NIACAP
Answers
Suggested answer: A

Question 176

Report
Export
Collapse

You are the project manager for your organization. You are working with your key stakeholders in the qualitative risk analysis process. You understand that there is certain bias towards the risk events in the project that you need to address, manage, and ideally reduce. What solution does the PMBOK recommend to reduce the influence of bias during qualitative risk analysis?

A.
Establish the definitions of the levels of probability and impact
A.
Establish the definitions of the levels of probability and impact
Answers
B.
Isolate the stakeholders by project phases to determine their risk bias
B.
Isolate the stakeholders by project phases to determine their risk bias
Answers
C.
Involve all stakeholders to vote on the probability and impact of the risk events
C.
Involve all stakeholders to vote on the probability and impact of the risk events
Answers
D.
Provide iterations of risk analysis for true reflection of a risk probability and impact
D.
Provide iterations of risk analysis for true reflection of a risk probability and impact
Answers
Suggested answer: A

Question 177

Report
Export
Collapse

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards? Each correct answer represents a complete solution.

Choose all that apply.

A.
Human resources security
A.
Human resources security
Answers
B.
Organization of information security
B.
Organization of information security
Answers
C.
Risk assessment and treatment
C.
Risk assessment and treatment
Answers
D.
AU audit and accountability
D.
AU audit and accountability
Answers
Suggested answer: A, B, C

Question 178

Report
Export
Collapse

Beth is the project manager of the BFG Project for her company. In this project Beth has decided to create a contingency response based on the performance of the project schedule. If the project schedule variance is greater than $10,000 the contingency plan will be implemented. What is the formula for the schedule variance?

A.
SV=EV-PV
A.
SV=EV-PV
Answers
B.
SV=EV/AC
B.
SV=EV/AC
Answers
C.
SV=PV-EV
C.
SV=PV-EV
Answers
D.
SV=EV/PV
D.
SV=EV/PV
Answers
Suggested answer: A

Question 179

Report
Export
Collapse

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

A.
Risk management plan
A.
Risk management plan
Answers
B.
Stakeholder management strategy
B.
Stakeholder management strategy
Answers
C.
Risk register
C.
Risk register
Answers
D.
Lessons learned documentation
D.
Lessons learned documentation
Answers
Suggested answer: C

Question 180

Report
Export
Collapse

Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

A.
IFB
A.
IFB
Answers
B.
RFI
B.
RFI
Answers
C.
RFQ
C.
RFQ
Answers
D.
RFP
D.
RFP
Answers
Suggested answer: B
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms