ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?
Which of the following NIST documents includes components for penetration testing?

Question 11

Report
Export
Collapse

Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a

DITSCAP assessment?

A.
Definition, Validation, Verification, and Post Accreditation
A.
Definition, Validation, Verification, and Post Accreditation
Answers
B.
Verification, Definition, Validation, and Post Accreditation
B.
Verification, Definition, Validation, and Post Accreditation
Answers
C.
Verification, Validation, Definition, and Post Accreditation
C.
Verification, Validation, Definition, and Post Accreditation
Answers
D.
Definition, Verification, Validation, and Post Accreditation
D.
Definition, Verification, Validation, and Post Accreditation
Answers
Suggested answer: D

Question 12

Report
Export
Collapse

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization

Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.

A.
Post-Authorization
A.
Post-Authorization
Answers
B.
Pre-certification
B.
Pre-certification
Answers
C.
Post-certification
C.
Post-certification
Answers
D.
Certification
D.
Certification
Answers
E.
Authorization
E.
Authorization
Answers
Suggested answer: A, B, D, E

Question 13

Report
Export
Collapse

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?

Each correct answer represents a complete solution. Choose two.

A.
Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
A.
Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
Answers
B.
Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
B.
Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
Answers
C.
Certification is the official management decision given by a senior agency official to authorize operation of an information system.
C.
Certification is the official management decision given by a senior agency official to authorize operation of an information system.
Answers
D.
Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
D.
Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
Answers
Suggested answer: A, D

Question 14

Report
Export
Collapse

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production?

Each correct answer represents a part of the solution. Choose all that apply.

A.
NIST
A.
NIST
Answers
B.
FIPS
B.
FIPS
Answers
C.
FISMA
C.
FISMA
Answers
D.
Office of Management and Budget (OMB)
D.
Office of Management and Budget (OMB)
Answers
Suggested answer: C, D

Question 15

Report
Export
Collapse

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation?

Each correct answer represents a complete solution. Choose all that apply.

A.
Secure accreditation
A.
Secure accreditation
Answers
B.
Type accreditation
B.
Type accreditation
Answers
C.
System accreditation
C.
System accreditation
Answers
D.
Site accreditation
D.
Site accreditation
Answers
Suggested answer: B, C, D

Question 16

Report
Export
Collapse

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD? Each correct answer represents a complete solution. Choose all that apply.

A.
VI Vulnerability and Incident Management
A.
VI Vulnerability and Incident Management
Answers
B.
DC Security Design & Configuration
B.
DC Security Design & Configuration
Answers
C.
EC Enclave and Computing Environment
C.
EC Enclave and Computing Environment
Answers
D.
Information systems acquisition, development, and maintenance
D.
Information systems acquisition, development, and maintenance
Answers
Suggested answer: A, B, C

Question 17

Report
Export
Collapse

DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.

A.
Validation
A.
Validation
Answers
B.
Re-Accreditation
B.
Re-Accreditation
Answers
C.
Verification
C.
Verification
Answers
D.
System Definition
D.
System Definition
Answers
E.
Identification
E.
Identification
Answers
F.
Accreditation
F.
Accreditation
Answers
Suggested answer: A, B, C, D

Question 18

Report
Export
Collapse

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management?

A.
Lanham Act
A.
Lanham Act
Answers
B.
ISG
B.
ISG
Answers
C.
Clinger-Cohen Act
C.
Clinger-Cohen Act
Answers
D.
Computer Misuse Act
D.
Computer Misuse Act
Answers
Suggested answer: B

Question 19

Report
Export
Collapse

Ben is the project manager of the YHT Project for his company. Alice, one of his team members, is confused about when project risks will happen in the project.

Which one of the following statements is the most accurate about when project risk happens?

A.
Project risk can happen at any moment.
A.
Project risk can happen at any moment.
Answers
B.
Project risk is uncertain, so no one can predict when the event will happen.
B.
Project risk is uncertain, so no one can predict when the event will happen.
Answers
C.
Project risk happens throughout the project execution.
C.
Project risk happens throughout the project execution.
Answers
D.
Project risk is always in the future.
D.
Project risk is always in the future.
Answers
Suggested answer: D

Question 20

Report
Export
Collapse

You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming year. Management has asked you to identify the risk events and communicate the event's probability and impact as early as possible in the project. Management wants to avoid risk events and needs to analyze the cost-benefits of each risk event in this project. What term is assigned to the low-level of stakeholder tolerance in this project?

A.
Risk avoidance
A.
Risk avoidance
Answers
B.
Mitigation-ready project management
B.
Mitigation-ready project management
Answers
C.
Risk utility function
C.
Risk utility function
Answers
D.
Risk-reward mentality
D.
Risk-reward mentality
Answers
Suggested answer: C
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms