ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 23

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Question 221

Report
Export
Collapse

Which of the following are the types of access controls?

Each correct answer represents a complete solution. Choose three.

A.
Administrative
A.
Administrative
Answers
B.
Automatic
B.
Automatic
Answers
C.
Technical
C.
Technical
Answers
D.
Physical
D.
Physical
Answers
Suggested answer: A, C, D

Question 222

Report
Export
Collapse

You are the project manager of the NNQ Project for your company and are working you're your project team to define contingency plans for the risks within your project. Mary, one of your project team members, asks what a contingency plan is. Which of the following statements best defines what a contingency response is?

A.
Some responses are designed for use only if certain events occur.
A.
Some responses are designed for use only if certain events occur.
Answers
B.
Some responses have a cost and a time factor to consider for each risk event.
B.
Some responses have a cost and a time factor to consider for each risk event.
Answers
C.
Some responses must counteract pending risk events.
C.
Some responses must counteract pending risk events.
Answers
D.
Quantified risks should always have contingency responses.
D.
Quantified risks should always have contingency responses.
Answers
Suggested answer: A

Question 223

Report
Export
Collapse

Who is responsible for the stakeholder expectations management in a high-profile, high-risk project?

A.
Project management office
A.
Project management office
Answers
B.
Project sponsor
B.
Project sponsor
Answers
C.
Project risk assessment officer
C.
Project risk assessment officer
Answers
D.
Project manager
D.
Project manager
Answers
Suggested answer: D

Question 224

Report
Export
Collapse

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production?

Each correct answer represents a part of the solution. Choose all that apply.

A.
NIST
A.
NIST
Answers
B.
FIPS
B.
FIPS
Answers
C.
Office of Management and Budget (OMB)
C.
Office of Management and Budget (OMB)
Answers
D.
FISMA
D.
FISMA
Answers
Suggested answer: C, D

Question 225

Report
Export
Collapse

Which of the following refers to a process that is used for implementing information security?

A.
Certification and Accreditation (C&A)
A.
Certification and Accreditation (C&A)
Answers
B.
Information Assurance (IA)
B.
Information Assurance (IA)
Answers
C.
Five Pillars model
C.
Five Pillars model
Answers
D.
Classic information security model
D.
Classic information security model
Answers
Suggested answer: A

Question 226

Report
Export
Collapse

What project management plan is most likely to direct the quantitative risk analysis process for a project in a matrix environment?

A.
Staffing management plan
A.
Staffing management plan
Answers
B.
Risk analysis plan
B.
Risk analysis plan
Answers
C.
Human resource management plan
C.
Human resource management plan
Answers
D.
Risk management plan
D.
Risk management plan
Answers
Suggested answer: D

Question 227

Report
Export
Collapse

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

A.
Corrective action
A.
Corrective action
Answers
B.
Technical performance measurement
B.
Technical performance measurement
Answers
C.
Risk audit
C.
Risk audit
Answers
D.
Earned value management
D.
Earned value management
Answers
Suggested answer: A

Question 228

Report
Export
Collapse

Which of the following documents is described in the statement below?

"It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

A.
Project charter
A.
Project charter
Answers
B.
Risk management plan
B.
Risk management plan
Answers
C.
Risk register
C.
Risk register
Answers
D.
Quality management plan
D.
Quality management plan
Answers
Suggested answer: C

Question 229

Report
Export
Collapse

Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project documents including the plans, assumptions lists, project files, and contracts. What key thing will help Joan to discover risks within the review of the project documents?

A.
The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursue.
A.
The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursue.
Answers
B.
Plans that have loose definitions of terms and disconnected approaches will reveal risks.
B.
Plans that have loose definitions of terms and disconnected approaches will reveal risks.
Answers
C.
Poorly written requirements will reveal inconsistencies in the project plans and documents.
C.
Poorly written requirements will reveal inconsistencies in the project plans and documents.
Answers
D.
Lack of consistency between the plans and the project requirements and assumptions can be the indicators of risk in the project.
D.
Lack of consistency between the plans and the project requirements and assumptions can be the indicators of risk in the project.
Answers
Suggested answer: D

Question 230

Report
Export
Collapse

Which of the following statements about the availability concept of Information security management is true?

A.
It ensures that modifications are not made to data by unauthorized personnel or processes .
A.
It ensures that modifications are not made to data by unauthorized personnel or processes .
Answers
B.
It ensures reliable and timely access to resources.
B.
It ensures reliable and timely access to resources.
Answers
C.
It determines actions and behaviors of a single individual within a system.
C.
It determines actions and behaviors of a single individual within a system.
Answers
D.
It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
D.
It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
Answers
Suggested answer: B
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms