ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 24

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

Question 231

Report
Export
Collapse

Which of the following are the objectives of the security certification documentation task? Each correct answer represents a complete solution. Choose all that apply.

A.
To prepare the Plan of Action and Milestones (POAM) based on the security assessment
A.
To prepare the Plan of Action and Milestones (POAM) based on the security assessment
Answers
B.
To provide the certification findings and recommendations to the information system owner
B.
To provide the certification findings and recommendations to the information system owner
Answers
C.
To assemble the final security accreditation package and then submit it to the authorizing o fficial
C.
To assemble the final security accreditation package and then submit it to the authorizing o fficial
Answers
D.
To update the system security plan based on the results of the security assessment
D.
To update the system security plan based on the results of the security assessment
Answers
Suggested answer: A, B, C, D

Question 232

Report
Export
Collapse

Which of the following statements about System Access Control List (SACL) is true?

A.
It contains a list of any events that are set to audit for that particular object.
A.
It contains a list of any events that are set to audit for that particular object.
Answers
B.
It is a mechanism for reducing the need for globally unique IP addresses.
B.
It is a mechanism for reducing the need for globally unique IP addresses.
Answers
C.
It contains a list of both users and groups and whatever permissions they have.
C.
It contains a list of both users and groups and whatever permissions they have.
Answers
D.
It exists for each and every permission entry assigned to any object.
D.
It exists for each and every permission entry assigned to any object.
Answers
Suggested answer: A

Question 233

Report
Export
Collapse

Kelly is the project manager of the BHH project for her organization. She is completing the risk identification process for this portion of her project. Which one of the following is the only thing that the risk identification process will create for Kelly?

A.
Project document updates
A.
Project document updates
Answers
B.
Risk register updates
B.
Risk register updates
Answers
C.
Change requests
C.
Change requests
Answers
D.
Risk register
D.
Risk register
Answers
Suggested answer: D

Question 234

Report
Export
Collapse

You are the project manager for your organization. You are working with your project team to complete the qualitative risk analysis process. The first tool and technique you are using requires that you assess the probability and what other characteristic of each identified risk in the project?

A.
Risk owner
A.
Risk owner
Answers
B.
Risk category
B.
Risk category
Answers
C.
Impact
C.
Impact
Answers
D.
Cost
D.
Cost
Answers
Suggested answer: C

Question 235

Report
Export
Collapse

You are preparing to complete the quantitative risk analysis process with your project team and several subject matter experts. You gather the necessary inputs including the project's cost management plan. Why is it necessary to include the project's cost management plan in the preparation for the quantitative risk analysis process?

A.
The project's cost management plan can help you to determine what the total cost of the project is allowed to be.
A.
The project's cost management plan can help you to determine what the total cost of the project is allowed to be.
Answers
B.
The project's cost management plan provides direction on how costs may be changed due to identified risks.
B.
The project's cost management plan provides direction on how costs may be changed due to identified risks.
Answers
C.
The project's cost management plan provides control that may help determine the structure for quantitative analysis of the budget.
C.
The project's cost management plan provides control that may help determine the structure for quantitative analysis of the budget.
Answers
D.
The project's cost management plan is not an input to the quantitative risk analysis process .
D.
The project's cost management plan is not an input to the quantitative risk analysis process .
Answers
Suggested answer: C

Question 236

Report
Export
Collapse

What NIACAP certification levels are recommended by the certifier?

Each correct answer represents a complete solution. Choose all that apply.

A.
Minimum Analysis
A.
Minimum Analysis
Answers
B.
Basic System Review
B.
Basic System Review
Answers
C.
Detailed Analysis
C.
Detailed Analysis
Answers
D.
Maximum Analysis
D.
Maximum Analysis
Answers
E.
Comprehensive Analysis
E.
Comprehensive Analysis
Answers
F.
Basic Security Review
F.
Basic Security Review
Answers
Suggested answer: A, C, E, F

Question 237

Report
Export
Collapse

You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project which of the following are likely to increase?

A.
Quality control concerns
A.
Quality control concerns
Answers
B.
Costs
B.
Costs
Answers
C.
Risks
C.
Risks
Answers
D.
Human resource needs
D.
Human resource needs
Answers
Suggested answer: C

Question 238

Report
Export
Collapse

Information Security management is a process of defining the security controls in order to protect information assets. What are the security management responsibilities?

Each correct answer represents a complete solution. Choose all that apply.

A.
Evaluating business objectives, security risks, user productivity, and functionality requirem ents
A.
Evaluating business objectives, security risks, user productivity, and functionality requirem ents
Answers
B.
Determining actual goals that are expected to be accomplished from a security program
B.
Determining actual goals that are expected to be accomplished from a security program
Answers
C.
Defining steps to ensure that all the responsibilities are accounted for and properly address ed
C.
Defining steps to ensure that all the responsibilities are accounted for and properly address ed
Answers
D.
Determining objectives, scope, policies, priorities, standards, and strategies
D.
Determining objectives, scope, policies, priorities, standards, and strategies
Answers
Suggested answer: A, B, C, D

Question 239

Report
Export
Collapse

Which of the following are included in Technical Controls?

Each correct answer represents a complete solution. Choose all that apply.

A.
Implementing and maintaining access control mechanisms
A.
Implementing and maintaining access control mechanisms
Answers
B.
Password and resource management
B.
Password and resource management
Answers
C.
Configuration of the infrastructure
C.
Configuration of the infrastructure
Answers
D.
Identification and authentication methods
D.
Identification and authentication methods
Answers
E.
Conducting security-awareness training
E.
Conducting security-awareness training
Answers
F.
Security devices
F.
Security devices
Answers
Suggested answer: A, B, C, D, F

Question 240

Report
Export
Collapse

You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

A.
Acceptance
A.
Acceptance
Answers
B.
Mitigation
B.
Mitigation
Answers
C.
Sharing
C.
Sharing
Answers
D.
Transference
D.
Transference
Answers
Suggested answer: C
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms