ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 27

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Question 261

Report
Export
Collapse

Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created?

A.
The level of detail is set by historical information.
A.
The level of detail is set by historical information.
Answers
B.
The level of detail must define exactly the risk response for each identified risk.
B.
The level of detail must define exactly the risk response for each identified risk.
Answers
C.
The level of detail is set of project risk governance.
C.
The level of detail is set of project risk governance.
Answers
D.
The level of detail should correspond with the priority ranking
D.
The level of detail should correspond with the priority ranking
Answers
Suggested answer: D

Question 262

Report
Export
Collapse

David is the project manager of HGF project for his company. David, the project team, and several key stakeholders have completed risk identification and are ready to move into qualitative risk analysis. Tracy, a project team member, does not understand why they need to complete qualitative risk analysis. Which one of the following is the best explanation for completing qualitative risk analysis?

A.
It is a rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.
A.
It is a rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.
Answers
B.
It is a cost-effective means of establishing probability and impact for the project risks.
B.
It is a cost-effective means of establishing probability and impact for the project risks.
Answers
C.
Qualitative risk analysis helps segment the project risks, create a risk breakdown structure, and create fast and accurate risk responses.
C.
Qualitative risk analysis helps segment the project risks, create a risk breakdown structure, and create fast and accurate risk responses.
Answers
D.
D.
Answers
Suggested answer: A

Explanation:

A. It is a rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.

B. It is a cost-effective means of establishing probability and impact for the project risks.

C. Qualitative risk analysis helps segment the project risks, create a risk breakdown structure, and create fast and accurate risk responses.

D. All risks must pass through quantitative risk analysis before qualitative risk analysis.

Answer: A

Explanation:

Question 263

Report
Export
Collapse

The Identify Risk process determines the risks that affect the project and document their characteristics. Why should the project team members be involved in the Identify Risk process?

A.
They are the individuals that will have the best responses for identified risks events within the project.
A.
They are the individuals that will have the best responses for identified risks events within the project.
Answers
B.
They are the individuals that are most affected by the risk events.
B.
They are the individuals that are most affected by the risk events.
Answers
C.
They are the individuals that will need a sense of ownership and responsibility for the risk e vents.
C.
They are the individuals that will need a sense of ownership and responsibility for the risk e vents.
Answers
D.
They are the individuals that will most likely cause and respond to the risk events.
D.
They are the individuals that will most likely cause and respond to the risk events.
Answers
Suggested answer: C

Question 264

Report
Export
Collapse

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

A.
NIST SP 800-53A
A.
NIST SP 800-53A
Answers
B.
NIST SP 800-26
B.
NIST SP 800-26
Answers
C.
NIST SP 800-53
C.
NIST SP 800-53
Answers
D.
NIST SP 800-59
D.
NIST SP 800-59
Answers
E.
NIST SP 800-60
E.
NIST SP 800-60
Answers
F.
NIST SP 800-37
F.
NIST SP 800-37
Answers
Suggested answer: B

Question 265

Report
Export
Collapse

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

A.
Business continuity plan
A.
Business continuity plan
Answers
B.
Continuity of Operations Plan
B.
Continuity of Operations Plan
Answers
C.
Disaster recovery plan
C.
Disaster recovery plan
Answers
D.
Contingency plan
D.
Contingency plan
Answers
Suggested answer: D

Question 266

Report
Export
Collapse

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

A.
Network security policy
A.
Network security policy
Answers
B.
User password policy
B.
User password policy
Answers
C.
Backup policy
C.
Backup policy
Answers
D.
Privacy policy
D.
Privacy policy
Answers
Suggested answer: D

Question 267

Report
Export
Collapse

You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes?

A.
Acceptance
A.
Acceptance
Answers
B.
Mitigation
B.
Mitigation
Answers
C.
Exploiting
C.
Exploiting
Answers
D.
Sharing
D.
Sharing
Answers
Suggested answer: D

Question 268

Report
Export
Collapse

ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799. What are the ISO 17799 domains?

Each correct answer represents a complete solution. Choose all that apply.

A.
Information security policy for the organization
A.
Information security policy for the organization
Answers
B.
System architecture management
B.
System architecture management
Answers
C.
Business continuity management
C.
Business continuity management
Answers
D.
System development and maintenance
D.
System development and maintenance
Answers
E.
Personnel security
E.
Personnel security
Answers
Suggested answer: A, C, D, E

Question 269

Report
Export
Collapse

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems.

Which of the following FITSAF levels shows that the procedures and controls have been implemented?

A.
Level 2
A.
Level 2
Answers
B.
Level 5
B.
Level 5
Answers
C.
Level 4
C.
Level 4
Answers
D.
Level 1
D.
Level 1
Answers
E.
Level 3
E.
Level 3
Answers
Suggested answer: E

Question 270

Report
Export
Collapse

Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

A.
Harry is correct, because the risk probability and impact considers all objectives of the proj ect.
A.
Harry is correct, because the risk probability and impact considers all objectives of the proj ect.
Answers
B.
Harry is correct, the risk probability and impact matrix is the only approach to risk assessm ent.
B.
Harry is correct, the risk probability and impact matrix is the only approach to risk assessm ent.
Answers
C.
Sammy is correct, because she is the project manager.
C.
Sammy is correct, because she is the project manager.
Answers
D.
Sammy is correct, because organizations can create risk scores for each objective of the pr oject.
D.
Sammy is correct, because organizations can create risk scores for each objective of the pr oject.
Answers
Suggested answer: D
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms