ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 28

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Question 271

Report
Export
Collapse

An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?

A.
Anonymous
A.
Anonymous
Answers
B.
Multi-factor
B.
Multi-factor
Answers
C.
Biometrics
C.
Biometrics
Answers
D.
Mutual
D.
Mutual
Answers
Suggested answer: B

Question 272

Report
Export
Collapse

Which of the following risk responses delineates that the project plan will not be changed to deal with the risk?

A.
Acceptance
A.
Acceptance
Answers
B.
Mitigation
B.
Mitigation
Answers
C.
Exploitation
C.
Exploitation
Answers
D.
Transference
D.
Transference
Answers
Suggested answer: A

Question 273

Report
Export
Collapse

Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution.

Choose all that apply.

A.
Protect society, the commonwealth, and the infrastructure.
A.
Protect society, the commonwealth, and the infrastructure.
Answers
B.
Act honorably, honestly, justly, responsibly, and legally.
B.
Act honorably, honestly, justly, responsibly, and legally.
Answers
C.
Provide diligent and competent service to principals.
C.
Provide diligent and competent service to principals.
Answers
D.
Give guidance for resolving good versus good and bad versus bad dilemmas.
D.
Give guidance for resolving good versus good and bad versus bad dilemmas.
Answers
Suggested answer: A, B, C

Question 274

Report
Export
Collapse

The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

A.
Perform certification evaluation of the integrated system
A.
Perform certification evaluation of the integrated system
Answers
B.
System development
B.
System development
Answers
C.
Certification and accreditation decision
C.
Certification and accreditation decision
Answers
D.
Develop recommendation to the DAA
D.
Develop recommendation to the DAA
Answers
E.
Continue to review and refine the SSAA
E.
Continue to review and refine the SSAA
Answers
Suggested answer: A, C, D, E

Question 275

Report
Export
Collapse

John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

A.
Risk Response Plan
A.
Risk Response Plan
Answers
B.
Risk Management Plan
B.
Risk Management Plan
Answers
C.
Project Management Plan
C.
Project Management Plan
Answers
D.
Communications Management Plan
D.
Communications Management Plan
Answers
Suggested answer: D

Question 276

Report
Export
Collapse

Your organization has named you the project manager of the JKN Project. This project has a BAC of $1,500,000 and it is expected to last 18 months.

Management has agreed that if the schedule baseline has a variance of more than five percent then you will need to crash the project. What happens when the project manager crashes a project?

A.
Project costs will increase.
A.
Project costs will increase.
Answers
B.
The amount of hours a resource can be used will diminish.
B.
The amount of hours a resource can be used will diminish.
Answers
C.
The project will take longer to complete, but risks will diminish.
C.
The project will take longer to complete, but risks will diminish.
Answers
D.
Project risks will increase.
D.
Project risks will increase.
Answers
Suggested answer: A

Question 277

Report
Export
Collapse

Which of the following individuals makes the final accreditation decision?

A.
ISSE
A.
ISSE
Answers
B.
DAA
B.
DAA
Answers
C.
CRO
C.
CRO
Answers
D.
ISSO
D.
ISSO
Answers
Suggested answer: B

Question 278

Report
Export
Collapse

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?

A.
DoD 8000.1
A.
DoD 8000.1
Answers
B.
DoD 5200.40
B.
DoD 5200.40
Answers
C.
DoD 5200.22-M
C.
DoD 5200.22-M
Answers
D.
DoD 8910.1
D.
DoD 8910.1
Answers
Suggested answer: B

Question 279

Report
Export
Collapse

Virginia is the project manager for her organization. She has hired a subject matter expert to interview the project stakeholders on certain identified risks within the project. The subject matter expert will assess the risk event with what specific goal in mind?

A.
To determine the bias of the risk event based on each person interviewed
A.
To determine the bias of the risk event based on each person interviewed
Answers
B.
To determine the probability and cost of the risk event
B.
To determine the probability and cost of the risk event
Answers
C.
To determine the validity of each risk event
C.
To determine the validity of each risk event
Answers
D.
To determine the level of probability and impact for each risk event
D.
To determine the level of probability and impact for each risk event
Answers
Suggested answer: D

Question 280

Report
Export
Collapse

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies?

Each correct answer represents a complete solution. Choose all that apply.

A.
Systematic
A.
Systematic
Answers
B.
Informative
B.
Informative
Answers
C.
Regulatory
C.
Regulatory
Answers
D.
Advisory
D.
Advisory
Answers
Suggested answer: B, C, D
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms