ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 29

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Question 281

Report
Export
Collapse

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.

What levels of potential impact are defined by FIPS 199?

Each correct answer represents a complete solution. Choose all that apply.

A.
Medium
A.
Medium
Answers
B.
High
B.
High
Answers
C.
Low
C.
Low
Answers
D.
Moderate
D.
Moderate
Answers
Suggested answer: A, B, C

Question 282

Report
Export
Collapse

Harry is a project manager of a software development project. In the early stages of planning, he and the stakeholders operated with the belief that the software they were developing would work with their organization's current computer operating system. Now that the project team has started developing the software it has become apparent that the software will not work with nearly half of the organization's computer operating systems. The incorrect belief Harry had in the software compatibility is an example of what in project management?

A.
Issue
A.
Issue
Answers
B.
Risk
B.
Risk
Answers
C.
Constraint
C.
Constraint
Answers
D.
Assumption
D.
Assumption
Answers
Suggested answer: D

Question 283

Report
Export
Collapse

Which of the following statements about Discretionary Access Control List (DACL) is true?

A.
It is a rule list containing access control entries.
A.
It is a rule list containing access control entries.
Answers
B.
It specifies whether an audit activity should be performed when an object attempts to access a resource.
B.
It specifies whether an audit activity should be performed when an object attempts to access a resource.
Answers
C.
It is a unique number that identifies a user, group, and computer account.
C.
It is a unique number that identifies a user, group, and computer account.
Answers
D.
It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
D.
It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
Answers
Suggested answer: D

Question 284

Report
Export
Collapse

Which types of project tends to have more well-understood risks?

A.
State-of-art technology projects
A.
State-of-art technology projects
Answers
B.
Recurrent projects
B.
Recurrent projects
Answers
C.
Operational work projects
C.
Operational work projects
Answers
D.
First-of-its kind technology projects
D.
First-of-its kind technology projects
Answers
Suggested answer: B

Question 285

Report
Export
Collapse

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?

Each correct answer represents a complete solution. Choose all that apply.

A.
An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
A.
An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
Answers
B.
An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
B.
An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
Answers
C.
An ISSE provides advice on the continuous monitoring of the information system.
C.
An ISSE provides advice on the continuous monitoring of the information system.
Answers
D.
An ISSO takes part in the development activities that are required to implement system ch anges.
D.
An ISSO takes part in the development activities that are required to implement system ch anges.
Answers
E.
An ISSE provides advice on the impacts of system changes.
E.
An ISSE provides advice on the impacts of system changes.
Answers
Suggested answer: A, C, E

Question 286

Report
Export
Collapse

Which of the following processes is described in the statement below?

"This is the process of numerically analyzing the effect of identified risks on overall project objectives."

A.
Identify Risks
A.
Identify Risks
Answers
B.
Perform Quantitative Risk Analysis
B.
Perform Quantitative Risk Analysis
Answers
C.
Perform Qualitative Risk Analysis
C.
Perform Qualitative Risk Analysis
Answers
D.
Monitor and Control Risks
D.
Monitor and Control Risks
Answers
Suggested answer: B

Question 287

Report
Export
Collapse

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer?

Each correct answer represents a complete solution. Choose all that apply.

A.
Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
A.
Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
Answers
B.
Preserving high-level communications and working group relationships in an organization
B.
Preserving high-level communications and working group relationships in an organization
Answers
C.
Establishing effective continuous monitoring program for the organization
C.
Establishing effective continuous monitoring program for the organization
Answers
D.
Facilitating the sharing of security risk-related information among authorizing officials
D.
Facilitating the sharing of security risk-related information among authorizing officials
Answers
Suggested answer: A, B, C

Question 288

Report
Export
Collapse

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

A.
It depends on what the outcome of a lawsuit will determine.
A.
It depends on what the outcome of a lawsuit will determine.
Answers
B.
No, the ZAS Corporation did not complete all of the work.
B.
No, the ZAS Corporation did not complete all of the work.
Answers
C.
It depends on what the termination clause of the contract stipulates.
C.
It depends on what the termination clause of the contract stipulates.
Answers
D.
Yes, the ZAS Corporation did not choose to terminate the contract work.
D.
Yes, the ZAS Corporation did not choose to terminate the contract work.
Answers
Suggested answer: C

Question 289

Report
Export
Collapse

Mark works as a project manager for TechSoft Inc. Mark, the project team, and the key project stakeholders have completed a round of qualitative risk analysis.

He needs to update the risk register with his findings so that he can communicate the risk results to the project stakeholders - including management. Mark will need to update all of the following information except for which one?

A.
Watchlist of low-priority risks
A.
Watchlist of low-priority risks
Answers
B.
Prioritized list of quantified risks
B.
Prioritized list of quantified risks
Answers
C.
Risks grouped by categories
C.
Risks grouped by categories
Answers
D.
Trends in qualitative risk analysis
D.
Trends in qualitative risk analysis
Answers
Suggested answer: B

Question 290

Report
Export
Collapse

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards? Each correct answer represents a complete solution. Choose all that apply.

A.
SA System and Services Acquisition
A.
SA System and Services Acquisition
Answers
B.
CA Certification, Accreditation, and Security Assessments
B.
CA Certification, Accreditation, and Security Assessments
Answers
C.
IR Incident Response
C.
IR Incident Response
Answers
D.
Information systems acquisition, development, and maintenance
D.
Information systems acquisition, development, and maintenance
Answers
Suggested answer: A, B, C
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms