ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?
Which of the following NIST documents includes components for penetration testing?

Question 21

Report
Export
Collapse

Where can a project manager find risk-rating rules?

A.
Risk probability and impact matrix
A.
Risk probability and impact matrix
Answers
B.
Organizational process assets
B.
Organizational process assets
Answers
C.
Enterprise environmental factors
C.
Enterprise environmental factors
Answers
D.
Risk management plan
D.
Risk management plan
Answers
Suggested answer: B

Question 22

Report
Export
Collapse

There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to the perform quantitative risk analysis process?

A.
Risk register
A.
Risk register
Answers
B.
Cost management plan
B.
Cost management plan
Answers
C.
Risk management plan
C.
Risk management plan
Answers
D.
Enterprise environmental factors
D.
Enterprise environmental factors
Answers
Suggested answer: D

Question 23

Report
Export
Collapse

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

A.
Risk response plan
A.
Risk response plan
Answers
B.
Quantitative analysis
B.
Quantitative analysis
Answers
C.
Risk response
C.
Risk response
Answers
D.
Contingency reserve
D.
Contingency reserve
Answers
Suggested answer: D

Question 24

Report
Export
Collapse

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

A.
Authorizing Official
A.
Authorizing Official
Answers
B.
Chief Risk Officer (CRO)
B.
Chief Risk Officer (CRO)
Answers
C.
Chief Information Officer (CIO)
C.
Chief Information Officer (CIO)
Answers
D.
Information system owner
D.
Information system owner
Answers
Suggested answer: D

Question 25

Report
Export
Collapse

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

A.
Quantitative risk analysis
A.
Quantitative risk analysis
Answers
B.
Qualitative risk analysis
B.
Qualitative risk analysis
Answers
C.
Requested changes
C.
Requested changes
Answers
D.
Risk audits
D.
Risk audits
Answers
Suggested answer: C

Question 26

Report
Export
Collapse

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

A.
DoDD 8000.1
A.
DoDD 8000.1
Answers
B.
DoD 7950.1-M
B.
DoD 7950.1-M
Answers
C.
DoD 5200.22-M
C.
DoD 5200.22-M
Answers
D.
DoD 8910.1
D.
DoD 8910.1
Answers
E.
DoD 5200.1-R
E.
DoD 5200.1-R
Answers
Suggested answer: B

Question 27

Report
Export
Collapse

The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning.

Which of the following processes take place in phase 3?

Each correct answer represents a complete solution. Choose all that apply.

A.
Identify threats, vulnerabilities, and controls that will be evaluated.
A.
Identify threats, vulnerabilities, and controls that will be evaluated.
Answers
B.
Document and implement a mitigation plan.
B.
Document and implement a mitigation plan.
Answers
C.
Agree on a strategy to mitigate risks.
C.
Agree on a strategy to mitigate risks.
Answers
D.
Evaluate mitigation progress and plan next assessment.
D.
Evaluate mitigation progress and plan next assessment.
Answers
Suggested answer: B, C, D

Question 28

Report
Export
Collapse

Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the information from the past project to help him and the project team to identify the risks that may be present in the project. Management agrees that this checklist approach is ideal and will save time in the project. Which of the following statement is most accurate about the limitations of the checklist analysis approach for Gary?

A.
The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
A.
The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
Answers
B.
The checklist analysis approach only uses qualitative analysis.
B.
The checklist analysis approach only uses qualitative analysis.
Answers
C.
The checklist analysis approach saves time, but can cost more.
C.
The checklist analysis approach saves time, but can cost more.
Answers
D.
The checklist is also known as top down risk assessment
D.
The checklist is also known as top down risk assessment
Answers
Suggested answer: A

Question 29

Report
Export
Collapse

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process?

Each correct answer represents a complete solution. Choose all that apply.

A.
Develop DIACAP strategy.
A.
Develop DIACAP strategy.
Answers
B.
Assign IA controls.
B.
Assign IA controls.
Answers
C.
Assemble DIACAP team.
C.
Assemble DIACAP team.
Answers
D.
Initiate IA implementation plan.
D.
Initiate IA implementation plan.
Answers
E.
Register system with DoD Component IA Program.
E.
Register system with DoD Component IA Program.
Answers
F.
Conduct validation activity.
F.
Conduct validation activity.
Answers
Suggested answer: A, B, C, D, E

Question 30

Report
Export
Collapse

Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk? Each correct answer represents a complete solution. Choose all that apply.

A.
System interaction
A.
System interaction
Answers
B.
Human interaction
B.
Human interaction
Answers
C.
Equipment malfunction
C.
Equipment malfunction
Answers
D.
Inside and outside attacks
D.
Inside and outside attacks
Answers
E.
Social status
E.
Social status
Answers
F.
Physical damage
F.
Physical damage
Answers
Suggested answer: B, C, D, E, F
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms