ExamGecko
Login
Home / ISC / CAP / List of questions
Ask Question

ISC CAP Practice Test - Questions Answers, Page 3

Add to Whishlist

List of questions

Question 21

Report Export Collapse

Where can a project manager find risk-rating rules?

Risk probability and impact matrix
Risk probability and impact matrix
Organizational process assets
Organizational process assets
Enterprise environmental factors
Enterprise environmental factors
Risk management plan
Risk management plan
Suggested answer: B
asked 18/09/2024
Priyantha Perea
48 questions

Question 22

Report Export Collapse

There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to the perform quantitative risk analysis process?

Risk register
Risk register
Cost management plan
Cost management plan
Risk management plan
Risk management plan
Enterprise environmental factors
Enterprise environmental factors
Suggested answer: D
asked 18/09/2024
cheitram patel
39 questions

Question 23

Report Export Collapse

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

Risk response plan
Risk response plan
Quantitative analysis
Quantitative analysis
Risk response
Risk response
Contingency reserve
Contingency reserve
Suggested answer: D
asked 18/09/2024
JAVIER MARDOMINGO SALAZAR
36 questions

Question 24

Report Export Collapse

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

Authorizing Official
Authorizing Official
Chief Risk Officer (CRO)
Chief Risk Officer (CRO)
Chief Information Officer (CIO)
Chief Information Officer (CIO)
Information system owner
Information system owner
Suggested answer: D
asked 18/09/2024
Gianmarco Salvaticchio
32 questions

Question 25

Report Export Collapse

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

Quantitative risk analysis
Quantitative risk analysis
Qualitative risk analysis
Qualitative risk analysis
Requested changes
Requested changes
Risk audits
Risk audits
Suggested answer: C
asked 18/09/2024
Nickolas Abbas
56 questions

Question 26

Report Export Collapse

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

DoDD 8000.1
DoDD 8000.1
DoD 7950.1-M
DoD 7950.1-M
DoD 5200.22-M
DoD 5200.22-M
DoD 8910.1
DoD 8910.1
DoD 5200.1-R
DoD 5200.1-R
Suggested answer: B
asked 18/09/2024
Mark Arnold Santos
49 questions

Question 27

Report Export Collapse

The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning.

Which of the following processes take place in phase 3?

Each correct answer represents a complete solution. Choose all that apply.

Identify threats, vulnerabilities, and controls that will be evaluated.
Identify threats, vulnerabilities, and controls that will be evaluated.
Document and implement a mitigation plan.
Document and implement a mitigation plan.
Agree on a strategy to mitigate risks.
Agree on a strategy to mitigate risks.
Evaluate mitigation progress and plan next assessment.
Evaluate mitigation progress and plan next assessment.
Suggested answer: B, C, D
asked 18/09/2024
Liaqat Bashir
41 questions

Question 28

Report Export Collapse

Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the information from the past project to help him and the project team to identify the risks that may be present in the project. Management agrees that this checklist approach is ideal and will save time in the project. Which of the following statement is most accurate about the limitations of the checklist analysis approach for Gary?

The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
The checklist analysis approach only uses qualitative analysis.
The checklist analysis approach only uses qualitative analysis.
The checklist analysis approach saves time, but can cost more.
The checklist analysis approach saves time, but can cost more.
The checklist is also known as top down risk assessment
The checklist is also known as top down risk assessment
Suggested answer: A
asked 18/09/2024
lakshmi potla
37 questions

Question 29

Report Export Collapse

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process?

Each correct answer represents a complete solution. Choose all that apply.

Develop DIACAP strategy.
Develop DIACAP strategy.
Assign IA controls.
Assign IA controls.
Assemble DIACAP team.
Assemble DIACAP team.
Initiate IA implementation plan.
Initiate IA implementation plan.
Register system with DoD Component IA Program.
Register system with DoD Component IA Program.
Conduct validation activity.
Conduct validation activity.
Suggested answer: A, B, C, D, E
asked 18/09/2024
Djordje Novakovic
43 questions

Question 30

Report Export Collapse

Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk? Each correct answer represents a complete solution. Choose all that apply.

System interaction
System interaction
Human interaction
Human interaction
Equipment malfunction
Equipment malfunction
Inside and outside attacks
Inside and outside attacks
Social status
Social status
Physical damage
Physical damage
Suggested answer: B, C, D, E, F
asked 18/09/2024
Tillmon, Quinton
43 questions
Total 395 questions
Go to page: of 40
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.
Which of the following individuals makes the final accreditation decision?