ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.

Question 311

Report
Export
Collapse

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?

A.
Adaptive controls
A.
Adaptive controls
Answers
B.
Preventive controls
B.
Preventive controls
Answers
C.
Detective controls
C.
Detective controls
Answers
D.
Corrective controls
D.
Corrective controls
Answers
Suggested answer: B

Question 312

Report
Export
Collapse

You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of lack of space, casting it is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following?

A.
Mitigation
A.
Mitigation
Answers
B.
Avoidance
B.
Avoidance
Answers
C.
Transference
C.
Transference
Answers
D.
Acceptance
D.
Acceptance
Answers
Suggested answer: C

Question 313

Report
Export
Collapse

Which of the following statements about the authentication concept of information security management is true?

A.
It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.
A.
It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.
Answers
B.
It ensures that modifications are not made to data by unauthorized personnel or processes .
B.
It ensures that modifications are not made to data by unauthorized personnel or processes .
Answers
C.
It establishes the users' identity and ensures that the users are who they say they are.
C.
It establishes the users' identity and ensures that the users are who they say they are.
Answers
D.
It ensures the reliable and timely access to resources.
D.
It ensures the reliable and timely access to resources.
Answers
Suggested answer: C

Question 314

Report
Export
Collapse

You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and high-level review of each identified risk event?

A.
Qualitative risk analysis
A.
Qualitative risk analysis
Answers
B.
Seven risk responses
B.
Seven risk responses
Answers
C.
Quantitative risk analysis
C.
Quantitative risk analysis
Answers
D.
A risk probability-impact matrix
D.
A risk probability-impact matrix
Answers
Suggested answer: A

Question 315

Report
Export
Collapse

NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?

A.
Substantial
A.
Substantial
Answers
B.
Significant
B.
Significant
Answers
C.
Abbreviated
C.
Abbreviated
Answers
D.
Comprehensive
D.
Comprehensive
Answers
Suggested answer: C

Question 316

Report
Export
Collapse

What are the responsibilities of a system owner?

Each correct answer represents a complete solution. Choose all that apply.

A.
Integrates security considerations into application and system purchasing decisions and development projects.
A.
Integrates security considerations into application and system purchasing decisions and development projects.
Answers
B.
Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.
B.
Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.
Answers
C.
Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
C.
Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
Answers
D.
Ensures that the necessary security controls are in place.
D.
Ensures that the necessary security controls are in place.
Answers
Suggested answer: A, B, C

Question 317

Report
Export
Collapse

During which of the following processes, probability and impact matrix is prepared?

A.
Plan Risk Responses
A.
Plan Risk Responses
Answers
B.
Perform Quantitative Risk Analysis
B.
Perform Quantitative Risk Analysis
Answers
C.
Perform Qualitative Risk Analysis
C.
Perform Qualitative Risk Analysis
Answers
D.
Monitoring and Control Risks
D.
Monitoring and Control Risks
Answers
Suggested answer: C

Question 318

Report
Export
Collapse

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?

Each correct answer represents a complete solution. Choose two.

A.
Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
A.
Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
Answers
B.
Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
B.
Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
Answers
C.
Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
C.
Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
Answers
D.
Certification is the official management decision given by a senior agency official to authorize operation of an information system.
D.
Certification is the official management decision given by a senior agency official to authorize operation of an information system.
Answers
Suggested answer: A, B

Question 319

Report
Export
Collapse

You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan?

A.
Fast tracking the project
A.
Fast tracking the project
Answers
B.
Teaming agreements
B.
Teaming agreements
Answers
C.
Transference
C.
Transference
Answers
D.
Crashing the project
D.
Crashing the project
Answers
Suggested answer: D

Question 320

Report
Export
Collapse

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

A.
Hackers
A.
Hackers
Answers
B.
Visitors
B.
Visitors
Answers
C.
Customers
C.
Customers
Answers
D.
Employees
D.
Employees
Answers
Suggested answer: D
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms