ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 37

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

Question 361

Report
Export
Collapse

Which of the following relations correctly describes total risk?

A.
Total Risk = Threats x Vulnerability x Asset Value
A.
Total Risk = Threats x Vulnerability x Asset Value
Answers
B.
Total Risk = Viruses x Vulnerability x Asset Value
B.
Total Risk = Viruses x Vulnerability x Asset Value
Answers
C.
Total Risk = Threats x Exploit x Asset Value
C.
Total Risk = Threats x Exploit x Asset Value
Answers
D.
Total Risk = Viruses x Exploit x Asset Value
D.
Total Risk = Viruses x Exploit x Asset Value
Answers
Suggested answer: A

Question 362

Report
Export
Collapse

Which of the following individuals is responsible for the final accreditation decision?

A.
Certification Agent
A.
Certification Agent
Answers
B.
User Representative
B.
User Representative
Answers
C.
Information System Owner
C.
Information System Owner
Answers
D.
Risk Executive
D.
Risk Executive
Answers
Suggested answer: C

Question 363

Report
Export
Collapse

Which of the following individuals makes the final accreditation decision?

A.
DAA
A.
DAA
Answers
B.
ISSO
B.
ISSO
Answers
C.
CIO
C.
CIO
Answers
D.
CISO
D.
CISO
Answers
Suggested answer: A

Question 364

Report
Export
Collapse

A ________ points to a statement in a policy or procedure that helps determine a course of action.

A.
Comment
A.
Comment
Answers
B.
Guideline
B.
Guideline
Answers
C.
Procedure
C.
Procedure
Answers
D.
Baseline
D.
Baseline
Answers
Suggested answer: B

Question 365

Report
Export
Collapse

For which of the following reporting requirements are continuous monitoring documentation reports used?

A.
FISMA
A.
FISMA
Answers
B.
NIST
B.
NIST
Answers
C.
HIPAA
C.
HIPAA
Answers
D.
FBI
D.
FBI
Answers
Suggested answer: A

Question 366

Report
Export
Collapse

Which of the following are the types of assessment tests addressed in NIST SP 800-53A?

A.
Functional, penetration, validation
A.
Functional, penetration, validation
Answers
B.
Validation, evaluation, penetration
B.
Validation, evaluation, penetration
Answers
C.
Validation, penetration, evaluation
C.
Validation, penetration, evaluation
Answers
D.
Functional, structural, penetration
D.
Functional, structural, penetration
Answers
Suggested answer: D

Question 367

Report
Export
Collapse

Which of the following individuals is responsible for configuration management and control task?

A.
Common control provider
A.
Common control provider
Answers
B.
Information system owner
B.
Information system owner
Answers
C.
Authorizing official
C.
Authorizing official
Answers
D.
Chief information officer
D.
Chief information officer
Answers
Suggested answer: B

Question 368

Report
Export
Collapse

Which of the following documents is used to provide a standard approach to the assessment of NIST SP 800-53 security controls?

A.
NIST SP 800-53A
A.
NIST SP 800-53A
Answers
B.
NIST SP 800-66
B.
NIST SP 800-66
Answers
C.
NIST SP 800-41
C.
NIST SP 800-41
Answers
D.
NIST SP 800-37
D.
NIST SP 800-37
Answers
Suggested answer: A

Question 369

Report
Export
Collapse

Which of the following guidance documents is useful in determining the impact level of a particular threat on agency systems?

A.
NIST SP 800-41
A.
NIST SP 800-41
Answers
B.
NIST SP 800-37
B.
NIST SP 800-37
Answers
C.
FIPS 199
C.
FIPS 199
Answers
D.
NIST SP 800-14
D.
NIST SP 800-14
Answers
Suggested answer: C

Question 370

Report
Export
Collapse

Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost and schedule baselines. Why would the risk response planning cause Tom the need to update the cost and schedule baselines?

A.
New or omitted work as part of a risk response can cause changes to the cost and/or schedule baseline.
A.
New or omitted work as part of a risk response can cause changes to the cost and/or schedule baseline.
Answers
B.
Risk responses protect the time and investment of the project.
B.
Risk responses protect the time and investment of the project.
Answers
C.
Risk responses may take time and money to implement.
C.
Risk responses may take time and money to implement.
Answers
D.
Baselines should not be updated, but refined through versions.
D.
Baselines should not be updated, but refined through versions.
Answers
Suggested answer: A
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms