ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 38

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

Question 371

Report
Export
Collapse

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

A.
DoD 5200.22-M
A.
DoD 5200.22-M
Answers
B.
DoD 5200.1-R
B.
DoD 5200.1-R
Answers
C.
DoD 8910.1
C.
DoD 8910.1
Answers
D.
DoDD 8000.1
D.
DoDD 8000.1
Answers
E.
DoD 7950.1-M
E.
DoD 7950.1-M
Answers
Suggested answer: E

Question 372

Report
Export
Collapse

Management wants you to create a visual diagram of what resources will be utilized in the project deliverables. What type of a chart is management asking you to create?

A.
Work breakdown structure
A.
Work breakdown structure
Answers
B.
Roles and responsibility matrix
B.
Roles and responsibility matrix
Answers
C.
Resource breakdown structure
C.
Resource breakdown structure
Answers
D.
RACI chart
D.
RACI chart
Answers
Suggested answer: C

Question 373

Report
Export
Collapse

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

A.
Authenticity
A.
Authenticity
Answers
B.
Integrity
B.
Integrity
Answers
C.
Availability
C.
Availability
Answers
D.
Confidentiality
D.
Confidentiality
Answers
Suggested answer: D

Question 374

Report
Export
Collapse

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

A.
No, the ZAS Corporation did not complete all of the work.
A.
No, the ZAS Corporation did not complete all of the work.
Answers
B.
Yes, the ZAS Corporation did not choose to terminate the contract work.
B.
Yes, the ZAS Corporation did not choose to terminate the contract work.
Answers
C.
It depends on what the outcome of a lawsuit will determine.
C.
It depends on what the outcome of a lawsuit will determine.
Answers
D.
It depends on what the termination clause of the contract stipulates
D.
It depends on what the termination clause of the contract stipulates
Answers
Suggested answer: D

Question 375

Report
Export
Collapse

In which type of access control do user ID and password system come under?

A.
Administrative
A.
Administrative
Answers
B.
Technical
B.
Technical
Answers
C.
Physical
C.
Physical
Answers
D.
Power
D.
Power
Answers
Suggested answer: B

Question 376

Report
Export
Collapse

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?

A.
Enhance
A.
Enhance
Answers
B.
Exploit
B.
Exploit
Answers
C.
Acceptance
C.
Acceptance
Answers
D.
Share
D.
Share
Answers
Suggested answer: C

Question 377

Report
Export
Collapse

Which of the following processes is described in the statement below?

"It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

A.
Perform Quantitative Risk Analysis
A.
Perform Quantitative Risk Analysis
Answers
B.
Monitor and Control Risks
B.
Monitor and Control Risks
Answers
C.
Perform Qualitative Risk Analysis
C.
Perform Qualitative Risk Analysis
Answers
D.
Identify Risks
D.
Identify Risks
Answers
Suggested answer: B

Question 378

Report
Export
Collapse

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

A.
Phase 3
A.
Phase 3
Answers
B.
Phase 2
B.
Phase 2
Answers
C.
Phase 4
C.
Phase 4
Answers
D.
Phase 1
D.
Phase 1
Answers
Suggested answer: A

Question 379

Report
Export
Collapse

Harry is a project manager of a software development project. In the early stages of planning, he and the stakeholders operated with the belief that the software they were developing would work with their organization's current computer operating system. Now that the project team has started developing the software it has become apparent that the software will not work with nearly half of the organization's computer operating systems. The incorrect belief Harry had in the software compatibility is an example of what in project management?

A.
Assumption
A.
Assumption
Answers
B.
Issue
B.
Issue
Answers
C.
Risk
C.
Risk
Answers
D.
Constraint
D.
Constraint
Answers
Suggested answer: A

Question 380

Report
Export
Collapse

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?

Each correct answer represents a complete solution. Choose all that apply.

A.
An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
A.
An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
Answers
B.
An ISSO takes part in the development activities that are required to implement system ch anges.
B.
An ISSO takes part in the development activities that are required to implement system ch anges.
Answers
C.
An ISSE provides advice on the continuous monitoring of the information system.
C.
An ISSE provides advice on the continuous monitoring of the information system.
Answers
D.
An ISSE provides advice on the impacts of system changes.
D.
An ISSE provides advice on the impacts of system changes.
Answers
E.
An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
E.
An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
Answers
Suggested answer: C, D, E
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms