ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

Question 51

Report
Export
Collapse

In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

A.
Phase 2
A.
Phase 2
Answers
B.
Phase 3
B.
Phase 3
Answers
C.
Phase 1
C.
Phase 1
Answers
D.
Phase 4
D.
Phase 4
Answers
Suggested answer: B

Question 52

Report
Export
Collapse

You are the project manager of the NHH project for your company. You have completed the first round of risk management planning and have created four outputs of the risk response planning process. Which one of the following is NOT an output of the risk response planning?

A.
Risk-related contract decisions
A.
Risk-related contract decisions
Answers
B.
Project document updates
B.
Project document updates
Answers
C.
Risk register updates
C.
Risk register updates
Answers
D.
Organizational process assets updates
D.
Organizational process assets updates
Answers
Suggested answer: D

Question 53

Report
Export
Collapse

Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing. Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?

A.
Configuration management system
A.
Configuration management system
Answers
B.
Change log
B.
Change log
Answers
C.
Scope change control system
C.
Scope change control system
Answers
D.
Integrated change control
D.
Integrated change control
Answers
Suggested answer: D

Question 54

Report
Export
Collapse

Which of the following assessment methodologies defines a six-step technical security evaluation?

A.
OCTAVE
A.
OCTAVE
Answers
B.
FITSAF
B.
FITSAF
Answers
C.
DITSCAP
C.
DITSCAP
Answers
D.
FIPS 102
D.
FIPS 102
Answers
Suggested answer: D

Question 55

Report
Export
Collapse

You are the project manager of the NNH Project. In this project you have created a contingency response that the schedule performance index should be less than 0.93. The NHH Project has a budget at completion of $945,000 and is 45 percent complete though the project should be 49 percent complete. The project has spent $455,897 to reach the 45 percent complete milestone. What is the project's schedule performance index?

A.
1.06
A.
1.06
Answers
B.
0.92
B.
0.92
Answers
C.
-$37,800
C.
-$37,800
Answers
D.
0.93
D.
0.93
Answers
Suggested answer: B

Question 56

Report
Export
Collapse

A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

A.
Security law
A.
Security law
Answers
B.
Privacy law
B.
Privacy law
Answers
C.
Copyright law
C.
Copyright law
Answers
D.
Trademark law
D.
Trademark law
Answers
Suggested answer: B

Question 57

Report
Export
Collapse

Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology?

A.
Computer Misuse Act
A.
Computer Misuse Act
Answers
B.
Lanham Act
B.
Lanham Act
Answers
C.
Clinger-Cohen Act
C.
Clinger-Cohen Act
Answers
D.
Paperwork Reduction Act
D.
Paperwork Reduction Act
Answers
Suggested answer: C

Question 58

Report
Export
Collapse

Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis process when Mary, the project sponsor, wants to know what quantitative risk analysis will review. Which of the following statements best defines what quantitative risk analysis will review?

A.
The quantitative risk analysis seeks to determine the true cost of each identified risk event and the probability of each risk event to determine the risk exposure.
A.
The quantitative risk analysis seeks to determine the true cost of each identified risk event and the probability of each risk event to determine the risk exposure.
Answers
B.
The quantitative risk analysis process will review risk events for their probability and impact on the project objectives.
B.
The quantitative risk analysis process will review risk events for their probability and impact on the project objectives.
Answers
C.
The quantitative risk analysis reviews the results of risk identification and prepares the project for risk response management.
C.
The quantitative risk analysis reviews the results of risk identification and prepares the project for risk response management.
Answers
D.
The quantitative risk analysis process will analyze the effect of risk events that may substantially impact the project's competing demands.
D.
The quantitative risk analysis process will analyze the effect of risk events that may substantially impact the project's competing demands.
Answers
Suggested answer: D

Question 59

Report
Export
Collapse

Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media?

A.
RTM
A.
RTM
Answers
B.
CRO
B.
CRO
Answers
C.
DAA
C.
DAA
Answers
D.
ATM
D.
ATM
Answers
Suggested answer: A

Question 60

Report
Export
Collapse

Amy is the project manager for her company. In her current project the organization has a very low tolerance for risk events that will affect the project schedule.

Management has asked Amy to consider the affect of all the risks on the project schedule. What approach can Amy take to create a bias against risks that will affect the schedule of the project?

A.
She can have the project team pad their time estimates to alleviate delays in the project schedule.
A.
She can have the project team pad their time estimates to alleviate delays in the project schedule.
Answers
B.
She can create an overall project rating scheme to reflect the bias towards risks that affect the project schedule.
B.
She can create an overall project rating scheme to reflect the bias towards risks that affect the project schedule.
Answers
C.
She can filter all risks based on their affect on schedule versus other project objectives.
C.
She can filter all risks based on their affect on schedule versus other project objectives.
Answers
D.
She can shift risk-laden activities that affect the project schedule from the critical path as much as possible.
D.
She can shift risk-laden activities that affect the project schedule from the critical path as much as possible.
Answers
Suggested answer: B
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms