ExamGecko
Search Search Login
Home Home / ISC / CAP

ISC CAP Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Which of the following NIST documents includes components for penetration testing?
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP? Each correct answer represents a complete solution. Choose all that apply.

Question 81

Report
Export
Collapse

You are the project manager for GHY Project and are working to create a risk response for a negative risk. You and the project team have identified the risk that the project may not complete on time, as required by the management, due to the creation of the user guide for the software you're creating. You have elected to hire an external writer in order to satisfy the requirements and to alleviate the risk event. What type of risk response have you elected to use in this instance?

A.
Sharing
A.
Sharing
Answers
B.
Avoidance
B.
Avoidance
Answers
C.
Transference
C.
Transference
Answers
D.
Exploiting
D.
Exploiting
Answers
Suggested answer: C

Question 82

Report
Export
Collapse

You are the project manager of the GHQ project for your company. You are working you're your project team to prepare for the qualitative risk analysis process.

Mary, a project team member, does not understand why you need to complete qualitative risks analysis. You explain to Mary that qualitative risks analysis helps you determine which risks needs additional analysis. There are also some other benefits that qualitative risks analysis can do for the project. Which one of the following is NOT an accomplishment of the qualitative risk analysis process?

A.
Cost of the risk impact if the risk event occurs
A.
Cost of the risk impact if the risk event occurs
Answers
B.
Corresponding impact on project objectives
B.
Corresponding impact on project objectives
Answers
C.
Time frame for a risk response
C.
Time frame for a risk response
Answers
D.
Prioritization of identified risk events based on probability and impact
D.
Prioritization of identified risk events based on probability and impact
Answers
Suggested answer: A

Question 83

Report
Export
Collapse

Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

A.
Discretionary Access Control
A.
Discretionary Access Control
Answers
B.
Mandatory Access Control
B.
Mandatory Access Control
Answers
C.
Policy Access Control
C.
Policy Access Control
Answers
D.
Role-Based Access Control
D.
Role-Based Access Control
Answers
Suggested answer: D

Question 84

Report
Export
Collapse

Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution.

Choose all that apply.

A.
Custodian
A.
Custodian
Answers
B.
User
B.
User
Answers
C.
Security auditor
C.
Security auditor
Answers
D.
Editor
D.
Editor
Answers
E.
Owner
E.
Owner
Answers
Suggested answer: A, B, C, E

Question 85

Report
Export
Collapse

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on nature. According to this criteria, which of the following controls consists of incident response processes, management oversight, security awareness, and training?

A.
Technical control
A.
Technical control
Answers
B.
Physical control
B.
Physical control
Answers
C.
Procedural control
C.
Procedural control
Answers
D.
Compliance control
D.
Compliance control
Answers
Suggested answer: C

Question 86

Report
Export
Collapse

An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official?

Each correct answer represents a complete solution. Choose all that apply.

A.
Establishing and implementing the organization's continuous monitoring program
A.
Establishing and implementing the organization's continuous monitoring program
Answers
B.
Determining the requirement of reauthorization and reauthorizing information systems when required
B.
Determining the requirement of reauthorization and reauthorizing information systems when required
Answers
C.
Reviewing security status reports and critical security documents
C.
Reviewing security status reports and critical security documents
Answers
D.
Ascertaining the security posture of the organization's information system
D.
Ascertaining the security posture of the organization's information system
Answers
Suggested answer: B, C, D

Question 87

Report
Export
Collapse

Jeff, a key stakeholder in your project, wants to know how the risk exposure for the risk events is calculated during quantitative risk analysis. He is worried about the risk exposure which is too low for the events surrounding his project requirements. How is the risk exposure calculated?

A.
The probability of a risk event plus the impact of a risk event determines the true risk expo sure.
A.
The probability of a risk event plus the impact of a risk event determines the true risk expo sure.
Answers
B.
The risk exposure of a risk event is determined by historical information.
B.
The risk exposure of a risk event is determined by historical information.
Answers
C.
The probability of a risk event times the impact of a risk event determines the true risk exposure.
C.
The probability of a risk event times the impact of a risk event determines the true risk exposure.
Answers
D.
The probability and impact of a risk event are gauged based on research and in-depth analysis.
D.
The probability and impact of a risk event are gauged based on research and in-depth analysis.
Answers
Suggested answer: C

Question 88

Report
Export
Collapse

You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. You will need all of the following as inputs to the qualitative risk analysis process except for which one?

A.
Risk management plan
A.
Risk management plan
Answers
B.
Risk register
B.
Risk register
Answers
C.
Stakeholder register
C.
Stakeholder register
Answers
D.
Project scope statement
D.
Project scope statement
Answers
Suggested answer: C

Question 89

Report
Export
Collapse

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

A.
Configuration Management System
A.
Configuration Management System
Answers
B.
Project Management Information System
B.
Project Management Information System
Answers
C.
Scope Verification
C.
Scope Verification
Answers
D.
Integrated Change Control
D.
Integrated Change Control
Answers
Suggested answer: A

Question 90

Report
Export
Collapse

A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?

A.
Add the identified risk to a quality control management control chart.
A.
Add the identified risk to a quality control management control chart.
Answers
B.
Add the identified risk to the risk register.
B.
Add the identified risk to the risk register.
Answers
C.
Add the identified risk to the issues log.
C.
Add the identified risk to the issues log.
Answers
D.
Add the identified risk to the low-level risk watchlist.
D.
Add the identified risk to the low-level risk watchlist.
Answers
Suggested answer: B
Total 395 questions
Go to page: of 40
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms