ExamGecko
Home / ISC / CAP / List of questions
Ask Question

ISC CAP Practice Test - Questions Answers, Page 5

List of questions

Question 41

Report
Export
Collapse

You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?

Information on prior, similar projects
Information on prior, similar projects
Review of vendor contracts to examine risks in past projects
Review of vendor contracts to examine risks in past projects
Risk databases that may be available from industry sources
Risk databases that may be available from industry sources
Studies of similar projects by risk specialists
Studies of similar projects by risk specialists
Suggested answer: B
asked 18/09/2024
Harri Jaakkonen
46 questions

Question 42

Report
Export
Collapse

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization

Process. What are the different phases of System Authorization Plan? Each correct answer represents a part of the solution. Choose all that apply.

Pre-certification
Pre-certification
Certification
Certification
Post-certification
Post-certification
Authorization
Authorization
Post-Authorization
Post-Authorization
Suggested answer: A, B, D, E
asked 18/09/2024
martin lopez
23 questions

Question 43

Report
Export
Collapse

A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

Avoidance
Avoidance
Mitigation
Mitigation
Exploit
Exploit
Transference
Transference
Suggested answer: D
asked 18/09/2024
Sergio Zozulenko
40 questions

Question 44

Report
Export
Collapse

Risks with low ratings of probability and impact are included on a ____ for future monitoring.

Watchlist
Watchlist
Risk alarm
Risk alarm
Observation list
Observation list
Risk register
Risk register
Suggested answer: A
asked 18/09/2024
Danilo Nogueira
37 questions

Question 45

Report
Export
Collapse

Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test? Each correct answer represents a complete solution. Choose all that apply.

Social engineering
Social engineering
File and directory permissions
File and directory permissions
Buffer overflows
Buffer overflows
Kernel flaws
Kernel flaws
Race conditions
Race conditions
Information system architectures
Information system architectures
Trojan horses
Trojan horses
Suggested answer: A, B, C, D, E, G
asked 18/09/2024
Amil Akhundzada
43 questions

Question 46

Report
Export
Collapse

Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document is Frank and the NHH Project team creating in this scenario?

Project management plan
Project management plan
Resource management plan
Resource management plan
Risk management plan
Risk management plan
Project plan
Project plan
Suggested answer: C
asked 18/09/2024
Mohamed Mohamed
48 questions

Question 47

Report
Export
Collapse

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

Full operational test
Full operational test
Walk-through test
Walk-through test
Penetration test
Penetration test
Paper test
Paper test
Suggested answer: C
asked 18/09/2024
Troy Borders
31 questions

Question 48

Report
Export
Collapse

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

Phase 4
Phase 4
Phase 3
Phase 3
Phase 2
Phase 2
Phase 1
Phase 1
Suggested answer: B
asked 18/09/2024
Aaron Ford Jr
46 questions

Question 49

Report
Export
Collapse

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

Safeguards
Safeguards
Preventive controls
Preventive controls
Detective controls
Detective controls
Corrective controls
Corrective controls
Suggested answer: D
asked 18/09/2024
Khalid Laghmami
26 questions

Question 50

Report
Export
Collapse

Which of the following roles is also known as the accreditor?

Chief Risk Officer
Chief Risk Officer
Data owner
Data owner
Designated Approving Authority
Designated Approving Authority
Chief Information Officer
Chief Information Officer
Suggested answer: C
asked 18/09/2024
Trang Anna
38 questions
Total 395 questions
Go to page: of 40
Search

Related questions