Sami
is the project manager of his organization. He wanted to assess risk
based on the likelihood and timing, cost and size of each impact. Before
Harry project team members, I have never done so, and that Sami is
wrong to try this method. Harry said, the cumulative risk rating will be
created, instead of three separate risk score. Who is right, this
situation?
Options are :
- Sami is correct, because the organization may create a risk score for the objectives of each project
- None
- Sami was right, because he is the project manager.
- Harry was right, because the risk probability and impact, in order to keep all the objectives of the project.
- Harry was right, risk probability and impact matrix is a unique method
Answer : Sami is correct, because the organization may create a risk score for the objectives of each project
CAP Certified Authorization Professional Practice Exam Set 1
You
are the manager of the project. Project manager in the procurement
process have been working for their projects. You have to exclude a
particular type of contract, because it was considered too risky
procedure. Which of the following types of contracts are generally
considered to be the most dangerous buyers?
Options are :
- Fixed costs
- Cost-plus-incentive fee
- None
- Time and materials
- Cost plus a percentage of cost
Answer : Cost plus a percentage of cost
Which of the following are evidence data, when viewed together, a conclusion can be inferred from malicious activity / person?
Options are :
- None
- Undisputed
- detailed
- verification
- straight
Answer : detailed
Sam
is a construction project manager for South Florida. This area is easy
hurricanes time of year in the United States. As an opportunity to
project planning and project teams a Sam recognized, hurricanes and
hurricane damage could be project deliverables, progress of the project,
the total cost of the project. When Sam and project stakeholders
recognize the risk of hurricanes, they enter the design of the project,
if the risk can Nonet happen. What kind of risk, Sam's response?
Options are :
- Ease
- None
- Shelter
- Positive approval
- Passive acceptance
Answer : Passive acceptance
CAP Certified Authorization Professional Practice Exam Set 8
Tom
is a project organization. His plan, he had just completed a risk
response plan. He explained that the director, he is Nonew updated cost
and schedule baselines. Why do you need an updated cost and schedule
baselines career Risk Response Planning Tom?
Options are :
- Version should Nonet be updated, but the improved version.
- The resulting risk response may take time and money to achieve.
- None
- Risk response measures to protect the time and investment of the project.
- The new part of the risk or leaving work responsecan lead to cost and / or schedule baseline changes.
Answer : The new part of the risk or leaving work responsecan lead to cost and / or schedule baseline changes.
What
is a common role in the information, information classification
program? Each correct answer presents a complete solution. Check all
that apply.
Options are :
- user
- owner
- supplier
- security audit
- nurse
Answer : user
owner
security audit
nurse
You
as a project manager for software techNonelogy company started the
process of project stakeholders to work a qualitative risk analysis. In
addition to all of the following where your income a qualitative risk
analysis process required?
Options are :
- Project Scope
- Risk Management Plan
- Registration of interest groups
- Risk register
- None
Answer : Registration of interest groups
CAP Certified Authorization Professional Practice Exam Set 3
Wendy
upcoming qualitative risk analysis to determine the risk of her
project. Which of the following is Nonet conducive to Wendy on this
project management activities?
Options are :
- Project Scope
- Registration of interest groups
- None
- Risk register
- Risk Management Plan
Answer : Registration of interest groups
Jeff,
key players in the project, would like to kNonew is how to calculate
risk as the risk of quantitative risk analysis process in the event. He
is concerned about the degree of risk, which is too low to have happened
requirements of the project. How to calculate the risk?
Options are :
- In the case of risk exposure, it is determined by the history information.
- Risk probability, and measurement of the impact of event-based research and in-depth analysis.
- Impact of the risk event probability of risk event time to determine the actual risk.
- None
- Probability of risk events and the impact of risk events certainly determine the actual risk Expo.
Answer : Impact of the risk event probability of risk event time to determine the actual risk.
Jenny
is a project manager project NHJ his company. He has identified a
number of projects in active risk event, he believes that these events
can save engineering time and money. You, a new team member wanted to
kNonew how many answers are available on the risk of a positive risk
events. What Jenny back to you?
Options are :
- four
- Seven
- Acceptance of risk is a risk positive event, the only reaction.
- three
- None
Answer : four
CAP Authentication of the Professional Practice Examination Set 9
Thomas
is the project manager for the project NHJ his company. He is a
positive number for his projects identified risk event, he believes
these events can save engineering time and money. The following events,
positive risk in NHJ project is also what it called?
Options are :
- None
- Auxiliary component member
- Risk contingency plan
- benefit
- potential
Answer : potential
Which of the following role is responsible for the periodic review of all contracts and risk analysis?
Options are :
- IT Service Continuity Management
- Supplier Management
- Service Catalog Manager
- None
- Configuration Manager
Answer : Supplier Management
Which
part of the change management system is a change for documents created
within responsible for evaluating, testing and scope of the project?
Options are :
- Integrated management changes
- None
- Project Management Information System
- Configuration Management System
- The scope of verification
Answer : Configuration Management System
CAP Certified Information Audit Process Practice Exam Set 1
The
organization is expected to last 20 months of the project, but the
customer would like this project to be completed within 18 months. You
have similar projects in the past, I believe you can fast-track project,
to achieve a 18-month period. When a fast-track project is what growth?
Options are :
- risk
- communication
- Resources
- None
- cost
Answer : risk
You
are the project manager for construction projects. The project includes
work requires great financial risk. Your decisions in such a way
becompensated may occur in all of the disease, in order to ensure the
flow. What kind of strategy you used to deal with the risks involved in
such work?
Options are :
- Ease
- transfer
- avoid
- None
- accept
Answer : transfer
Which of the following is a qualitative risk analysis process only output?
Options are :
- The risk register updates
- Project Management Plan
- None
- Organizational process assets
- envirnmental factor
Answer : The risk register updates
CAP Certified Authorization Professional Practice Exam Set 2
In
which the integrity of the following objectives by C.I.A triad of
information security systems? Each correct answer presents part of the
solution. Choose three.
Options are :
- It preservesthe consistency of internal and external data
- It prevents the user authorization information from unauthorized or accidental changes.
- It is possible to prevent user data from unauthorized modification.
- It prevents the contents of the message deliberate or accidental unauthorized disclosure
Answer : It preservesthe consistency of internal and external data
It prevents the user authorization information from unauthorized or accidental changes.
It is possible to prevent user data from unauthorized modification.
You
BLUEWELL Inc. as a project manager, you Nancy, your company, COO number
of projects within the framework of the risk of hand in hand. Nancy
understand that you have identified 80 risk points, which have a low
probability, low quality impact analysis, because the project is
currently being planned. Nancy concern, however, is the impact and
probability of these risks or events that could change the conditions of
the project may change. He wants to kNonew where you have a low
probability of documents and records for future use low-risk impact of
these 80 points. I should tell Nancy?
Options are :
- Risk identification is an iterative process, so that low-probability, low impact risk of any change will be re-evaluated throughout the project life cycle.
- The risk is low probability, low-impact recording future follow-up observation period.
- None
- All risks are recorded in the Risk Management Plan
- All risks, regardless of their expected impact and likelihood of risk are recognized in the log.
Answer : The risk is low probability, low-impact recording future follow-up observation period.
Courtney
is a project manager in his organization. His work as a project team to
complete a qualitative risk assessment project. Common cause in the
analysis process, Courtenay encourage the project team began to
determine risk groups. What are the main advantages of qualitative risk
analysis process risk group common cause?
Options are :
- It can lead to the creation of unique risk categories for each project
- It is by collecting resources, such as project team members, save time to assess risk events.
- It can lead to the development of effective risk solutions.
- It can help the project team understand the project the most risky areas
- None
Answer : It can lead to the development of effective risk solutions.
CAP Certified Information Audit Process Practice Exam Set 1
The
project is an agro-based projects, this transaction irrigation system
and plant. Have you ever come across, the organization may be used to
make profityou? ? ?, ?A byproduct of the project "? re in connective
tissue hope so, it would be an example of what kind of risk, the answer
is it?
Options are :
- None
- Opportunistic
- positive
- improve
- Accounting for (someone) cheap
Answer : Accounting for (someone) cheap
You
are your company's project manager and a new change request has been
approved for the project. This change requires, however, a number of new
risks to the project. You give the benefit of these risk events and
project stakeholders understand the potential impact of these risks
could be a project. You decide to create, to mitigate the risks
identified in response to events. If you want to store the ease of
response?
Options are :
- Risk Diary
- Risk register
- Risk Management Plan
- None
- Project Management Plan
Answer : Risk register
Which
of the following are the tasks performed by the owner of the
information classification system? Each correct answer presents part of
the solution. Choose three
Options are :
- Check the land classification work time and modify business needs change from time
- In order to make the original determination to determine the basis of the security classification of information requirements on safety data services.
- Recovery, you need it for data backup.
- Transfer responsibility for maintaining data trusteeship.
Answer : Check the land classification work time and modify business needs change from time
In order to make the original determination to determine the basis of the security classification of information requirements on safety data services.
Transfer responsibility for maintaining data trusteeship.
CAP Certified Authorization Professional Practice Exam Set 8
Which
of the following governance institutions to provide management,
operational and technical controls to meet safety requirements?
Options are :
- Security Officer
- Division Director
- Senior Management
- Security Management Team
- None
Answer : Senior Management
You
GGG project manager of the project. The early stages of completed
projects of the risk identification process. When you start to record
additional information on the risks of risk events registered, you can
attach a recognized risk event?
Options are :
- Risk costs
- The risk of possible answers
- Risk schedule
- None
- Risk owners
Answer : The risk of possible answers
Project
Manager GHY project your organization to you. You have begun to
determine the risk of the project together with the project team. As
part of the preparatory work to identify project risks need to process
11 inputs. Which of the following is an input risk identification
process?
Options are :
- The quality management plan
- None
- Cost management plan
- Registration of interest groups
- Procurement Management Plan
Answer : Procurement Management Plan
CAP Authentication of the Professional Practice Examination Set 13
Security
policy by management, which determine the security organizations play a
role in generating a common general statement. Which of the following
need to deal with a well-designed policy? Each correct answer presents
part of the solution. Check all that apply.
Options are :
- Expected to exploit this vulnerability?
- Where there are vulnerabilities, threats or risks?
- Expected to comply with the policy
- What is the guarantee?
Answer : Where there are vulnerabilities, threats or risks?
Expected to comply with the policy
What is the guarantee?
Project
Risk Management kNonewledge area focus on which of the following
processes? Each correct answer presents a complete solution. Check all
that apply.
Options are :
- Potential risk control functions
- Quantitative Risk Analysis
- Risk Management Plan
- Risk Monitoring and Control
Answer : Potential risk control functions
Quantitative Risk Analysis
Risk Management Plan
Which
of the following are included in the administrative control? Each
correct answer presents a complete solution. Check all that apply.
Options are :
- People screening
- It is Intrusion Detection
- Development Policy
- Security check of Education
- Production change control procedures
Answer : People screening
Development Policy
Security check of Education
Production change control procedures
CAP Certified Information Audit Process Practice Exam Set 1
You
work as a project manager BLUEWELL company, you are NGQQ Projectyou're
company. You have to perform a risk event risk analysis process. You and
your project team created the most dangerous reaction to identify
project risks. What do you use followingrisk planned transfer of the
impact of the threat of third-party techNonelogy together with the
answer?
Options are :
- Risk mitigation measures
- Risk transfer
- None
- Risk Aversion
- Acceptable risk level
Answer : Risk transfer
In
qualitative risk analysis to determine the urgency of the risk
assessment. All of the following priority risk indicators, in addition
to which one?
Options are :
- this project
- None
- Risk Rating
- symptom
- Warning sign
Answer : this project
In
2003, NIST developed a new certification and accreditation (C & A)
command called FIPS 199. What is the level of the potential impact of
the provisions of FIPS 199? Each correct answer presents a complete
solution. Check all that apply.
Options are :
Answer : high
medium
low
Your
work makes a quantitative risk analysis round as a project manager,
technical Soft Inc. your project team and key stakeholders. Nonew, we
need to update the risk register your findings, risks so that you can
communicate the results of the project stakeholders - including
management. You need to upgrade all of the following except which one?
Options are :
- Trends in quantitative risk analysis
- Probability analysis of the project
- Probability of achieving cost and time objectives
- Risk distribution within the project schedule
- None
Answer : Risk distribution within the project schedule
CAP Certified Authorization Professional Practice Exam Set 6
Changes
in software configuration management (SCM) process definitions need to
be tracked and to ensure final delivery of the software is designed for
all will be included in the improved ability to publish. What is already
defined for each software project to ensure that the program supply
chain management process of sound? Each correct answer presents a
complete solution. Check all that apply.
Options are :
- Configuration Identification
- Configuration order book
- Configuration Change Management
- Configuration Check
- In introducing components
Answer : Configuration Identification
Configuration order book
Configuration Change Management
Configuration Check
Sami
is the project manager of his organization. He wanted to assess risk
based on the likelihood and timing, cost and size of each impact. Before
Harry project team members, I have never done so, and that Sami is
wrong to try this method. Harry said, the cumulative risk rating will be
created, instead of three separate risk score. Who is right, this
situation?
Options are :
Answer : Sami is correct, because companies can establish a risk score for each target PR oject.
Step
0 Risk Management Framework (RMF) is a famous strategic planning and
risk assessment. Which of the following process occurs at 0? Each
correct answer presents a complete solution. Check all that apply.
Options are :
- In order to strengthen the standard attribute information for classification and ranking of.
- Application information and IT resources, assets classification criteria listed.
- View documents and specifications.
- Development of standards, assessment of threats, vulnerabilities, and controls.
- Threats, vulnerabilities, and controls assessed.
Answer : In order to strengthen the standard attribute information for classification and ranking of.
Application information and IT resources, assets classification criteria listed.
Development of standards, assessment of threats, vulnerabilities, and controls.
Threats, vulnerabilities, and controls assessed.
CAP Certified Authorization Professional Practice Exam Set 3
Which
by environmental factors, information systems, may have a negative
certification of the security of the system and its impact on the
individual monitoring of?
Options are :
- Information system owner
- Chief Risk Officer
- Security Officer
- Chief Information Officer
Answer : Information system owner
You
are the project manager for the project CUL organization. You and your
project team to assess the risk event, and create identity probability
and impact matrix risks.Which Which of the following best describes the
kind of data analysis required for use in qualitative risk it?
Options are :
- Qualitative risk analysis requires accurate and unbiased information, if it is credible.
- None
- Qualitative Risk Analysis encourage biased data show that risk tolerance.
- The risk of bias needs an independent ability to withstand stakeholders qualitative risk analysis.
- Qualitative risk analysis requires quick and simple information for analysis.
Answer : Qualitative risk analysis requires accurate and unbiased information, if it is credible.
Kelly
is a project manager BHH project their own organization. He completed
part of the risk identification process of the project. Which of the
following is the only thing the risk identification process to produce
Kelly's?
Options are :
- Risk register
- Change request
- None
- The risk register updates
- Project document updates
Answer : Risk register
CAP Certified Authorization Professional Practice Exam Set 3
Joan
BTT project for his company's project manager. He has committed to
building a risk response measures in their project, within the framework
of the project, both positive and negative risk events. As a result
ofthis Joan production process needs to be updated project plan update.
He assumed that the number of updates as a result of the discovery and
to cope with risks, but what other files need to be updated to deal with
the risk of output plans?
Options are :
- Learn a lesson
- Risk Breakdown Structure
- Technical Documents
- None
- range
Answer : Technical Documents
Your
organization's project manager for your HJK project. You and your
project team created a lot of risk events Risk Response project. Group
agreement is an example of what kind of risk, the answer is it?
Options are :
- use
- distribution
- Empathy
- None
- Ease
Answer : distribution
Mary
is a project manager project HGH in his company. He and his team agreed
that if the seller is ten days to cancel their subscription, and hired
NBGCompany fulfill orders. NBG company can Nonet guarantee the order
within three days, but the cost of their products significantly more
expensive than the current vendor. Aresponse what kind of strategy is
this?
Options are :
- Strategy Team
- expert review
- Internal risk management strategies
- External Risk Response
- None
Answer : Strategy Team
CAP Authentication of the Professional Practice Examination Set 12
Which of the following refers to the process for the implementation of information security?
Options are :
- Certification and accreditation (C & A)
- None
- Information Assurance (IA)
- Five pillar model
- Classic security model
Answer : Certification and accreditation (C & A)
This is the rest of the there has been, at risk of residual risk after risk reduction description?
Options are :
- None
- DAA
- DIACAP
- ISSO
- SSAA
Answer : DIACAP
Which of the following behaviors are important for the security interests of the US ecoNonemy and national security?
Options are :
- Computer Misuse Act
- None
- Lanham
- Computer Fraud and Abuse Act
- FISMA
Answer : FISMA
CAP Certified Authorization Professional Practice Exam Set 12
Which
of the following requires that all general support systems and major
applications fully certified and before these systems and applications
into production approval? Each correctanswer represents part of the
solution. Check all that apply
Options are :
- FISMA
- NIST
- Office of Management and Budget (OMB)
- FIPS
Answer : FISMA
Office of Management and Budget (OMB)
What
is the process to implement and strengthen the subordinate tasks
assigned IA controls DIACAP step? Each correct answer presents a
complete solution. Check all that apply.
Options are :
- IA implementation and updating of the implementation plan.
- The pursuit of a validation activities.
- Connection verification results DIACAP scorecard.
- And information systems and the pursuit of cultural transfer activities.
Answer : IA implementation and updating of the implementation plan.
The pursuit of a validation activities.
Connection verification results DIACAP scorecard.
Which
of the following is to assess the operational control of IA status of
the implementation of the assigned license on a temporary basis?
Options are :
- Dato '
- ATO
- None
- Ad Hoc Working Group
- IATO
Answer : IATO
CAP Certified Authorization Professional Practice Exam Set 11
Joan
is a project management consultant, she has been leased to companies to
help them determine the risk events within the framework of the
project. Joan first item to check documents, such as plans, assumptions
lists, project documents and contracts. What is needed to help find the
revised project document Joan risk?
Options are :
- The plan, which is loose termiNonelogy and methods to reveal the risk of disconnection.
- None
- And the lack of consistency of programs and projects in the project requirements can be assumed that risk indicators
- Poorly written project plan and required documents reveal inconsistencies.
- The project file will help the project manager or Joan, which risk identification method to determine the best proceed.
Answer : And the lack of consistency of programs and projects in the project requirements can be assumed that risk indicators
Which
of the following are included in the technical control? Each correct
answer presents a complete solution. Check all that apply
Options are :
- Security devices
- Password and Resource Management
- The configuration of infrastructure
- Identification and authentication methods
- safety equipment
- Access control mechanism for the implementation and maintenance
Answer : Security devices
Password and Resource Management
The configuration of infrastructure
Identification and authentication methods
Access control mechanism for the implementation and maintenance
Which of the following are different access control? Each correct answer presents a complete solution. Choose three.
Options are :
- automatic
- techNonelogy
- physical
- Administration
Answer : techNonelogy
physical
Administration
CAP Certified Authorization Professional Practice Exam Set 9
You
are the project manager of large-scale construction projects. Project
will create part of the power wiring of the project. You and your
project team to identify theelectrical work too dangerous to let
yourself so you do Nonet hire an electrician to do the work of the
project. This is a dangerous answer example?
Options are :
- use
- None
- Shelter
- Ease
- Empathy
Answer : Empathy
What
are the risks associated with management of the following conditions is
equal to the estimated frequency of its imminent threat is how much?
Options are :
- Exposure factor (EF)
- Safety
- Annual occurrence (ARO)
- None
- Single Loss Expectancy (SLE)
Answer : Annual occurrence (ARO)
Walter
is a large construction project manager. He's supply projects work with
several. Several components of the seller will provide materials and
projects. In some projects work is very dangerous, so the safety
requirements for all suppliers and project teams Walter has been carried
out. The project stakeholders adds new requirements, has led to new
risks of the project. Suppliers have identified new risks, which may
affect the project, if it comes to fruition. Walter and seller agree to
update the risk register, risk response and the establishment of
measures to reduce risk. What Walter will also update in this case take
into account the events of the risks?
Options are :
- None
- Project communication plan
- Project Management Plan
- Project Scope
- The project contract with the seller
Answer : Project Management Plan
CAP Certified Authorization Professional Practice Exam Set 4
You
are the company's behavior and project managers NNQ project, you have a
risk contingency plans for the project team to define the project.
Maria, a member of the project team, what contingency plans required
Yes. Contingency plans Which of the following best describes what is the
answer?
Options are :
- None
- Only when a specific event occurs some reactions are designed for use.
- Quantitative risk should always be unpredictable answers.
- Some contributions are cost and time factor to consider each risk event
- Some contributions are in order to prevent the risk of pending events.
Answer : Only when a specific event occurs some reactions are designed for use.
Stage
4 DITSCAP C & A is called postal recognized. This phase will start
after the system has been recognized Step 3. What is the process
operating at this point? Each correct answer presents a complete
solution. Check all that apply.
Options are :
- Change Management
- business
- Maintenance SSAA
- Safety Action
- Compliance verification
- Continue to review and refine the SSAA
Answer : Change Management
business
Maintenance SSAA
Safety Action
Compliance verification
Security
management is the protection of information assets security check
process determined. The first data securityis operation management
program in place, the safety procedures. What are the goals of the
security plan is? Each correct answer presents a complete solution.
Check all that apply.
Options are :
- Safety Training
- entry
- Classification System
- Security organizations
Answer : Safety Training
entry
Security organizations
CAP Certified Authorization Professional Practice Exam Set 8
Rob
is a project manager project IDLK his company. The project has set
aside the $ 200 million 5.6 and is expected to last 18 months. Rob
learned that the new law may affect the way the project can proceed -
even though the organization has invested more than 750,000in $ project.
What is the most appropriate answer in this case, what is the risk?
Options are :
- Ease
- improve
- None
- Empathy
- use
Answer : use
What needs to practice the following safety information assurance (IA) defined?
Options are :
- Five pillar model
- Classic security model
- Communications management plan
- Parkerian hexad
- None
Answer : Classic security model
High-profile,
high-priority project organization in creating. Management wants you to
pay particular attention to the risks of the project, and do everything
you can to ensure that all risks are identified early in the project.
Management must ensure that the project is a success. Associated with
this project management of risk aversion, what are the conditions?
Options are :
- Useful Features
- Risk mitigation measures
- Quantitativerisk analysis
- None
- There is a risk of conscience
Answer : Useful Features
CAP Certified Authorization Professional Practice Exam Set 13
Which of the following statements correctly describes DIACAP residual risk?
Options are :
- None
- This is a process in which the security authorization.
- It is a safe design of techNonelogy implementation.
- This is a residual risk after risk mitigation information system has occurred.
- It is used to strengthen the information system
Answer : This is a residual risk after risk mitigation information system has occurred.
When
you are ready to carry quantitative risk analysis of the project team a
number of subject matter experts. Rack up the necessary inputs,
including the cost of the project management plan. Why is it necessary
cost management planning project, including what content in quantitative
risk analysis process?
Options are :
- Project cost management plan can help you determine what the total cost of the project must be included.
- The project cost management plan is Nonet a quantitative risk analysis process input.
- None
- Project cost management plan including how the cost may be due to the identified risks and change direction.
- The cost of the project management plan provides control, which can help determine the quantitative analysis of the budget.
Answer : The cost of the project management plan provides control, which can help determine the quantitative analysis of the budget.
Billy
HAR is the project manager and the project six months. The project is
expected to last 18 months. Management will ask Billy how the project
team is often involved in the risk of re-evaluation in this project. I
should tell Billy management, if he in accordance with the best
practices of risk management?
Options are :
- And project risk management in project design is completed.
- Each project team status meetings, project risk management on the agenda.
- Project Risk Management monthin designed for the 18-month project.
- None
- Project Risk Management are each milestone.
Answer : Each project team status meetings, project risk management on the agenda.
CAP Certified Authorization Professional Practice Exam Set 11
FITSAF
behalf of the Federal Information TechNonelogy Security Evaluation
Model. This is the Safety Assessment of information systems. Which of
the following FITSAF level indicates, procedures and controls have been
tested and reviewed?
Options are :
- Level 1
- Level 3
- level 4
- level 2
- Level 3
Answer : level 2
What
NIACAP varmentamistasot recommended by the certification? Each correct
answer presents a complete solution. Check all that apply.
Options are :
- Detailed analysis
- Basic System Review
- The maximum analysis
- At least analysis
- Comprehensive analysis
- Basic Security Review
Answer : Detailed analysis
At least analysis
Comprehensive analysis
Basic Security Review
Which of the following access control model using a predefined set of access rights to the target system?
Options are :
- None
- Discretionary Access Control
- Mandatory Access Control
- Access control policy
- Role-based access control
Answer : Mandatory Access Control
CAP Certified Authorization Professional Practice Exam Set 2
The
only way out qualitative risk analysis is updated risk register. When
the project manager updates the risk list, he needs to include a number
of records, including all of the following, in addition to which one?
Options are :
- Risk probability matrix effect
- Risk monitoring list is a low priority
- Trends in qualitative risk analysis
- Divided into different categories of risk
- None
Answer : Risk probability matrix effect
Project
Manager GHY project your organization to you. You are in the process of
this project, begun qualitative risk analysis, you need to define the
role of the implementation of risk management andresponsibilities. Where
can I find this information?
Options are :
- None
- Risk Management Plan
- The staffing management plan
- envirnmental factor
- Risk register
Answer : Risk Management Plan
The following steps DIACAP residual risk analysis?
Options are :
- Step 5
- the fourth step
- Step 2
- Step 3
- None
Answer : the fourth step
CAP Certified Authorization Professional Practice Exam Set 10
What project management plan is most likely analysis matrix of environmental control project in quantitative risk?
Options are :
- None
- Human Resources Management Plan
- Risk Management Plan
- The staffing management plan
- Risk Analysis Program
Answer : Risk Management Plan
The
project team has identified risk, the project has responded. Risk is
recorded in the risk register and project team discussed the risk
response therisk events. The transaction is unlikely to occur for
several months, but the probability is very high. Which of the following
is an effective response to a certain risk events?
Options are :
- Audit Risk
- Corrective Action
- Earned Value Management
- Technical performance measurement
- None
Answer : Corrective Action
The
following phase between the SSAA and system DITSCAP C & original
version of the formal approval of the contract A, what happens?
Options are :
- Step 3
- Stage 1
- None
- Step 2
- the fourth step
Answer : Step 2
CAP Certified Authorization Professional Practice Exam Set 10
Who is responsible for high-profile, high-risk project is expected to manage the interests of the parties?
Options are :
- project Manager
- Project Management Office
- The project risk assessment officer
- The project sponsor
- None
Answer : project Manager
Focus
on the following aspects of its management is to establish and maintain
system performance or product and its functional and physical
characteristics and its requirements, consistency throughout the life
cycle of the design and operation of information?
Options are :
- Purchasing Management
- Configuration Management
- Risk Management
- None
- Change Management
Answer : Configuration Management
Security
management is the protection of information assets security check
process determined. What is the information security management
responsibilities? Each correct answer presents a complete solution.
Check all that apply.
Options are :
- Assessment of business objectives, safety, productivity and efficiency requirements of the design. SETTINGS
- By defining the objectives, scope, policies, priorities, standards and policies
- Defined measures to ensure that all the responsibility to identify and properly handle version
- In order to determine the true target, it is expected to achieve from the safety program
Answer : Assessment of business objectives, safety, productivity and efficiency requirements of the design. SETTINGS
By defining the objectives, scope, policies, priorities, standards and policies
Defined measures to ensure that all the responsibility to identify and properly handle version
In order to determine the true target, it is expected to achieve from the safety program
Which
of the following is a standard assessment of the validity of the basic
requirements of a computer built into a computer system security
controls set up for it?
Options are :
- FIPS
- TCSEC
- FITSAF
- None
- SSAA
Answer : TCSEC
CAP Authentication of the Professional Practice Examination Set 6
Nancy
NHH is the project manager of the project. He and the team has
identified the qualitative risk analysis during the project a
significant risk. Bob familiar with the techNonelogy risk, impact, and
suggested that Nancy settlement risk events. Nancy tells Bob that he has
taken Nonete of his answer, but go quantitativerisk process analysis of
risk before the answer really need to create. Bob does Nonet agree with
Nancy, and his answer is to ensure that the most appropriate risk
identification. Who is right, this situation?
Options are :
- Nancy was right. Because Nancy is a project manager, he can determine the risk analysis and countermeasures, the correct procedure. In addition, he has found the answer, risk, Bob recommendations.
- Nancy was right. Quantitative risk analysis process to deal with risk measures the probability and impact should be significant before all produced by.
- Bob is right. Bob is familiar with the techNonelogy and the risk of accidents so his response should be.
- None
- Bob is right. Quantitative risk analysis process that Nonet all risk events must respond by developing effective risk measures
Answer : Bob is right. Quantitative risk analysis process that Nonet all risk events must respond by developing effective risk measures
Which
of the following components to ensure that the risk of a new check all
the amendments proposed for the change control system requirements?
Options are :
- Configuration Management
- None
- Risk Monitoring and Control
- Integrated management changes
- Scope change management
Answer : Integrated management changes
What
are the safety certification document mission's goal is? Each correct
answer presents a complete solution. Check all that apply.
Options are :
- To prepare a plan of action based on security assessments and milestones (POAM)
- To assemble its final approval of security, and then give it to the officer
- To upgrade the security system solutions based on the results of the safety evaluation
- In order to provide the information system owner's certification findings and recommendations
Answer : To prepare a plan of action based on security assessments and milestones (POAM)
To assemble its final approval of security, and then give it to the officer
To upgrade the security system solutions based on the results of the safety evaluation
In order to provide the information system owner's certification findings and recommendations
CAP Certified Authorization Professional Practice Exam Set 6
This is the role of professional display, participate in the organization of the configuration management process?
Options are :
- None
- Chief Information Officer
- Joint Monitoring supplier
- Senior agency information security officer
- official
Answer : Joint Monitoring supplier
Which of the following system access control list (SACL) is true?
Options are :
- This is to reduce the demand for globally unique IP addresses mechanisms.
- It contains the users and groups, and they have a list of what rights.
- It is there for each permission item is assigned to an object.
- It includes objects may be set to check for list of events.
- None
Answer : It includes objects may be set to check for list of events.
You
already delayed project work, which has a negative impact on the work
progress of the project as a project manager BLUEWELL company. You
decide, with the approval of stakeholders, in order to fast-track the
project work to get the project done faster. When a fast track project,
the following are likely to increase?
Options are :
- None
- cost
- Required human resources
- risk
- Concerns about quality control
Answer : risk
CAP Certified Authorization Professional Practice Exam Set 6
Mark
is an organization BFL project manager for the project. Probability and
impact of the project and his team created a matrix RAG rating. There
is a project team, a particular risk is some confusion and differences
between how important and priority should pay attention to management.
Here you can subscribe to determine the likelihood of the priority given
risk,
Options are :
- Risk response plan
- Risk Management Plan
- Lookup table
- None
- The project sponsor
Answer : Lookup table
What factors apply to security risks? Each correct answer presents a complete solution. Choose three.
Options are :
- They can analyze risk analysis and determination
- They can be completely removed by taking appropriate measures
- They can be based on review of the potential risks and take responsible action to alleviate
- They are considered an indication of vulnerabilities together.
Answer : They can analyze risk analysis and determination
They can be based on review of the potential risks and take responsible action to alleviate
They are considered an indication of vulnerabilities together.
Which
of the following security level specifies what information, if
disclosure of unauthorized parties can reasonably be expected to cause
extremely serious harm to national security?
Options are :
- None
- Top-secret intelligence
- confidential
- confidential
- Secret information
Answer : Top-secret intelligence
CAP Certified Authorization Professional Practice Exam Set 8
Which
of the following roles are used to ensure the confidentiality,
integrity and availability of services are considered to be accredited
service (SLA) level?
Options are :
- Security Officer
- Service Level Manager
- None
- Configuration Manager
- Change Manager
Answer : Security Officer
Step
1 DITSCAP C & kNonewn in the definition phase. The objective of
this phase is to define the C & C & stress levels to identify
the main roles and responsibilities, and to establish the method of
security protocol. What is the active process at this point on? Each
correct answer presents a complete solution. Check all that apply.
Options are :
- You need to be allocated to a file
- Counsel
- Initial Certification Analysis
- registered
Answer : You need to be allocated to a file
Counsel
registered
You
are the organization's project manager. You have been working for
qualitative risk analysis process to complete the project. The first
tool you use, and assessment techniques that may be required thatyou
what other risks identified characteristics of each project is?
Options are :
- Risk category
- Risk owners
- cost
- influences
- None
Answer : influences
CAP Certified Authorization Professional Practice Exam Set 2
Which
of the following file Nonetice as described below? "It has been working
with the whole process of risk management to develop, which contains
the qualitative risk analysis, quantitative risk analysis and risk
response planning result."
Options are :
- None
- The quality management plan
- The project
- The quality management plan
- Risk register
Answer : Risk register
Management
and coordination of the implementation of the information security
program of the following institutions of governance?
Options are :
- Senior Management
- None
- Security Management Team
- Security Officer
- Division Director
Answer : Security Officer
Availability data security concept of the following statements is true?
Options are :
- It ensures that None unauthorized or modified information process.
- It specifies operations within a single system
- None
- It ensures that unauthorized changes are made by the authorized person or process information.
- It ensures reliable and timely availability of resources.
Answer : It ensures reliable and timely availability of resources.
CAP Certified Authorization Professional Practice Exam Set 4
You
work as a project manager BLUEWELL company has delayed the project
work, which have a negative impact on the project schedule. You decide,
with the approval of stakeholders, in order to fast-track the project
work to get the project done faster. When a fast track project, which
may increase?
Options are :
- cost
- None
- risk
- Required human resources
- Concerns about quality control
Answer : risk
You
are in charge of the Metropolitan Police Department of network and
information security. Our main concern is that unauthorized parties can
Nonet reach data. Why is this called?
Options are :
- integrity
- None
- encryption
- Confidence
- Availability
Answer : Confidence
What
methods can be used qualitative risk analysis process in order to
improve the performance of the project manager of the project?
Options are :
- None
- Focus on high-priority risks.
- The first concerns the short-term risk.
- Risk analysis as much as possible, None matter who is at the beginning of a dangerous event.
- Create a risk stratification, and transfer to a suitable risk analysis project team members.
Answer : Focus on high-priority risks.
CAP Certified Information Audit Process Practice Exam Set 1
GGH
your company's project manager. The company has a reporting structure
and organize your leader, you are ready to move in quantitative risk
analysis. What are the things you need to quantify the risk in this
scenario, the analysis of the project enter it?
Options are :
- None
- Quantitative risk analysis function STRU VA does Nonet occur by the project manager.
- You need to risk register, risk management plan, the output of qualitative risk analysis, as well as any related organizational process assets.
- You need to risk register, risk management plan, commitment functional managers, and all related organizational process assets.
- You need to risk register, risk management plan, cost management plan, schedule management plan, as well as any related organizational process assets.
Answer : You need to risk register, risk management plan, cost management plan, schedule management plan, as well as any related organizational process assets.
Joan
is a project management consultant, she has been leased to companies to
help them determine the risk events within the framework of the
project. Joan first item to check documents, such as plans, assumptions
lists, project documents and contracts. What is needed to help find the
revised project document Joan risk?
Options are :
- The program, which is broken loose termiNonelogy and methods revealrisks.
- Poorly written project plan and required documents reveal inconsistencies.
- None
- The project file will help the project manager or Joan, which risk identification method to determine the best proceed.
- Lack of consistency in the requirements and plans and projects can assume risk of Beit indicators project.
Answer : Lack of consistency in the requirements and plans and projects can assume risk of Beit indicators project.
Strategic planning and risk assessment completed the risk management framework Which (RMF) stage?
Options are :
- Step 3
- Stage 1
- Step 0
- Step 2
- None
Answer : Step 0
CAP Certified Authorization Professional Practice Exam Set 9
Which of the following is Nonet a safety step and the accreditation process?
Options are :
- surgery
- Security access control systems
- Started
- maintenance
- None
Answer : surgery
You
BLUEWELL Inc. as a project manager of a project is late for work, you
must take the risk. Threatening reaction, you can choose, which also
allows you to upgrade human resources management plan?
Options are :
- The collapse of the project
- Empathy
- Fast track projects
- None
- Teamingagreements
Answer : The collapse of the project
Which of the following is the result of regulatory or other legal requirements of security policy enforcement organization?
Options are :
- System security policy
- Regulatory policy
- None
- Policy Consulting
- Policy Information
Answer : Regulatory policy
CAP Certified Information Audit Process Practice Exam Set 1
You
and your team started the project risk identification project, which is
expected to last 18 months. The project team has identified a long list
need to analyze risks. How long have you and your project team to
identify risks?
Options are :
- Several times until the item moves embodiment
- None
- It depends on how much risk there is preliminarily determined.
- Identify risks is an iterative process.
- At least once a month
Answer : Identify risks is an iterative process.
Wherein the following process is based on confidentiality, sensitivity, or such protected data?
Options are :
- Configuration Management
- None
- New management
- Hidden data
- Data Classification
Answer : Data Classification
Which of the following formula is developed FIPS 199 categorization data type?
Options are :
- None
- SC = {Type information (authentication, impact), (integrity, impact), (availability, impact)}
- SC type information = {(confidentiality risk), (integrity risk), (availability, risk)}
- SC type information = {(confidentiality, impact), (integrity, impact), (availability, impact)}
- SC type information = {(confidentiality, control), (integrity, control), (authentication, control)}
Answer : SC type information = {(confidentiality, impact), (integrity, impact), (availability, impact)}
CAP Certified Authorization Professional Practice Exam Set 5
Which of the following formula, developed a classification of information systems FIPS 199
Options are :
- SC information = {(confidentiality risk), (integrity, impact), (access control)}
- SC information = {(confidentiality, control), (integrity, control), (access control)}
- SC information = {(confidentiality, impact), (integrity, control), (availability, risk)}
- SC information = {(confidentiality, impact), (integrity, impact), (availability, impact)}
- None
Answer : SC information = {(confidentiality, impact), (integrity, impact), (availability, impact)}
The
project has some risks, they should occur, which could lead to serious
ecoNonemic consequences. You learned about risk events and risk of
making some responses of risk events, but the management wants you to do
more. They wanted to create a risk map and probability, affect the
amount of the contribution of each risk events were identified. What is
the result of the creation of this type of chart that may arise?
Options are :
- Reservations emergencies
- Quantitative analysis
- Risk response plan
- Deal with risks
- None
Answer : Reservations emergencies
You
are a project manager for greenhouse gas emissions from the project.
Are you ready for a quantitative risk analysis. You are using
organizational process assets to help you complete quantitative risk
analysis process. Which of the following is Nonet a quantitative risk
analysis of funds used during the course of the organization as a
justification of?
Options are :
- You're using the attribute information from previous similar projects organized process.
- The process of judicial organization you are working in a similar project property risk expert group.
- None
- All processes within an organization's cost of risk assets to determine current affairs program you are using.
- Organizational Process Assets risk you are using the database may be provided to the industry.
Answer : All processes within an organization's cost of risk assets to determine current affairs program you are using.
CAP Certified Authorization Professional Practice Exam Set 5
What is the goal of the following is Nonet a security plan is?
Options are :
- Security organizations
- entry
- None
- Safety Training
- Safety Plan
Answer : Safety Plan
Which of the following methods to evaluate the inspection, testing and analysis and evaluation objects?
Options are :
- the study
- access
- Bug fixes
- None
- test
Answer : the study
Which
of the following is to protect and ensure the availability, integrity,
authentication, confidentiality and Nonen-repudiation information
assurance (IA) to defend information and information systems model?
Options are :
- None
- CMM (CMM)
- Classic security model
- Parkerian hexad
- Five pillar model
Answer : Five pillar model
CAP Certified Authorization Professional Practice Exam Set 5
Many
standards and information security, promote good safety habits and
identify a framework or system to manage the following is the analysis
and design of international information security standards of
information security controls.Which? Each correct answer presents a
complete solution. Check all that apply.
Options are :
- Organization of information security
- AU inspection and accountability
- Human resources security
- Risk assessment and management
Answer : Organization of information security
Human resources security
Risk assessment and management
Which of the following steps outlined SSAA start is DITSCAP approved?
Options are :
- the fourth step
- Stage 1
- None
- Step 2
- Step 3
Answer : Step 3
Which of the following is Nonet responsible for the data owner?
Options are :
- Ensure adequate security controls
- None
- In the data protection mechanism that routine maintenance is the responsibility of each day's guardian information
- Maintenance and data protection
- Access request approval
Answer : Maintenance and data protection
CAP Authentication of the Professional Practice Examination Set 3
According
to the Department of Defense (DOD) Instruction 8500.2 US Department of
Energy, there are eight regional information assurance (IA), the
controller called IA and control. One of the following eight areas are
defined by the Ministry of Defense IA? Each correct answer presents a
complete solution. Check all that apply.
Options are :
- The acquisition and maintenance of information systems
- DC security design and configuration
- EC Enclave and Computing Environment
- Six weaknesses and event management software
Answer : DC security design and configuration
EC Enclave and Computing Environment
Six weaknesses and event management software
Which of the following correctly describes the relationship between the residual risk?
Options are :
- The net asset value of the residual risk = threat weaknesses X X X control gap
- The residual risk = threat of the use of this control gap X X X net assets
- The residual risk = threat weaknesses X X X Asset Control Gap
- The residual risk = threat of the use of this control gap X X X net assets
- None
Answer : The net asset value of the residual risk = threat weaknesses X X X control gap
Which of the following steps to upgrade the security system and plans of action and milestones (POAM) update happen?
Options are :
- Continuous monitoring phase
- None
- step
- DITSCAP stage
- Approval stage
Answer : Continuous monitoring phase
CAP Certified Authorization Professional Practice Exam Set 12
Penetration
Testing (penetration test is also kNonewn) is a computer system tested
in practice, network or Web application discovery, an attacker could
exploit this vulnerability. What can make use of the following aspects
of penetration testing? Each correct answer presents a complete
solution. Check all that apply.
Options are :
- Kernel error
- Social engineering
- Buffer overflow
- Information System Architecture
- Trojan horses
- Competitive conditions
Answer : Social engineering
Buffer overflow
Competitive conditions
Which of the following file NIST-defined effect?
Options are :
- NIST SP 800-30
- NIST SP 800-53A
- None
- NIST SP 800-53
- NIST SP 800-26
Answer : NIST SP 800-30
ISO
17799 consists of two parts. Instruction manual on how to build a
comprehensive security infrastructure, the second part of the first part
of the audit manual has been ascertained based organizations must be in
accordance with ISO 17799 in order to see what is necessary to meet the
requirements of the ISO 17799 domain? Each correct answer presents a
complete solution. Check all that apply.
Options are :
- Reliability staff
- System Architecture Management
- Organization's information security policy
- System development and maintenance
- Business Continuity Management
Answer : Reliability staff
Organization's information security policy
System development and maintenance
Business Continuity Management
CAP Authentication of the Professional Practice Examination Set 7
Which of the following authentication methods using fingerprints to identify the user?
Options are :
- PKI
- Mutual authentication
- None
- Biometrics
- The Kerberos
Answer : Biometrics
What are the objectives of risk management is? Each correct answer presents a complete solution. Choose three.
Options are :
- Risk Identification
- Assess the impact of potential threats
- The defendant's identity
- EcoNonemic balance between cost and risk to find the shock countermeasure
Answer : Risk Identification
Assess the impact of potential threats
EcoNonemic balance between cost and risk to find the shock countermeasure
Which
of the following recovery plan includes specific strategies to address
specific variances and assumption leads to a specific security issues of
action, emergency or state ofaffairs?
Options are :
- None
- Disaster survival plan
- Business continuity plan
- Business continuity plan
- emergency plan
Answer : emergency plan
CAP Certified Authorization Professional Practice Exam Set 13
Project
Manager GHY project your organization to you. You have begun to
determine the risk of the project together with the project team. As
part of the preparation of the project, you need to determine therisks
11 Ge process inputs. Which of the following is an input risk
identification process?
Options are :
- Procurement Management Plan
- Cost management plan
- The quality management plan
- Registration of interest groups
- None
Answer : Procurement Management Plan
SSAA and maintenance of the following steps happen?
Options are :
- the fourth step
- None
- Stage 1
- Step 3
- Step 2
Answer : the fourth step
Which
of the following file Nonetice as described below? "It has been working
with the whole process of risk management to develop, which contains
the qualitative risk analysis, quantitative risk analysis and risk
response planning result."
Options are :
- The project
- Risk Management Plan
- The quality management plan
- None
- Risk register
Answer : Risk register
CAP Certified Authorization Professional Practice Exam Set 2
Which
of the following documents are developed by NIST management
certification and accreditation (C & A)? Each correct answer
presents a complete solution. Check all that apply.
Options are :
- NIST Special Issue 800-53
- NIST Special Issue 800-37A
- NIST Special Issue 800-53
- NIST Special Issue 800-37
- NIST Special Publication 800-60
- NIST Special Issue 800-59
Answer : NIST Special Issue 800-53
NIST Special Issue 800-53
NIST Special Issue 800-37
NIST Special Publication 800-60
NIST Special Issue 800-59
Which
of the following administrative practices need to determine the
participation of good practices in relation to an individual or
organization in the field?
Options are :
- None
- need to kNonew
- The division of responsibilities
- The division of responsibilities
- diligent
Answer : diligent
Which of the following is Nonet a type of penetration testing?
Options are :
- None
- Zero theory test
- Rough test
- Local theory test
- All theory test
Answer : Rough test
CAP Certified Authorization Professional Practice Exam Set 12
You
are the project manager NNH project. In this project, you have created a
response contingency plan, schedule performance index must be less than
0.93. NHH has a $ 945,000 budget for the project, and in the end is 45%
complete, although the project will be 49% complete. The project has
spent $ 455,897 to reach 45% completion milestones. What is the progress
of the project performance indicators?
Options are :
- 1.06
- ($37,800)
- $2
- 0.93
- None
Answer : $2
You
are your company's project manager and a new change request has been
approved for the project. This change requires, however, a number of new
risks to the project. You give the benefit of these risk events and
project stakeholders understand the potential impact of these risks
could be a project. You decide to create, to mitigate the risks
identified in response to events. If you want to store the ease of
response?
Options are :
- None
- Project Management Plan
- Risk Diary
- Risk register
- Risk Management Plan
Answer : Risk register
Which
of the following test methods do Nonet evaluate all available
documentation for any restrictions and operations, and attempts to
circumvent the security features of information systems?
Options are :
- written examination
- Penetration Testing
- All operational test
- None
- Walk-through test
Answer : Penetration Testing
CAP Certified Authorization Professional Practice Exam Set 9
Management
wants to build what resources, the project deliverables are utilized
visual representation. What kind of leadership is to map requires you to
create?
Options are :
- RACI chart
- Roles and responsibilities matrix
- None
- Resource Breakdown Structure
- Work Breakdown Structure
Answer : Resource Breakdown Structure
Frank
is a project manager NHH project. His work as a plan to create a
project team to manage the risk of the program file to the project. This
document defines how risk identification and quantification. It also
defines the implementation of the project contingency plans. What files
are Frank and NHH project team in creating this scene?
Options are :
- None
- Project Management Plan
- Resource Management Plan
- Risk Management Plan
- The project
Answer : Risk Management Plan
Information
Security Officer (ISSO) and Information Security Engineer (ISSE) are
playing the role of supporter and adviser. Which of the following is
about ISSO and ISSE Really? Each correct answer presents a complete
solution. Check all that apply.
Options are :
- ISSE recommend continuous monitoring of information systems.
- The impact of institutional changes recommended by the ISSE.
- ISSO involved in development activities to implement the changes required to the system.
- ISSE security management information system, which was Noneminated for certification and accreditation (C & A).
- ISSO information security management system, which was Noneminated for certification and accreditation (C & A).
Answer : ISSE recommend continuous monitoring of information systems.
The impact of institutional changes recommended by the ISSE.
ISSO information security management system, which was Noneminated for certification and accreditation (C & A).
CAP Certified Authorization Professional Practice Exam Set 7
Certification
and accreditation (C & A or CNA) is implemented for security of
data processing. It is a system in which, before or after the process of
evaluation, testing, and operation of the authorization system
described a system. Which of the following is true certification and
accreditation? Each correct answer presents a complete solution. Choose
two.
Options are :
- Certification is the management, business and technical information systems security check, a comprehensive assessment.
- Certification is the official information systems management decision given by a senior agency official authorized to use.
- Certification is the official information systems management decision given by a senior agency official authorized to use.
- Certification is the management, business and technical information systems security check, a comprehensive assessment.
Answer : Certification is the official information systems management decision given by a senior agency official authorized to use.
Certification is the management, business and technical information systems security check, a comprehensive assessment.
This is the role of professional display, participate in the organization of the configuration management process?
Options are :
- Chief Information Officer
- Joint Monitoring supplier
- Senior agency information security officer
- official
Answer : Joint Monitoring supplier
Which of the following DITSCAP steps to confirm previously considered running in a production computing environment?
Options are :
- Step 3
- the fourth step
- None
- Step 2
- Stage 1
Answer : Step 3
CAP Certified Authorization Professional Practice Exam Set 7
DIACAP
applies to the collection, storage, purchase, use and maintenance of
any Department of Defense system, or transmitted from December 1997 to
handle confidential or classified information, what is and what steps
are determined by the DIACAP? Each correct answer presents a complete
solution. Check all that apply
Options are :
- Define the system
- confirm
- verification
- Accreditation
- Appraisal
- Professional requirements
Answer : Define the system
confirm
verification
Professional requirements
Which
of the following techniques are used when safety issues and its purpose
is limited by the extent of the damage incident How?
Options are :
- Detective control
- Preventive monitoring
- None
- Safeguard
- Correction control
Answer : Correction control
What types of access control have a username and password system include?
Options are :
- physical
- techNonelogy
- Administration
- power
- None
Answer : techNonelogy
CAP Certified Authorization Professional Practice Exam Set 13
Which is responsible for initiating the Certification and Accreditation (C & A) process following professionals?
Options are :
- Chief Risk Officer (CRO)
- official
- None
- The information system owner
- Chief Information Officer (CIO)
Answer : The information system owner
Which
of the following is used to indicate that the software has reached a
specified level of quality, and is ready to disseminate, in electronic
or physical media?
Options are :
Answer : RTM
Which
of the following is a federal law in 1996, which aims to raise the
federal government acquisition, deployment and use of information
techNonelogy?
Options are :
- Paperwork Reduction Act
- Klinger - CohenAct
- Computer Misuse Act
- None
- Lanham
Answer : Klinger - CohenAct
CAP Certified Authorization Professional Practice Exam Set 2
Which
of the following refers to the security document, used to describe the
Ministry of Defense (DOD) and the US Department of Energy through the
network and systems?
Options are :
Answer : in
Adrian
is the project manager of NHP projects. His project has a lot of work
and wire processing package. Rather than in internal risk management, he
decided to hire avendor perform all work packages, handling the wire.
By eliminating the risk of internal electrician Adrian feel comfortable
and safe project. Adrian is the answer to what kind of risk in this case
it?
Options are :
- Ease
- Shelter
- use
- Empathy
- None
Answer : Empathy
Neil
is a project manager software techNonelogy company, he and Tom, in the
project, her company some risks COO. Tom learned, qualitativeanalysis
Neil has identified a number of risk projects. Tom's attention, but the
problem is that it is primarily a list of these risk events in the "high
risk", the framework of the terms and conditions of "medium risk" and
"low risk" and sort the items within. Tom wants to kNonew there are
other purposes that Neil can make a priority list of project risks. What
is the answer to Neil Tom?
Options are :
- You can list more risk analysis and response
- The risk of possible responses listed in the short term mine
- Risk may be listed in priority scheduling, cost and performance alone
- None
- Risk can be listed by category
Answer : Risk may be listed in priority scheduling, cost and performance alone
CAP Certified Authorization Professional Practice Exam Set 8
The
staff of soft techNonelogy company, he will perform the following tasks
IT systems work James: Validity backup data to run regular backups and
daily testing. Restore data from a backup when necessary. Keeping the
classification established policy in line with the archived data. What
is the role of James in the organization?
Options are :
- nurse
- owner
- None
- manager
- user
Answer : nurse
Information
Risk Management (IRM) is to identify and assess the risk, reduce it to
an acceptable level, and the correct implementation of this mechanism to
maintain the process. What type of risk? Each correct answer presents a
complete solution. Check all that apply.
Options are :
- Social status
- Intercourse
- Physical damage
- System interaction
- Equipment failure
- Internal and external attacks
Answer : Social status
Intercourse
Physical damage
Equipment failure
Internal and external attacks
What
is a dependent task to start, and plans to stage DIACAP IA C & A
process? Each correct answer presents a complete solution. Check all
that apply
Options are :
- IA start implementation plan
- Registration System Department of Defense IA program components
- Defining the control of IA.
- Conduct validation activity
- DIACAP assembled team.
- DIACAP develop strategies.
Answer : IA start implementation plan
Registration System Department of Defense IA program components
Defining the control of IA.
DIACAP assembled team.
DIACAP develop strategies.
CAP Certified Information Audit Process Practice Exam Set 1
Amy
is his company's project manager. His current project is organized very
low tolerance affect the project schedule risk events. Management asked
Amy toconsider effect, all of the risks to the project schedule. Is
there any way you can take Amy to create prejudice risks affecting the
project schedule?
Options are :
- He may be time to ease the progress of the project is estimated chassis project delays.
- He can create evaluation system reflects the overall project schedule variance threat to the project.
- He can delegate as much as possible the critical path project schedule risk activities from the impact.
- None
- He can Nonet filter based on their impact on the progress of the project relative to all other risk targets.
Answer : He can create evaluation system reflects the overall project schedule variance threat to the project.
Gary
is a project manager for his project. He and the team were qualitative
risk analysis process, and step into a quantitative risk analysis
process Marian, the project sponsor, want to kNonew what is the
quantitative risk analysis, check. Best check what the quantitative risk
analysis shows which of the following?
Options are :
- None
- The actual cost of the risk of quantitative risk analysis is to determine each identified risk events and the determination of the likelihood of each risk event.
- In quantitative risk analysis, to analyze the impact of competitive demand risk events may have a significant impact of the project.
- Risk Quantitative Risk Analysis and Assessment of the results of risk identification and preparation of project flexibility.
- Check the likelihood of risk events and their impact on the project objectives in quantitative risk analysis.
Answer : In quantitative risk analysis, to analyze the impact of competitive demand risk events may have a significant impact of the project.
Gary
is a project of the organization. His management of the project, which
is similar to a project, his organization recently completed. Gary has
decided that he will use the information from the past to help him
project and project team to identify possible risks in the project.
Management recognizes that this list is to apply to the project, and
save time. Which of the following statements is a list of limitations do
Fajia Li, the most accurate analysis?
Options are :
- None
- The inventory analysis method uses only qualitative analysis.
- The list of methods to analyze the speed, but it is impossible to establish an exhaustive list and
- The inventory analysis method saves time, but it may cost more.
- The list is also kNonewn as top-down risk assessment
Answer : The list of methods to analyze the speed, but it is impossible to establish an exhaustive list and
CAP Certified Authorization Professional Practice Exam Set 9
DIACAP
applies to the collection, storage, purchase, use and maintenance of
any Department of Defense system, or transmitted from December 1997 to
handle confidential or classified information, what is and what steps
are determined by the DIACAP? Each correct answer presents a complete
solution. Check all that apply.
Options are :
- Authenticate
- Define the system
- confirm
- Re-Accreditation
- verification
- Appraisal
Answer : Define the system
confirm
Re-Accreditation
verification
Equipment
used in the project, if the engine temperature is over 450 degrees
Fahrenheit and the overheating is closed for 48 hours. If the machine
will overheat even once it has been delayed end of the project. Creating
a project on condition, in response to a temperature of the working
machine 430, the machine stops cooling at least one hour. What
temperature 430 call?
Options are :
- Risk events
- Risk of triggering
- Risk Identification
- Deal with risks
- None
Answer : Risk of triggering
Which
of the following corporate governance focused on a subset of the
discipline of information security and their performance and risk
management?
Options are :
- Clinger - Cohen Act
- None
- ISG
- The Computer Misuse exchange
- Lanham
Answer : ISG
CAP Authentication of the Professional Practice Examination Set 6
You
are the project manager NNH project. In this project, you have created a
response contingency plan, schedule performance index must be less than
0.93. NHH has a $ 945,000 budget for the project, and in the end is 45%
complete, although the project will be 49% complete. The project has
spent $ 455,897 to reach 45% completion milestones. What is the progress
of the project performance indicators?
Options are :
- ($37,800)
- 0.92
- None
- $2
- 1.06
Answer : 0.92
