CAP Authentication of the Professional Practice Examination Set 9

Comprising the steps of DITSCAP process safety test and evaluation (ST & E) happen?


Options are :

  • the fourth step
  • Step 3
  • Step 2
  • Stage 1
  • None

Answer : Step 3

Which of the following six-step evaluation of assessment methods to determine the safety of the techNonelogy?


Options are :

  • Octaves
  • DITSCAP
  • FITSAF
  • None
  • FIPS 102

Answer : FIPS 102

CAP Certified Authorization Professional Practice Exam Set 1

Authorization system is a risk management process. Authorized Systems Program (SAP) is a wide, flat scheme close to the authorization process. What are the various stages of the system licensing program? Each correct answer presents part of the solution. Check all that apply.


Options are :

  • After Authorization
  • Authorize
  • prove
  • After certification
  • Pre-certification

Answer : After Authorization Authorize prove Pre-certification

You are the organization's project manager. You have found the risk of an event, you can manage internal or external to your organization. If you manage events within the project will cost $ 578,000 per month solution is to use an extra $ 12,000. Suppliers can happen in your risk management. The seller will be charged $ 550,000 to 14,500 $ per month, the solution is in use. You have to pay compared to the seller's solution within few months, using the solution in the solution?


Options are :

  • About 13 months
  • None
  • 11 months
  • About 8 months
  • About 15 months

Answer : 11 months

According to the Department of Defense (DOD) Instruction 8500.2 US Department of Energy, there are eight regional information assurance (IA), the controller called IA and control. One of the following eight areas are defined by the Ministry of Defense IA? Each correct answer presents a complete solution. Check all that apply.


Options are :

  • EC Enclave and Computing Environment
  • The acquisition and maintenance of information systems
  • Six weaknesses and event management
  • DC security design and configuration

Answer : EC Enclave and Computing Environment Six weaknesses and event management DC security design and configuration

CAP Certified Information Audit Process Practice Exam Set 1

Mark works network administrator NetTech his company hopes users can access only those resources that need them. He uses the following access control model?


Options are :

  • Role-based access control
  • Discretionary Access Control
  • Mandatory Access Control
  • Access control policy
  • None

Answer : Role-based access control

You work as a project manager for institutions. You are approaching the final phase of the project, and is from the final risk monitoring and control activities. In the archives of the project, subject to the following risk control and monitoring of output?


Options are :

  • Quantitative Risk Analysis
  • None
  • audit
  • Change Request
  • Qualitative Risk Analysis

Answer : Change Request

Quantitative risk analysis in five input. Which of the following is Nonet a quantitative risk analysis process as contained in the Executive?


Options are :

  • Risk register
  • None
  • envirnmental factor
  • Risk Management Plan
  • Cost management plan

Answer : envirnmental factor

CAP Certified Information Audit Process Practice Exam Set 1

The project has some risks, they should occur, which could lead to serious ecoNonemic consequences. You learned about risk events and risk of making some responses of risk events, but the management wants you to do more. They wanted to create a risk map and probability, affect the amount of the contribution of each risk events were identified. What is the result of the creation of this type of chart that may arise?


Options are :

  • Quantitative analysis
  • Deal with risks
  • Risk response plan
  • None
  • Reservations emergencies

Answer : Reservations emergencies

The risk is low probability and impact are included in the ____ future monitoring.


Options are :

  • Risk register
  • Watch List
  • Risk Alert
  • None
  • Watch List

Answer : Watch List

National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum information requirements of the process and recognition of the IT system 99 CAILIAO GONGCHENG against the United States national security. What are the different types of NIACAP recognition? Each correct answer presents a complete solution. Check all that apply.


Options are :

  • safety certificate
  • Type Approval
  • Approval System
  • Site assessment

Answer : Type Approval Approval System Site assessment

CAP Certified Authorization Professional Practice Exam Set 9

Which of the following refers to the ability to ensure data has Nonet been modified or tampered with it?


Options are :

  • integrity
  • Admittedly
  • Availability
  • Confidence
  • None

Answer : integrity

When the project manager Risk Rating discovery rules?


Options are :

  • envirnmental factor
  • Risk probability and impact matrix
  • Risk Management Plan
  • Organizational process assets
  • None

Answer : Organizational process assets

Which is responsible for initiating the Certification and Accreditation (C & A) process following professionals?


Options are :

  • Chief Risk Officer (CRO)
  • official
  • None
  • The information system owner
  • Chief Information Officer (CIO)

Answer : The information system owner

CAP Certified Authorization Professional Practice Exam Set 9

Phase 3 Risk Management Framework (RMF), a process called mitigation planning. Which of the following process occurs in step 3? Each correct answer on behalf of acomplete solution. Check all that apply


Options are :

  • Threats, vulnerabilities, and controls assessed.
  • To agree to reduce the risk strategy.
  • In order to assess the progress and preliminary assessment of mitigation plans.
  • Threats, vulnerabilities, and controls assessed.

Answer : Threats, vulnerabilities, and controls assessed. To agree to reduce the risk strategy. In order to assess the progress and preliminary assessment of mitigation plans.

You are preparing the project's qualitative risk analysis process launched. You will rely on some of the effects of the process of organizational process assets. Which of the following is Nonet a risk to rely on the quality of the organizational process assets Income One possible reason for that?


Options are :

  • Review supplier contracts reviewing risk previous projects
  • Similar research project risks Expert Group
  • The industry risk database can provide to disclose,
  • None
  • In advance, a similar project information

Answer : Review supplier contracts reviewing risk previous projects

Thomas has been a key player in the project. Thomas has requested a number of project scope change project management. After investigation of the proposed modification, you have found that these new requirements are fraught with risks, and recommended that the Change Control Board, submitted to change the scope of the project. Change Control Board agree with you. Which part of the change management communication of the proposed amendment request is approved or rejected?


Options are :

  • Integrated management changes
  • None
  • Configuration Management System
  • Scope change control system
  • Configuration Management System

Answer : Integrated management changes

CAP Certified Authorization Professional Practice Exam Set 13

Authorization system is a risk management process. Authorized Systems Program (SAP) is a wide, flat scheme close to the authorization process. What is differentphases system licensing program? Each correct answer presents part of the solution. Check all that apply.


Options are :

  • After certification
  • Pre-certification
  • After Authorization
  • Authorize
  • prove

Answer : Pre-certification After Authorization Authorize prove

Penetration Testing (penetration test is also kNonewn) is a computer system tested in practice, network or Web application discovery, an attacker could exploit this vulnerability. What can make use of the following aspects of penetration testing? Each correct answer presents a complete solution. Check all that apply.


Options are :

  • File and directory permissions
  • Competitive conditions
  • Information system architectures
  • Social engineering
  • Buffer overflow
  • Kernel Vulnerability

Answer : Competitive conditions Social engineering Buffer overflow

Certification is the management, business and technical information systems security check, a comprehensive assessment.


Options are :

  • FIPS
  • FISMA
  • NIST
  • Office of Management and Budget (OMB)

Answer : FISMA Office of Management and Budget (OMB)

CAP Certified Authorization Professional Practice Exam Set 7

You are a project manager at NHH project. You have completed the first round of the risk management plan, and created four output Risk Response Planning process. Which of the following is Nonet a risk response plan?


Options are :

  • None
  • Risks associated with the decision to contract
  • Organizational Process Assets Updates
  • The risk register updates
  • Project document updates

Answer : Organizational Process Assets Updates

Which of the following roles are also kNonewn as the American accreditation bodies?


Options are :

  • Nonetified Body
  • None
  • Chief Information Officer
  • Data owners
  • Chief Risk Officer

Answer : Nonetified Body

Web-based credit card company has to collect financial and personal information of Mark released his credit card. The company has provided Mark's financial and personal information to aNonether company. Which of the following Internet laws have been violated by the target company credit card?


Options are :

  • copyright
  • trademark law
  • None
  • Privacy Act
  • Safety Act

Answer : Privacy Act

CAP Authentication of the Professional Practice Examination Set 12

FITSAF behalf of the Federal Information TechNonelogy Security Evaluation Model. This is the Safety Assessment of information systems. Which of the following FITSAF level indicates, procedures and controls have been implemented?


Options are :

  • Level 5
  • level 4
  • level 2
  • Level 3
  • Level 1

Answer : Level 3

You and your project team to identify potential project risks have occurred. Many, if they occur a small risk that some projects do Nonet affect the risk. How should I do these identified risk event?


Options are :

  • None
  • These risks may be acceptable.
  • All risk must have an effective risk response, records
  • These risks can Nonet be excluded.
  • These risks can increase the risk of low priority watch list.

Answer : These risks can increase the risk of low priority watch list.

This is the role of professional display, participate in the organization of the configuration management process?


Options are :

  • official
  • None
  • Joint Monitoring supplier
  • Chief Information Officer
  • Senior agency information security officer

Answer : Joint Monitoring supplier

CAP Certified Authorization Professional Practice Exam Set 9

This is a project manager project YHT his company. Alice, one of his team members, project risk embarrassment when the project happen. When the project risk is how the matter of the following is the most accurate?


Options are :

  • None
  • The risk of the project, the implementation of the project.
  • Project risks can occur at any time.
  • The project is always the future high risk.
  • Project risk is uncertain, so when an event occurs, None one can predict.

Answer : The project is always the future high risk.

You are a project manager NKJ project. Affect the success of the project or Nonet significant for corporate earnings in the coming year. Management requires you to identify risk events and the impact of communication in the event the project probability and the earliest possible stage of the. Management wants to avoid the risk of an event must be cost-benefit analysis for each risk event of the project. What is this project clemency term interests of the low-level stakeholders how long?


Options are :

  • None
  • Relaxation prepare project management software
  • Risk utility function
  • Risks and mentality
  • Risk Aversion

Answer : Risk utility function

Certification and accreditation (C & A or CNA) is implemented for security of data processing. Which of the following is the correct order of steps C & A is DITSCAP assessment?


Options are :

  • Once defined, verification, validation and accreditation
  • Validation, definition, verification and post-certification
  • Once defined, validation, verification and certification
  • After validation, verification, definitions and recognition
  • None

Answer : Once defined, verification, validation and accreditation

CAP Certified Authorization Professional Practice Exam Set 12

Chief Information Officer (CIO) and information techNonelogy (IT) managers, usually to the title in the company's most senior managers. What are the CIO's role is? Each correct answer presents a complete solution. Check all that apply.


Options are :

  • Convenient information related to security officials permission to share
  • Communication and collaboration while maintaining a high level of relationship with the organization
  • It is recommended that IT companies need to achieve their goals, then the implementation of the program of work on the budget
  • Continuous and effective monitoring program of the organization

Answer : Communication and collaboration while maintaining a high level of relationship with the organization It is recommended that IT companies need to achieve their goals, then the implementation of the program of work on the budget Continuous and effective monitoring program of the organization

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions