CAP Certified Authorization Professional Practice Exam Set 12

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls.Which of the following are the international information security standards? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Human resources security
  • Risk assessment and treatment
  • Organization of information security
  • AU audit and accountability

Answer : Human resources security Risk assessment and treatment Organization of information security

Which of the following is NOT a type of penetration test?


Options are :

  • Full knowledge test
  • Cursory test
  • Partial-knowledge test
  • Zero-knowledge test

Answer : Cursory test

CAP Certified Authorization Professional Practice Exam Set 5

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?


Options are :

  • Risk register
  • Risk management plan
  • Stakeholder management strategy
  • Lessons learned documentation

Answer : Risk register

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?


Options are :

  • Level 3
  • Level 2
  • Level 1
  • Level 5
  • Level 4

Answer : Level 3

You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve the goal of improving the project's performance through risk analysis with your project stakeholders?


Options are :

  • Focus on the high-priority risks through qualitative risk analysis
  • Involve subject matter experts in the risk analysis activities
  • Involve the stakeholders for risk identification only in the phases where the project directlyaffects them
  • Use qualitative risk analysis to quickly assess the probability and impact of risk events

Answer : Focus on the high-priority risks through qualitative risk analysis

CAP Certified Authorization Professional Practice Exam Set 12

Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?


Options are :

  • NIST SP 800-53A
  • NIST SP 800-59
  • NIST SP 800-37
  • NIST SP 800-53
  • NIST SP 800-60

Answer : NIST SP 800-59

Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?


Options are :

  • Policy Access Control
  • Mandatory Access Control
  • Role-Based Access Control
  • Discretionary Access Control

Answer : Role-Based Access Control

Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes. What is the primary advantage to group risks by common causes during qualitative risk analysis?


Options are :

  • It saves time by collecting the related resources, such as project team members, to analyze the risk events.
  • It helps the project team realize the areas of the project most laden with risks
  • It can lead to the creation of risk categories unique to each project
  • It can lead to developing effective risk responses.

Answer : It can lead to developing effective risk responses.

CAP Certified Authorization Professional Practice Exam Set 11

You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?


Options are :

  • Three
  • Seven
  • One
  • Four

Answer : Four

Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?


Options are :

  • Chief Information Security Officer
  • Senior Management
  • Information Security Steering Committee
  • Business Unit Manager

Answer : Senior Management

You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. You will need all of the following as inputs to the qualitative risk analysis process except for which one?


Options are :

  • Project scope statement
  • Risk management plan
  • Stakeholder register
  • Risk register

Answer : Stakeholder register

CAP Authentication of the Professional Practice Examination Set 8

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on nature. According to this criteria, which of the following controls consists of incident response processes, management oversight, security awareness, and training?


Options are :

  • Compliance control
  • Technical control
  • Procedural control
  • Physical control

Answer : Procedural control

Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Top-Down Approach
  • Left-Up Approach
  • Right-Up Approach
  • Bottom-Up Approach

Answer : Top-Down Approach Bottom-Up Approach

Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profityou're your organization seizes this opportunity it would be an example of what risk response?


Options are :

  • Positive
  • Opportunistic
  • Exploiting
  • Enhancing

Answer : Exploiting

CAP Certified Authorization Professional Practice Exam Set 6

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.


Options are :

  • Who is expected to comply with the policy
  • Who is expected to exploit the vulnerability?
  • Where is the vulnerability, threat, or risk?
  • What is being secured?

Answer : Who is expected to comply with the policy Where is the vulnerability, threat, or risk? What is being secured?

Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Editor
  • Owner
  • Custodian
  • User
  • Security auditor

Answer : Owner Custodian User Security auditor

Jeff, a key stakeholder in your project, wants to know how the risk exposure for the risk events is calculated during quantitative risk analysis. He is worried about the risk exposure which is too low for the events surrounding his project requirements. How is the risk exposure calculated?


Options are :

  • The probability of a risk event times the impact of a risk event determines the true risk exposure.
  • The probability of a risk event plus the impact of a risk event determines the true risk expo sure.
  • The probability and impact of a risk event are gauged based on research and in-depth analysis.
  • The risk exposure of a risk event is determined by historical information.

Answer : The probability of a risk event times the impact of a risk event determines the true risk exposure.

CAP Certified Information Audit Process Practice Exam Set 1

You work as the project manager for Bluewell Inc. You are working on NGQQ Projectyou're your company. You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?


Options are :

  • Risk avoidance
  • Risk acceptance
  • Risk transference
  • Risk mitigation

Answer : Risk transference

Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.


Options are :

  • Privacy
  • Availability
  • Integrity
  • Confidentiality

Answer : Availability Integrity Confidentiality

Eric is the project manager of the MTC project for his company. In this project a vendor has offered Eric a sizeable discount on all hardware if his order total for the project is more than $225,000. Right now, Eric is likely to spend $218,000 with vendor. If Eric spends $7,000 his cos savings for the project will be $22,500, but he cannot purchase hardware if he cannot implement the hardware immediately due to organizational policies. Eric consults with Amy and Allen, other project managers in the organization, and asks if she needs any hardware for their projects. Both Amy and Allen need hardware and they agree to purchase the hardware through Eric's relationship with the vendor. What positive risk response has happened in this instance?


Options are :

  • Transference
  • Sharing
  • Exploiting
  • Enhancing

Answer : Sharing

CAP Authentication of the Professional Practice Examination Set 7

During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?


Options are :

  • Symptoms
  • Cost of the project
  • Risk rating
  • Warning signs

Answer : Cost of the project

The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations issued by the DAA? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • IATT
  • IATO
  • ATO
  • ATT
  • DATO

Answer : IATT IATO ATO DATO

Thomas is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are also known as what?


Options are :

  • Contingency risks
  • Ancillary constituent components
  • Benefits
  • Opportunities

Answer : Opportunities

CAP Certified Authorization Professional Practice Exam Set 8

You are the project manager for a construction project. The project includes a work that involves very high financial risks. You decide to insure processes so that any ill happening can be compensated. Which type of strategies have you used to deal with the risks involved with that particular work?


Options are :

  • Avoid
  • Mitigate
  • Transfer
  • Accept

Answer : Transfer

Which of the following are included in Administrative Controls? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Conducting security-awareness training
  • Developing policy
  • Screening of personnel
  • Implementing change control procedures
  • Monitoring for intrusion

Answer : Conducting security-awareness training Developing policy Screening of personnel Implementing change control procedures

Jenny is the project manager of the NHJ Project for her company. She has identified several positive risk events within the project and she thinks these events can save the project time and money. You, a new team member wants to know that how many risk responses are available for a positive risk event. What will Jenny reply to you?


Options are :

  • Seven
  • Acceptance is the only risk response for positive risk events.
  • Three
  • Four

Answer : Four

CAP Certified Authorization Professional Practice Exam Set 4

Which of the following are included in Physical Controls? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Controlling individual access into the facilityand different departments
  • Environmental controls
  • Identification and authentication methods
  • Locking systems and removing unnecessary floppy or CD-ROM drives
  • Monitoring for intrusion
  • Password and resource management

Answer : Controlling individual access into the facilityand different departments Environmental controls Locking systems and removing unnecessary floppy or CD-ROM drives Monitoring for intrusion

Fred is the project manager of the PKL project. He is working with his project team to complete the quantitative risk analysis process as a part of risk management planning. Fred understands that once the quantitative risk analysis process is complete, the process will need to be completed again in at least two other times in the project. When will the quantitative risk analysis process need to be repeated?


Options are :

  • Quantitative risk analysisprocess will be completed again after the plan risk response planning and as part of procurement.
  • Quantitativerisk analysis process will be completed again after new risks are identified and as part of monitoring and controlling.
  • Quantitative risk analysis process will be completed again after the cost managementplanning and as a part of monitoring and controlling.
  • Quantitativerisk analysis process will be completed again after new risks are identified and as part of monitoring and controlling.

Answer : Quantitativerisk analysis process will be completed again after new risks are identified and as part of monitoring and controlling.

You are the project manager of the GHQ project for your company. You are working you're your project team to prepare for the qualitative risk analysis process. Mary, a project team member, does not understand why you need to complete qualitative risks analysis. You explain to Mary that qualitative risks analysis helps you determine which risks needs additional analysis. There are also some other benefits that qualitative risks analysis can do for the project. Which one of the following is NOT an accomplishment of the qualitative risk analysis process?


Options are :

  • Corresponding impact on project objectives
  • Cost of the risk impact if the risk event occurs
  • Time frame for a risk response
  • Prioritization of identified risk events based on probability and impact

Answer : Cost of the risk impact if the risk event occurs

CAP Certified Authorization Professional Practice Exam Set 5

A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?


Options are :

  • Add the identified risk to a quality control management control chart.
  • Add the identified risk to the risk register.
  • Add the identified risk to the issues log.
  • Add the identified risk to the low-level risk watchlist

Answer : Add the identified risk to the risk register.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions