CAP Certified Authorization Professional Practice Exam Set 6

Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?


Options are :

  • Risk probabilityand impact matrixes
  • Risk identification
  • Uncertainty in values such as duration of schedule activities
  • Bias towards risk in new resources

Answer : Uncertainty in values such as duration of schedule activities

CAP Certified Authorization Professional Practice Exam Set 8

Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?


Options are :

  • No, the ZAS Corporation did not complete all of the work.
  • It depends on what the terminationclause of the contract stipulates
  • Yes, the ZAS Corporation did not choose to terminate the contract work.
  • It depends on what the outcome of a lawsuit will determine.

Answer : Yes, the ZAS Corporation did not choose to terminate the contract work.

Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?


Options are :

  • Configuration management
  • Change management
  • Risk management
  • Procurement management

Answer : Change management

You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?


Options are :

  • Quantitative analysis
  • Historical information
  • Qualitative risk analysis
  • Rolling wave planning

Answer : Qualitative risk analysis

CAP Certified Authorization Professional Practice Exam Set 5

An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?


Options are :

  • Multi-factor
  • Biometrics
  • Mutual
  • Anonymous

Answer : Multi-factor

CAP Certified Authorization Professional Practice Exam Set 9

You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes?


Options are :

  • Mitigation
  • Sharing
  • Acceptance
  • Exploiting

Answer : Sharing

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
  • Preserving high-level communications and working group relationships in an organization
  • Facilitating the sharing of security risk-related information among authorizing officials
  • Establishing effective continuous monitoring program for the organization

Answer : Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan Preserving high-level communications and working group relationships in an organization Establishing effective continuous monitoring program for the organization

John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?


Options are :

  • Risk Response Plan
  • Project ManagementPlan
  • Risk Management Plan
  • Communications Management Plan

Answer : Communications Management Plan

CAP Certified Authorization Professional Practice Exam Set 1

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • An ISSE provides advice on the impacts of system changes.
  • An ISSE provides advice on the continuous monitoring of the information system.
  • An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
  • An ISSO takes part in the development activities that are required to implement system ch anges.
  • An ISSO manages the security of the information system that is slated for Certification &Accreditation (C&A).

Answer : An ISSE provides advice on the impacts of system changes. An ISSE provides advice on the continuous monitoring of the information system. An ISSO manages the security of the information system that is slated for Certification &Accreditation (C&A).

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?


Options are :

  • Level 3
  • Level 4
  • Level 2
  • Level 1
  • Level 5

Answer : Level 3

You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?


Options are :

  • Data gathering and representation techniques
  • Quantitative risk analysis andmodeling techniques
  • Expert judgment
  • Organizational process assets

Answer : Organizational process assets

CAP Authentication of the Professional Practice Examination Set 7

Tracy is the project manager of the NLT Project for her company. The NLT Project is scheduled to last 14 months and has a budget at completion of $4,555,000. Tracy's organization will receive a bonus of $80,000 per day that the project is completed early up to $800,000. Tracy realizes that there are several opportunities within the project to save on time by crashing the project work. Crashing the project is what type of risk response?


Options are :

  • Mitigation
  • Transference
  • Enhance
  • Exploit

Answer : Enhance

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?


Options are :

  • User password policy
  • Privacy policy
  • Network security policy
  • Backup policy

Answer : Privacy policy

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.


Options are :

  • IS program manager
  • Designated Approving Authority
  • User representative
  • Information Assurance Manager
  • Certification agent

Answer : IS program manager Designated Approving Authority User representative Certification agent

CAP Certified Authorization Professional Practice Exam Set 7

Which of the following individuals makes the final accreditation decision?


Options are :

  • CRO
  • ISSE
  • ISSO
  • DAA

Answer : DAA

Which types of project tends to have more well-understood risks?


Options are :

  • Operational work projects
  • State-of-art technologyprojects
  • Recurrent projects
  • First-of-its kind technology projects

Answer : Recurrent projects

Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."


Options are :

  • Perform Quantitative Risk Analysis
  • Perform Qualitative Risk Analysis
  • Monitor and Control Risk
  • Identify Risks

Answer : Monitor and Control Risk

CAP Certified Authorization Professional Practice Exam Set 9

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?


Options are :

  • Exploit
  • Share
  • Enhance
  • Acceptance

Answer : Acceptance

Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?


Options are :

  • Cost change control system
  • Integrated change control
  • Scope change control system
  • Configuration management system

Answer : Configuration management system

Which of the following is NOT an objective of the security program?


Options are :

  • Information classification
  • Security organization
  • Security plan
  • Security education

Answer : Security education

CAP Certified Authorization Professional Practice Exam Set 6

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?


Options are :

  • Business continuity plan
  • Disaster recovery plan
  • Contingency plan
  • Continuity of Operations Plan

Answer : Continuity of Operations Plan

The Identify Risk process determines the risks that affect the project and document their characteristics. Why should the project team members be involved in the Identify Risk process?


Options are :

  • They are the individuals that will need a sense of ownership and responsibility for the risk e vents.
  • They are the individuals that will most likely cause and respond to the risk events
  • They are the individuals that will have the best responses for identified risks events within the project.
  • They are the individuals that are most affected by the risk events.

Answer : They are the individuals that will have the best responses for identified risks events within the project.

Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the project will risk management become easier. What answer best resolves the difficulty of risk management practices and the effort required?


Options are :

  • Risk management only becomes easier the more often it is practiced.
  • Risk management only becomes easier when the project is closed.
  • Risk management is an iterative process and never becomes easier.
  • Risk management only becomes easier when the project moves into project execution.

Answer : Risk management only becomes easier the more often it is practiced.

CAP Certified Authorization Professional Practice Exam Set 3

Gary is the project manager for his organization. He is working with the project stakeholders on the project requirements and how risks may affect their project. One of the stakeholders is confused about what constitutes risks in the project. Which of the following is the most accurate definition of a project risk?


Options are :

  • It is an unknown event that can affect the project scope.
  • It is an uncertain event that can affect the project costs.
  • It is an uncertain event that can affect at least one project objective.
  • It is an uncertain event or condition within the project execution.

Answer : It is an uncertain event that can affect at least one project objective.

Which of the following is a risk response planning technique associated with threats that seeks to reduce the probability of occurrence or impact of a risk to below an acceptable threshold?


Options are :

  • Exploit
  • Transference
  • Mitigation
  • Avoidance

Answer : Mitigation

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • SA System and Services Acquisition
  • IR Incident Response
  • Information systems acquisition, development, and maintenance
  • CA Certification, Accreditation, and Security Assessments

Answer : SA System and Services Acquisition IR Incident Response CA Certification, Accreditation, and Security Assessments

CAP Certified Authorization Professional Practice Exam Set 5

Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?


Options are :

  • Project charter
  • Risk register
  • Project scope statement
  • Risk low-level watch list

Answer : Risk register

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation? Each correct answer represents a complete solution. Choose all that apply.


Options are :

  • Type accreditation
  • System accreditation
  • Site accreditation
  • Secure accreditation

Answer : Type accreditation System accreditation Site accreditation

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?


Options are :

  • NIST SP 800-26
  • NIST SP 800-53A
  • NIST SP 800-53
  • NIST SP 800-59

Answer : NIST SP 800-53

CAP Certified Authorization Professional Practice Exam Set 9

Mark works as a project manager for TechSoft Inc. Mark, the project team, and the key project stakeholders have completed a round of qualitative risk analysis. He needs to update the risk register with his findings so that he can communicate the risk results to the project stakeholders - including management. Mark will need to update all of the following information except for which one?


Options are :

  • Risks grouped by categories
  • Watchlist of low-priority risks
  • Prioritized list of quantified risks
  • Trends in qualitative risk analysis

Answer : Prioritized list of quantified risks

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions