CAP Certified Authorization Professional Practice Exam Set 10

Numerous standards related to information security to promote good security practices and to define a framework to structure or systems to manage the analysis and design of information security controls.Which following are the international information security standards? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • AU inspection and accountability
  • Human resources security
  • organization of information security
  • Risk assessment and management

Answer : Human resources security organization of information security Risk assessment and management

Project to use the device, if the temperature of the engine exceeds 450 degrees Fahrenheit machine overheats and is closed for 48 hours. If this machine to overheat even once it delays by the end of the project. Working on a project to create a response that would reach the temperature of the machine 430, the machine is pausedfor for at least one hour of cooling. Temperature 430 is called what?


Options are :

  • risk identification
  • Respond to risks
  • risk event
  • None
  • risk trigger

Answer : risk trigger

CAP Certified Authorization Professional Practice Exam Set 8

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built in the computer system?


Options are :

  • FITSAF
  • None
  • FIPS
  • TCSEC
  • SSAA

Answer : TCSEC

You are the project manager GHY project for your organization. You have worked with the project team begins to identify the risks of the project. As part of the preparation for the project, you need to identify therisks eleven inputs to the process. Which of the following is input to risk identification process?


Options are :

  • Quality management plan
  • procurement management plan
  • None
  • register of interest groups
  • cost management plan

Answer : procurement management plan

You are the project manager of the organization. You have decided that the action is too dangerous to run internally so you can hire a licensed contractor to complete the work. The contractor is not permitted to carry out the tasks set out in a timely manner that can delay the beginning of the subsequent work. This is an example of what type of risk event?


Options are :

  • risk insurance
  • secondary risk
  • None
  • internal
  • transference

Answer : secondary risk

Step 3 DITSCAP C & known for validation. Step 3 The goal is to confirm that the previous IS is produced which acts on a particular computer. What are the activities of the process at this point? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • The development of the system
  • Certification and accreditation decision
  • Develop a recommendation DAA
  • Run the certification evaluation of an integrated system
  • Be checked further and refine SSAA

Answer : Certification and accreditation decision Develop a recommendation DAA Run the certification evaluation of an integrated system Be checked further and refine SSAA

You are the project manager TTP project. You identify risks process. You need to create a risk register. Which of the following are included in the risk register? Each correct answerrepresents the perfect solution. Choose two.


Options are :

  • List ofmitigation techniques
  • List of identified risks
  • List of key stakeholders
  • A list of possible responses

Answer : List of identified risks A list of possible responses

Which types of projects tend to be more well-understood risks?


Options are :

  • operational work projects
  • State-of-art technology projects
  • repeated projects
  • None
  • The first-of-its kind technology projects

Answer : repeated projects

CAP Certified Authorization Professional Practice Exam Set 6

Which of the following processes described in the following notice? "This is the process of numerically analyzing the effect of identified risks throughout the project objectives."


Options are :

  • None
  • Monitor and Control Risks
  • Perform Qualitative Risk Analysis
  • identify risks
  • quantitative risk analysis

Answer : quantitative risk analysis

Information security officer (ISSO) and information security engineer (Isse) play the role of a supporter and an advisor, respectively. Which of the following statements are true about ISSO and Isse? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Isse manages security information system, which is slated for Certification and Accreditation (C & A).
  • ISSO participate in development activities needed to implement ch anges.
  • Isse advises the continuous monitoring of the information system.
  • Isse advises the impact of system changes.
  • ISSO manages security information system, which is slated for Certification and Accreditation (C & A).

Answer : Isse advises the continuous monitoring of the information system. Isse advises the impact of system changes. ISSO manages security information system, which is slated for Certification and Accreditation (C & A).

David is the project manager of the HGF project his company. David, the project team, and a number of different parties have completed the identification of the risks and are willing to move to a qualitative risk analysis. Tracy, project team member, does not understand why they have to fill out a qualitative risk analysis. Which of the following is the best explanation completed a qualitative risk analysis?


Options are :

  • It is a cost-effective way to create a probability and impact of the project risks.
  • It ISA fast and cost-effective way to create a priorities plan risk responses and provides the basis for quantitative analysis.
  • Qualitative risk analysis helps to segment the project risks, pose a risk stratification as well as create a fast and accurate responses to risk.
  • None
  • All risks must pass through a quantitative risk analysis prior to a qualitative risk analysis.

Answer : All risks must pass through a quantitative risk analysis prior to a qualitative risk analysis.

National Information Assurance Certification and Accreditation Process (NIACAP) is a minimum requirement for the process of certification and accreditation of computer and telecommunications systems that deal with US national security information. Which of the following participants are required NIACAP security assessment? Each correct answer represents a part of the solution. Check all that apply.


Options are :

  • Certification agent
  • The operator's representative
  • Designated Accreditation Authority
  • IS Program Manager
  • Information Assurance Manager

Answer : Certification agent The operator's representative Designated Accreditation Authority IS Program Manager

Which of the following individuals will make the final approval decision?


Options are :

  • None
  • DAA
  • CRO
  • Isse
  • ISSO

Answer : DAA

Jenny is project manager NBT projects. He works as a project team and a number of subject matter experts to perform during the quantitative risk analysis. During this process, he and the project team to reveal a number of risk events that have not been previously identified. What should Jenny do these risk events?


Options are :

  • Events must be determined if they have been accepted or responded to.
  • Events would be a significant qualitative risk analysis.
  • Events would be a significant risk register.
  • None
  • Events should be extended for quantitative risk analysis.

Answer : Events would be a significant risk register.

CAP Certified Authorization Professional Practice Exam Set 5

Identify Risk is defined as the process of threatening the project and document their characteristics. Why the project team members will be included in the process identify risk?


Options are :

  • They are the people who are likely to cause and to respond to risk events
  • They are individuals who suffer the most risk events.
  • They are the people with responses to the identified risks the best events of the project.
  • They are people who need a sense of ownership and responsibility for the risk of E vents.
  • None

Answer : They are the people with responses to the identified risks the best events of the project.

Which of the following responses to the risk that the project will outline the plan does not change to deal with the risk?


Options are :

  • None
  • Adoption
  • transference
  • mitigation
  • exploitation

Answer : Adoption

Harry is a project manager, a software development project. At the initial stage of planning, he and stakeholders, operated by the belief that the software they developed to work organization, your current computer's operating system. Now, the project team has started developing software it has become apparent that the software does not work nearly half Systems Organization. Wrong belief Harry was because of software compatibility is an example of what project management?


Options are :

  • Risk
  • Problem
  • None
  • constraint
  • assumption

Answer : assumption

Which of the following Department of Defense directives define DITSCAP than the standard C & Method Department of Defense?


Options are :

  • DoD 5200.40
  • None
  • DoD 5200.22-M
  • DoD 8910.1
  • DoD 8000.1

Answer : DoD 5200.40

Which of the following is a risk response planning technique associated with threats that seeks to reduce the likelihood or impact of the risk under the approved threshold?


Options are :

  • mitigation
  • Avoidance
  • None
  • transference
  • Exploit

Answer : mitigation

Sammy is a project manager in his organization. He would like to assess each risk based on the likelihood and impact of time, cost and scale. Harry project team member, has never done this before and think Sammy is wrong to try this approach. Harry says that the accumulative risk rating would be created, not three separate risk scores. Who is right in this situation?


Options are :

  • Sammy is right, because sheis project manager.
  • Harry is right, because the risk probability and impact to keep all the objectives of the Proj ect.
  • Sammy is right, because organizations can create a risk score for each target pr oject.
  • Harry is right, the risk probability and impact matrix is the only approach to risk assessm ent.
  • None

Answer : Sammy is right, because organizations can create a risk score for each target pr oject.

CAP Certified Authorization Professional Practice Exam Set 8

Eric is a project manager NQQ project and has hired ZAS Corporation to perform project work of Eric organization. Because of the change at the request of ZAS Corporation no longer needed for the project, even if he has completed almost all of the project work. Eric organization liable to pay corporation Zas work they have completed the project so far?


Options are :

  • None
  • Yes, ZAS Corporation does not choose to terminate the contract work.
  • It depends on what the agreement provides for termination clause.
  • No, ZAS corporation did not meet all of the work.
  • It depends on what the outcome of the lawsuit to determine.

Answer : It depends on what the agreement provides for termination clause.

FITSAF stands for Federal Information Technology Security Evaluation Model. It is the safety of the method of assessment of information systems. Which of the following FITSAF level indicates that the procedures and controls have been implemented?


Options are :

  • level 2
  • level 3
  • level 4
  • level 1
  • level 5

Answer : level 3

What is described below 'Code of Canons' in '(ISC) 2 Code of Ethics'? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Give the instructions to solve the great and the good and bad in comparison baddilemmas.
  • Provide diligent and competent service to principals.
  • To protect society, the commonwealth, and the infrastructure.
  • Act honorably, honestly, justly, responsibly and legally

Answer : Provide diligent and competent service to principals. To protect society, the commonwealth, and the infrastructure. Act honorably, honestly, justly, responsibly and legally

Henry is a Project Manager Project QBG his company. This project has been allocated $ 4576900 and is expected to complete the last 18 months. CIO, the stakeholders in the project, has introduced a change in the scope of a request for additional deliverables as part of the project work. What part of the change management system review the proposed changes affect the properties and functions of the product of the project?


Options are :

  • Scope change control system
  • Integrated management of change
  • None
  • Change in cost control system
  • configuration Management System

Answer : configuration Management System

Authentication method to use smart cards as well as user names and passwords for authentication. Which of the following authentication methods are brought to?


Options are :

  • mutual
  • Biometrics
  • anonymous
  • multiple
  • None

Answer : multiple

You are the project manager GHY project for your company. You have completed the risk response planning with the project team. Now we need to update the WBS. Why is the project manager must be updated after the WBS risk the answers to the planning process? Choose the best answer.


Options are :

  • Because the risks connected with work packages
  • Since there is a risk responses, which are now in operation
  • Due to the work that was left out of the WBS creation
  • Because the risk generated by the new work answers
  • None

Answer : Because the risk generated by the new work answers

CAP Certified Authorization Professional Practice Exam Set 13

A security policy is a common general statement produced by the management, which determines which security plays a role in the organization. What are the various policy? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • systematic
  • Advisory
  • Informative
  • regulation

Answer : Advisory Informative regulation

You work as a project manager BLUEWELL Inc. You have to complete during the quantitative risk analysis of the project. You can use three tools and techniques available to complete this process. Which of the following is not a tool or technique that fits over the quantitative risk analysis?


Options are :

  • Organizational process assets
  • Quantitative risk analysis techniques andmodeling
  • expert assessment
  • Data collection and representation techniques
  • None

Answer : Organizational process assets

You work as a project manager BLUEWELL Inc. You are using your team members in the project risk responses. That threaten the answer is likely to cause the project to use the procurement processes?


Options are :

  • distribution
  • None
  • mitigation
  • Adoption
  • taking advantage of

Answer : distribution

Which of the following recovery plans include specific strategies and actions to address the specific variances assumptions lead to a particular safety problem or emergency situation?


Options are :

  • disaster survival plan
  • Business continuity Plan
  • None
  • Business Continuity Plan
  • The emergency plan

Answer : Business continuity Plan

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions