CAP Certified Authorization Professional Practice Exam Set 11

Which of the following tasks identified by the Plan of Action and Milestones document? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Plans to be implemented
  • Scheduled completion dates for milestones
  • Tasks that are required to be filled
  • Any milestones that are needed to fulfill the tasks
  • Resources needed to achieve the plan,

Answer : Scheduled completion dates for milestones Tasks that are required to be filled Any milestones that are needed to fulfill the tasks Resources needed to achieve the plan,

Adrian is the Project Manager a new project using a technique that has recently been released and there is relatively little information technology. Preliminary testing technology to use it looks promising, but there is still doubt as to the longevity and reliability of the technology. Adrian wants to consider the risk factors of technology project. What he documented the risks of this technology, so that he can monitor the risk status and Answers?


Options are :

  • The project plan
  • risk register
  • The project scope
  • None
  • low-level risk watch list

Answer : risk register

CAP Certified Authorization Professional Practice Exam Set 10

Mark works as a project manager trademark of Tech Soft Inc., the project team and key project stakeholders have completed a round of qualitative risk analysis. He needs to update the risk register his findings, so that he can communicate the results of the risk to the project stakeholders - including management. Mark has updated all of the following except which one?


Options are :

  • Watchlist risks are low priority
  • None
  • Prioritized list of quantified risks
  • Trends in qualitative risk analysis
  • Risks are grouped into categories

Answer : Prioritized list of quantified risks

Diana is the project manager of QPS project his company. In this project, Diana and the project team have identified risk insurance. Diana and the project team decided together key stakeholders, to eliminate risk insurance project by changing the project plan completely. What is a pure risk?


Options are :

  • None
  • It's a risk event that can not be avoided, because the order of the work.
  • It's a risk event that occurs when the project work of errors or lack of observed during use.
  • It is the risk of an event that creates a risk response
  • It is the risk of an event that is only the negative side, such as the loss of life or limb.

Answer : It is the risk of an event that is only the negative side, such as the loss of life or limb.

Harry is the Project Manager PMM construction project. In this project, Harry has identified the supplier who can create a stained glass window construction units in 1000. The supplier is an artist who operates on its own, but windows will create a number of companies throughout the United States. The company's management estimates that the proposal to use this editor, and when they agreed that the supplier is a talented, they do not think an artist can meet the 1000 window units in time for the deadline of the project. Management asked Harry to find a supplier that guarantees the completion of the necessary windows date schedule. What is the risk management response is asked Harry to take?


Options are :

  • mitigation
  • None
  • Adoption
  • transference
  • Avoidance

Answer : mitigation

Shoulder surfing is a kind of personal attack in which the attacker gathers information on the premises of the organization. This attack is often carried out by looking at the keyboard encrypts the employee's computer when he has to write his password at any time to a base station, such as a terminal / Web site. What is the violation of the following shoulder surfing attack?


Options are :

  • confidence
  • Authenticity
  • integrity
  • None
  • Availability

Answer : confidence

Which of the following refers to the security document, which is used by the US Department of Defense (DoD) to describe and adoption of networks and systems?


Options are :

  • FITSAF
  • FIPS
  • TCSEC
  • SSAA
  • None

Answer : SSAA

ISO 17799 consists of two parts. manual instructions on how to build a comprehensive security infrastructure, and the second part of the first part has been implemented is the audit manual is based on the requirements that must be met in order to look at the organization in accordance with ISO 17799. What are the ISO 17799 domains? Each correct answer represents a complete solution. Check all that apply


Options are :

  • System Architecture Management
  • the reliability of staff
  • The system developmentand maintenance
  • Business continuity management
  • organization of information security policy

Answer : the reliability of staff The system developmentand maintenance Business continuity management organization of information security policy

CAP Certified Authorization Professional Practice Exam Set 13

In 2003, NIST developed a new Certification and Accreditation (C & A) instruction known as FIPS 199. What is the level of the potential effects specified in FIPS 199 is? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • High
  • moderate
  • Low
  • medium

Answer : High Low medium

You work as a project manager Tech Soft Inc. You are working onthe project stakeholders during a qualitative risk analysis of the project. You have used all the tools in the qualitative risk analysis of the project. Which of the following techniques are not used as a tool during the qualitative risk analysis?


Options are :

  • Risk Urgency Assessment
  • Risk assessment of the quality of information
  • risk rating
  • re-assessment of risks
  • None

Answer : re-assessment of risks

Penetration test, sometimes called a white hat attacks because the pen test, the good guys are trying to break into. What are the different penetration testing? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Open the box
  • A full theory test
  • Zero-theory test
  • Closed-box
  • Full box
  • Partial-theory test

Answer : Open the box A full theory test Zero-theory test Closed-box Partial-theory test

There are seven risk responses for any project. Which of the following is a valid response to the risk of a negative risk event?


Options are :

  • Exploit
  • Improve
  • None
  • Ice
  • Adoption

Answer : Adoption

Which of the following is NOT a goal of a safety program?


Options are :

  • None
  • Entry
  • security plan
  • security organization
  • safety training

Answer : safety training

Tracy is a Project Manager Project NLT his company. NLT project duration is 14 months and has a budget of $ 4,555,000 to complete. Tracy organization receives a bonus of $ 80,000 per day, that the project will be completed early in the year up to $ 800,000 Tracy realizes that there are several opportunities for the project to save time crashing the project work. Crashing a project is what type of risk an answer?


Options are :

  • mitigation
  • Exploit
  • transference
  • None
  • Improve

Answer : Improve

CAP Certified Authorization Professional Practice Exam Set 9

Software Configuration Management (SCM) process defines the need to track changes, and the ability to ensure that the final delivered software is designed for all the improvements that are to be included in the release. What are the procedures that have been defined for each software project to ensure that the voice of the SCM process is carried out? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • configuration identification
  • Configuration Order the book
  • Configuration change management
  • the introduction of the assembly
  • Configuration checks

Answer : configuration identification Configuration Order the book Configuration change management Configuration checks

John is a Project Manager Project NHQ his company. His project of which 75 stakeholders, some are external to the Organization. John has to make sure that he communicates about risk the most appropriate method of external stakeholders. Every project management plan is the best guide John submitted to external stakeholders?


Options are :

  • Communications management plan
  • None
  • project ManagementPlan
  • Risk Management plan
  • Risk Response Plan

Answer : Communications management plan

Chief Information Officer (CIO) or Information Technology (IT) manager, is a title commonly given to the most senior managers in the company. What are the responsibilities of CIO? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Facilitate the sharing of information among security-related officials permission
  • It is proposed IT company needed to achieve their goals and then working on the budget to implement the plan
  • continuous effective monitoring of program organization
  • while maintaining a high level of communication and collaboration relationships with the organization

Answer : It is proposed IT company needed to achieve their goals and then working on the budget to implement the plan continuous effective monitoring of program organization while maintaining a high level of communication and collaboration relationships with the organization

Virginia is a project manager in his organization. He has hired a subject matter expert to interview a number of the identified risk of the project stakeholders within the framework of the project. Subject matter expert assessment of the risk event, what is the precise objective?


Options are :

  • Determine the probability of the risk and the cost of the event
  • To determine the risk of bias of the event is based on each person interviewed
  • determining the level of probability and risk impact of each transaction
  • None
  • determining the validity of each of the risk event

Answer : determining the level of probability and risk impact of each transaction

Which of the following documents NIST Special Publication for guidance surveys and checklists, through which systems can be evaluated correlation opinion on the specific control objectives?


Options are :

  • NIST SP 800-26
  • None
  • NIST SP 800-53
  • NIST SP 800-59
  • NIST SP 800-53A

Answer : NIST SP 800-53

Elizabeth is the project leader of his organization, and he finds risk management has been very difficult for her to manage. He asks, lead project manager, what stage of the project risk management is facilitated. What answer best solves the difficulty of risk management practices and the effort?


Options are :

  • Risk management only becomes easier the more often it is practiced.
  • Risk management is facilitated only when the project moves to the implementation of the project.
  • None
  • Risk management is an iterative process and never becomes easier.
  • Risk management is facilitated only when the project is closed.

Answer : Risk management only becomes easier the more often it is practiced.

CAP Certified Authorization Professional Practice Exam Set 10

Which of the following is NOT a goal of a safety program?


Options are :

  • None
  • security plan
  • Entry
  • safety training
  • security organization

Answer : Entry

National Information Assurance Certification and Accreditation Process (NIACAP) is a minimum requirement for the process of certification and accreditation of computer and telecommunications systems that deal with US national security information. What are the different types of NIACAP accreditation? Each correct answer represents a complete solution. Choose allthat apply.


Options are :

  • type of accreditation
  • approval system
  • site accreditation
  • Secure accreditation

Answer : type of accreditation approval system site accreditation

You are the project manager Blue Star project for your company. The company has a structure and an organization you report the functional leader that you are ready to move onto a qualitative during the risk analysis. What you qualitative inputs for a risk analysis of the project in this scenario?


Options are :

  • You need the Risk Register, Risk Management Plan, the outputs of a qualitative risk analysis, and any relevant organizational process assets.
  • You need the Risk Register, a risk management plan, project scope statement, and any relevant organizational process assets.
  • You need the Risk Register, Risk Management Plan, promises a functional manager, and all relevant organizational process assets.
  • None
  • Qualitative risk analysis does not take place through the functional construction project manager for ture.

Answer : You need the Risk Register, a risk management plan, project scope statement, and any relevant organizational process assets.

A number of security-related standards, promote good security practices and to define a framework to structure or systems to manage the analysis and design of information security controls. Which of the following are associated with the US federal government information security standards? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • CA certification, accreditation, and security assessments
  • IR Incident Response
  • SA System and Services Acquisition
  • the acquisition of information systems, and Maintenance

Answer : CA certification, accreditation, and security assessments IR Incident Response SA System and Services Acquisition

Risk transference of risk transfer referred to a third party, usually for a fee, it creates a contractual relationship for money on behalf of a third party to manage risks in performing organization. Which of the following is an example of the transference of risk response?


Options are :

  • None
  • insurance
  • performance bonds
  • guarantees
  • Life cycle costing

Answer : Life cycle costing

The organization monitors the hard drives of its employees' computers from time to time. Which policy does this apply to?


Options are :

  • Privacy Policy
  • None
  • backup policy
  • network security
  • User password policy

Answer : Privacy Policy

CAP Certified Authorization Professional Practice Exam Set 8

Which of the following statements Discretionary Access Control List (DACL) is true?


Options are :

  • It is a rule list that includes access control entries.
  • It will determine, inspection activities should be carried out when an object attempts to access the resource.
  • It is a list that contains the user accounts, groups, and computers that are allowed (or denied) access to the object.
  • It is a unique number that identifies a user, group, and computer account.
  • None

Answer : It is a list that contains the user accounts, groups, and computers that are allowed (or denied) access to the object.

The organization has appointed you project manager JKN Project. This project is a blood alcohol content of $ 1,500,000 is expected to last 18 months. Management has agreed that if the schedule baseline is a variance of more than five percent of you need to cut down the project. What happens when the project manager crashes project?


Options are :

  • None
  • The project cost is increased.
  • Project risks are growing.
  • The number of hours a resource can be used is reduced.
  • Project Will take longer, but the risks are reduced

Answer : The project cost is increased.

Which of the following processes described in the following notice? "Identifying new risks It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, and assess the effectiveness of the risk process throughout the project."


Options are :

  • Monitor and manage risks
  • None
  • quantitative risk analysis
  • identify risks
  • Perform Qualitative Risk Analysis

Answer : Monitor and manage risks

BS 7799 is the internationally recognized ISM standard, which provides a high-level conceptual recommendations for enterprise security. BS 7799 is basically divided into three parts. Which of the following statements are true about BS 7799? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • BS 7799 Part 1 standard was originally published BS 7799 British Standards Institute (BSI) in 1995.
  • BS 7799 part 1 was adopted ISO ISO / IEC 27001 in November 2005.
  • . BS 7799 Part 2 was approved ISO ISO / IEC 27001 in November 2005.
  • BS 7799 part 3 was released in 2005, which covers the analysis and management of risks.

Answer : BS 7799 Part 1 standard was originally published BS 7799 British Standards Institute (BSI) in 1995. . BS 7799 Part 2 was approved ISO ISO / IEC 27001 in November 2005. BS 7799 part 3 was released in 2005, which covers the analysis and management of risks.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions