CAP Certified Authorization Professional Practice Exam Set 12

Security Test and Evaluation (ST & E) is part of the risk assessment. It is useful to find vulnerabilities. What is the purpose of ST & E is used? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • To implement the design of the system architecture
  • determine the adequacy of security mechanisms, insurance and other properties to control security policy
  • to assess the degree consistent with the system documentation and implement ation
  • Reveals the design, implementation, and operational deficiencies that can give violates security policy

Answer : determine the adequacy of security mechanisms, insurance and other properties to control security policy to assess the degree consistent with the system documentation and implement ation Reveals the design, implementation, and operational deficiencies that can give violates security policy

What are the objectives of risk management? Each correct answer represents a complete solution. Choose three.


Options are :

  • Finding the economic balance between the risk and the cost of the impact of Asure Countermine
  • Assessing the impact of potential threats
  • the identification of the accused
  • identification of risk

Answer : Finding the economic balance between the risk and the cost of the impact of Asure Countermine Assessing the impact of potential threats identification of risk

CAP Certified Authorization Professional Practice Exam Set 13

Gary is a project organization. He works with the requirements of the project stakeholders of the project and how the risks can affect their project. One of the stakeholders are confused about what it means to project risks. Which of the following is the most accurate definition of project risk?


Options are :

  • It is an uncertain event or condition within the implementation of the project.
  • It is uncertain event that may affect at least one of the project objectives.
  • None
  • It is uncertain event that may affect the cost of the project.
  • It is unknown events that may affect the project scope.

Answer : It is uncertain event that may affect at least one of the project objectives.

You work as a project manager Tech Soft Inc. You, the project team and key project stakeholders have conducted a quantitative risk analysis round. Now we need to update the risk register your findings so that you can communicate the results of the risk to the project stakeholders - including management. You need to upgrade all of the following except which one?


Options are :

  • Trends in quantitative risk analysis
  • Probability analysis of the project
  • Risk distributions within the project schedule
  • The probability of achieving cost and time objectives
  • None

Answer : Risk distributions within the project schedule

You work as a project manager BLUEWELL Inc. You work in Nancy, COO of your company, a number of risks within the framework of the project. Nancy understands that the quality of the analysis you have identified 80 risks, which have a low probability and low impact, because the project is currently being planned. Nancy's concern, however, is that the impact and probability of these risks or events may change the project conditions may change. He would like to know where you document and record these 80 risks that have a low probability and low impact for future use. What should I tell Nancy?


Options are :

  • Risk identification is an iterative process so any changes in the low-probability and low impact risks will be reassessed throughout the project lifecycle.
  • All risks are recorded in the risk management plan
  • Risks are low probability and low impact recorded a future follow-up to the observation segment.
  • All risks, irrespective of their expected impact and likelihood of risk are recognized in the log.
  • None

Answer : Risks are low probability and low impact recorded a future follow-up to the observation segment.

You and your project team are just starting to risk identification project, which is scheduled to last 18 months. The project team has already identified a long list of risks that need to be analyzed. How often do you and your project team to identify risks?


Options are :

  • None
  • At least once a month
  • Identify risks is an iterative process.
  • Several times, until the project moves embodiment
  • It depends on how much risk initially identified.

Answer : Identify risks is an iterative process.

Which of the following are common roles with regard to information, information classification program? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • nurse
  • Security auditor
  • user
  • Owner
  • supplier

Answer : nurse Security auditor user Owner

Which of the following NIST identification documents for the guidance of a national Information System Security System?


Options are :

  • NIST SP 800-53A
  • NIST SP 800-53
  • NIST SP 800-59
  • NIST SP 800-60
  • NIST SP 800-37

Answer : NIST SP 800-59

CAP Certified Authorization Professional Practice Exam Set 10

Which of the following objectives defined by the integrity of C.I.A triad of information security systems? Each correct answer represents a part of the solution. Choose three.


Options are :

  • It prevents unauthorized or accidental alteration of the information authorized users
  • It prevents deliberate or accidental unauthorized disclosure of the contents of the message.
  • It prevents unauthorized modification of data users.
  • It retains its internal and external coherence of the data.

Answer : It prevents unauthorized or accidental alteration of the information authorized users It prevents unauthorized modification of data users. It retains its internal and external coherence of the data.

Which of the following documents NIST Special Publication provides a guideline for network security testing?


Options are :

  • NIST SP 800-37
  • NIST SP 800-53A
  • NIST SP 800-42
  • NIST SP 800-53
  • NIST SP 800-59
  • NIST SP 800-60

Answer : NIST SP 800-42

What part of the change management system is responsible for assessing, testing, and documentation of the changes created in the project scope?


Options are :

  • Project Management Information System
  • Integrated management of change
  • None
  • Configuration Management System
  • scope of Verification

Answer : Configuration Management System

During the qualitative risk analysis To determine the urgency of the risk assessment. All of the following are risk indicators for the priority except for which one?


Options are :

  • symptoms
  • risk rating
  • The project
  • warning Signs
  • None

Answer : The project

Step 2 DITSCAP C & known confirmation. The aim of this step is to provide a fully integrated system of certification testing and the accreditation. What are the activities of the process at this point? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • certification analysis
  • Registration
  • Evaluation of Analysis Results
  • Configuration refinement SSAA
  • The development of the system

Answer : certification analysis Evaluation of Analysis Results Configuration refinement SSAA The development of the system

Eric is a project manager of MTC project his company. In this project, the vendor has offered Eric a sizeable discount on all hardware if their order total project is more than $ 125,000 right now, Eric is likely to spend $ 118,000 with the seller. If Eric spends $ 7,000 of his savings cos project is $ 12,500, but he can not buy hardware devices, if he can not implement the hardware directly because of the organization's policy. Eric hears Amy and Allen, the other project managers in the organization, and asks if he needs any hardware for their projects. Both Amy and Allen need the hardware, and they agreed to buy the hardware vendor relationship with Eric. What are the risks of positive response has occurred in this case?


Options are :

  • enhancing
  • taking advantage of
  • distribution
  • None
  • transference

Answer : distribution

Helps examination of the design or security checks, they can be classified by several criteria. One of these criteria is based on the natural environment. These criteria, which of the following control consists of incident response processes, governance, security awareness and training?


Options are :

  • technical supervision
  • None
  • monitoring procedures
  • compliance control
  • physical control

Answer : monitoring procedures

You are the project manager GHY Project and strive to create the risk of a negative response to the risk. You and your project team has identified a risk that the project may be carried out in time as required by the management, as the creation of a user's guide software you create. You've decided to hire an external writer to meet the requirements, as well as reduce the risk of an event. What types of risks are the answers you've decided to use in this case?


Options are :

  • None
  • distribution
  • Avoidance
  • transference
  • taking advantage of

Answer : transference

You NHH project manager for the project. You are working on a project to study the project from four different perspectives defined to increase the width of the identified risks by including internally generated risks. What risk identification approach you use in this example?


Options are :

  • SWOT
  • assumptions analysis
  • root cause analysis
  • None
  • assumptions analysis

Answer : SWOT

Fred is a PKL Project Manager for the project. He is working on his project team completed during the quantitative risk analysis as part of the risk management plan. Fred understood that when quantitative risk analysis is completed, the process must be performed again in at least two other times in the project. When is renewed during the quantitative risk analysis?


Options are :

  • Quantitative risk analysis process to be completed again when planning and management as part of the monitoring and control of costs.
  • Quantitativerisk analysis process will be completed again as part of the new hazards and monitoring and surveillance.
  • None
  • Quantitative risk analysis process will be completed reacquisition of risk response plan as part of the planning and.
  • Quantitativerisk analysis process will be completed again as part of the new hazards and monitoring and surveillance.

Answer : Quantitativerisk analysis process will be completed again as part of the new hazards and monitoring and surveillance.

IAM / CA certification accreditation makes recommendations DAA. DAA issues accreditation determinations. What are the next accreditation of a determination daa? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • ATT
  • DATO
  • IATO
  • IATT
  • ATO

Answl' type="text" aria-describedby="nameHelp" placeholder="Enter email ( Optional for updates )">

Point our Mistakes and Post Your Suggestions