CAP Certified Authorization Professional Practice Exam Set 2

Which of the following are the different access control? Each correct answer represents a complete solution. Choose three.


Options are :

  • Automatic
  • physical
  • technical
  • administrative

Answer : physical technical administrative

Joan is a project management consultant and she has leased the company to help them identify the risk events within the framework of the project. Joan would first like to examine the project documents such as plans, assumptions lists, project files, and contracts. What is essential to help find Joan risks of revision of project documents?


Options are :

  • Lack of consistency requirements and assumptions of the plans and the project can be indicators of risk in the project
  • The project documents will help the project manager or Joan, to identify what risk identification approach is best to continue.
  • None
  • Poorly written requirements reveal inconsistencies in the project plans and documents.
  • The plans, which are loose terms and disconnected approaches to uncover risks.

Answer : Lack of consistency requirements and assumptions of the plans and the project can be indicators of risk in the project

Phase 4 DITSCAP C & A is known as Post Accreditation. This phase shall begin after the system has been accredited Step 3. What are the operation of the process at this point? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • safety Action
  • Managing change
  • maintenance SSAA
  • Continue to review and refine the SSAA
  • business
  • Compliance validation

Answer : safety Action Managing change maintenance SSAA business Compliance validation

What happens in the signing of the original version of the SSAA and formal approval of the following DITSCAP C & A between the phases of the system?


Options are :

  • step 3
  • Phase 1
  • None
  • step 2
  • step 4

Answer : step 2

CAP Certified Authorization Professional Practice Exam Set 2

Which of the following is a temporary permit to operate based on the assessment of the status of implementation of the assigned IA Controls?


Options are :

  • IATO
  • ATO
  • DATO
  • IATT
  • None

Answer : IATO

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built in the computer system?


Options are :

  • FITSAF
  • None
  • SSAA
  • TCSEC
  • FIPS

Answer : TCSEC

The only outlet to perform a qualitative risk analysis are risk register updates. When the project manager updates the risk list, he needs to include a number of records, including all of the following except for which one?


Options are :

  • Watchlist risks are low priority
  • None
  • Risks are grouped into categories
  • The risk probability matrix effect
  • Trends in qualitative risk analysis

Answer : The risk probability matrix effect

What factors apply to security risks? Each correct answer represents a complete solution. Choose three.


Options are :

  • They can be completely removed by taking appropriate measures
  • They are considered an indication of the vulnerability threats together.
  • They can be analyzed and measured in the analysis of risk
  • They can be mitigated by reviewing and taking responsible action based on the potential risks

Answer : They are considered an indication of the vulnerability threats together. They can be analyzed and measured in the analysis of risk They can be mitigated by reviewing and taking responsible action based on the potential risks

What NIACAP varmentamistasot recommended by the certifier? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • comprehensive analysis of
  • at least Analysis
  • Basic System Review
  • maximum Analysis
  • Detailed analysis of the
  • Basic Security Review

Answer : comprehensive analysis of at least Analysis Detailed analysis of the Basic Security Review

Which of the following individuals monitored by the information system of environmental factors that can negatively affect the security of the system and its accreditation?


Options are :

  • None
  • security chief
  • information system owner
  • Chief Risk Officer
  • Chief information Officer

Answer : information system owner

CAP Certified Authorization Professional Practice Exam Set 4

You are preparing to bring with during the quantitative risk analysis of the project team and a number of subject matter experts. Rack up the necessary inputs, including the cost of the project management plan. Why is it necessary to include in the project cost in the preparation of a management plan during the quantitative risk analysis?


Options are :

  • the cost of the project management plan provides for the control, which can help determine the structure of a quantitative analysis of the budget.
  • None
  • The project cost management plan is not input during a quantitative risk analysis.
  • project cost management plan can help you determine what the total cost of the project must contain.
  • the cost of the project management plan includes direction on how costs may be changed because the identified risks.

Answer : the cost of the project management plan provides for the control, which can help determine the structure of a quantitative analysis of the budget.

The security management is the process of determining the protection of information assets security checks. What are the information security management responsibilities? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • By defining the objectives, scope, policies, priorities, standards, and strategies
  • Assess the business objectives, safety, productivity and efficiency requirem SETTINGS
  • In order to determine the real objectives, which are expected to be achieved from a security program
  • Defining measures to ensure that all responsibilities are recognized and properly address ed

Answer : By defining the objectives, scope, policies, priorities, standards, and strategies Assess the business objectives, safety, productivity and efficiency requirem SETTINGS In order to determine the real objectives, which are expected to be achieved from a security program Defining measures to ensure that all responsibilities are recognized and properly address ed

You work as a project manager BLUEWELL Inc. has been a delay in the project work, which negatively impact on the project schedule. You decided, with the approval of stakeholders, in order to fast track the project work to get the project done faster. When a fast track project which of the following is likely to increase?


Options are :

  • The human resources required
  • costs
  • None
  • Quality control concerns
  • risks

Answer : risks

Kelly is a project manager BHH project their own organization. He completes the risk identification process in this part of the project. Which of the following is the only thing that the risk identification process creates Kelly?


Options are :

  • change request
  • Risk Register Updates
  • PROJECT DOCUMENT Updates
  • risk register
  • None

Answer : risk register

FITSAF stands for Federal Information Technology Security Evaluation Model. It is the safety of the method of assessment of information systems. Which of the following FITSAF level indicates that the procedures and controls have been tested and reviewed?


Options are :

  • level 1
  • level 3
  • level 4
  • level 2
  • level 3

Answer : level 2

What are the objectives of the security certification documentation task? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • To prepare an action plan and milestones (POAM) based on the security assessment
  • To assemble the ultimate safety of its accreditation and then give it to the officer
  • To provide findings and recommendations of the certification of the information system owner
  • To upgrade the security system plan based on the results of the safety evaluation

Answer : To prepare an action plan and milestones (POAM) based on the security assessment To assemble the ultimate safety of its accreditation and then give it to the officer To provide findings and recommendations of the certification of the information system owner To upgrade the security system plan based on the results of the safety evaluation

CAP Certified Information Audit Process Practice Exam Set 1

Nancy NHH is a project manager for the project. He and the project team has identified a significant risk during the project during a qualitative risk analysis. Bob is acquainted with the technique, that affects the risk and suggests Nancy settlement risk event. Nancy tells Bob that he has taken note of his answer, but the risk really needs to go quantitativerisk process of analysis before the creation of the answers. Bob disagrees with Nancy and to make sure that his answer is most suitable for the identified risk. Who is right in this situation?


Options are :

  • Nancy is correct. Since Nancy is a project manager, he can determine the correct procedures for the analysis of risks and responses. In addition, he has found the answer to the risk, Bob recommends.
  • None
  • Nancy is correct. All significant on the probability and impact should pass during the quantitative risk analysis before the risk responses generated.
  • Bob is right. Not all risk events must pass during a quantitative risk analysis to develop effective risk responses
  • Bob is right. Bob is familiar with the technology and the risk of incident so his response should be carried out.

Answer : Bob is right. Not all risk events must pass during a quantitative risk analysis to develop effective risk responses

Which is described in the following residual risk risk remaining after there has been to reduce the risks?


Options are :

  • DAA
  • None
  • DIACAP
  • ISSO
  • SSAA

Answer : DIACAP

You are the project manager NNQ project for your company and act as you have a project team to define contingency plans for the risks of the project. Maria, one of the members of the project team, asking what contingency plan is. Which of the following best defines what the contingency plan is the answer?


Options are :

  • Some responses are designed for use only if certain events occur.
  • Some contributions are cost and time factor to consider each risk event
  • Some contributions is to prevent the risk of pending events.
  • None
  • Quantitative risks should always be unpredictable answers.

Answer : Some responses are designed for use only if certain events occur.

You are responsible for network and information security in the Metropolitan police station. Our main concern is that unauthorized parties can not reach data. Why is this called?


Options are :

  • None
  • Availability
  • encryption
  • integrity
  • confidence

Answer : confidence

Which of the following statements on the availability of Data security concept is true?


Options are :

  • It ensures that no changes have been made unauthorized or processes information.
  • It ensures reliable and timely availability of resources.
  • None
  • It specifies actions within a single system
  • It ensures that unauthorized changes are made to information by authorized personnel or processes.

Answer : It ensures reliable and timely availability of resources.

Step 1 DITSCAP C & known definition phase. The aim of this phase is to define the C & stress levels to identify the main C & roles and responsibilities, and to create a method for implementing the agreement on safety. What are the activities of the process at this point? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Registration
  • Initial Certification Analysis
  • counsel
  • the need for a document assignment

Answer : Registration counsel the need for a document assignment

CAP Certified Information Audit Process Practice Exam Set 1

Which of the following statements correctly describes the DIACAP residual risk?


Options are :

  • None
  • It is used to strengthen the information system
  • It is the technical implementation of the security design.
  • It is a residual risk after risk information system relief has occurred.
  • It is a process where the safety authorization.

Answer : It is a residual risk after risk information system relief has occurred.

What project management plan is most likely to control in the quantitative risk analysis matrix project environment?


Options are :

  • Risk Management plan
  • Staffing management plan
  • Risk analysis plan
  • None
  • Human resource management plan

Answer : Risk Management plan

What approach can be used to improve the project manager project's performance during a qualitative risk analysis?


Options are :

  • Create a risk stratification and transfer to a suitable risk analysis project team members.
  • Focus on high-priority risks.
  • Analyze the risks as much as possible, regardless of who started the at-risk event.
  • Focus on short-term risks first.
  • None

Answer : Focus on high-priority risks.

You are the project manager GHY project for your organization. You are about to begin a qualitative risk analysis during the project and you need to define the roles of andresponsibilities the execution of risk management. Where can you find this information?


Options are :

  • Risk Management plan
  • risk register
  • Environmental factors
  • None
  • Staffing management plan

Answer : Risk Management plan

Walter is a large construction project manager. He has worked with several suppliers to the project. Sellers will provide materials and the work of several parts of the project. Some of the works in the project are very dangerous, so Walter has carried out safety requirements for all vendors and your project team. Stakeholders of the project have added new requirements that have led to new risks in the project. The supplier has identified a new risk, which can affect the project, if it comes to fruition. Walter agrees with the seller and has updated the risk register and to create risk responses to mitigate the risk. What will Walter also update in this scenario into account the risk of the event?


Options are :

  • The project communication plan
  • The project contract with the seller
  • The project scope
  • None
  • The project management plan

Answer : The project management plan

Who is responsible for stakeholder expectations management of high-profile, high-risk project?


Options are :

  • The project sponsor
  • Project manager
  • None
  • Project Management Office
  • The project risk assessment officer

Answer : Project manager

CAP Certified Authorization Professional Practice Exam Set 5

You are the project manager of the organization. You have worked to complete the project during a qualitative risk analysis. The first tool you use and the technology required to assess the likelihood thatyou and what other characteristics of each identified risk to the project?


Options are :

  • Effect
  • None
  • the risk of the owner
  • risk category
  • Cost

Answer : Effect

Which of the following roles are used to ensure that the confidentiality, integrity and availability of services are considered approved level of service (SLA)?


Options are :

  • Change Manager
  • None
  • security chief
  • service Level Manager
  • Configuration Manager

Answer : security chief

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions