CAP Certified Authorization Professional Practice Exam Set 3

Which of the following assessment methods to determine the six-step evaluation of the technical safety?


Options are :

  • FIPS 102
  • OCTAVE
  • FITSAF
  • DITSCAP
  • None

Answer : FIPS 102

DIACAP applies to the acquisition, use and sustainment of any DoD system that collects, stores, transmits or processes unclassified or classified information since December 1997. What are the steps identified by DIACAP? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Re-Accreditation
  • definition systems
  • Validation
  • Accreditation
  • confirmation
  • Identification

Answer : Re-Accreditation definition systems Validation confirmation

Which of the following is marking the object discretionary access control list (DACL) that grants access to a user or group?


Options are :

  • Discretionary access control entry (Dace)
  • None
  • Safety (SID)
  • Access control (ACE)
  • Access (ACL)

Answer : Access control (ACE)

There are five inputs during the quantitative risk analysis. Which of the following does not perform as income during the quantitative risk analysis?


Options are :

  • risk register
  • None
  • Risk Management plan
  • cost management plan
  • Environmental factors

Answer : Environmental factors

CAP Certified Authorization Professional Practice Exam Set 6

Which of the following DITSCAP steps to confirm that the previous is produced by the IS that operates in a computing environment?


Options are :

  • Phase 1
  • step 2
  • None
  • step 3
  • step 4

Answer : step 3

Risks are low probability and impact are included on a ____ future monitoring.


Options are :

  • risk alarm
  • watch list
  • risk register
  • None
  • Watch list

Answer : watch list

Adrian is the project manager of the NHP scheme Project. His project has a number of work packages that deal with electrical wiring. Rather than manage risk internally he has decided to hire avendor performs all of the work packages, dealing with electrical wiring. By removing the risk internally electrician Adrian feels comfortable safe project. What kind of risks the answer is Adrian used in this example?


Options are :

  • Avoidance
  • None
  • mitigation
  • transference
  • Adoption

Answer : transference

Which of the following techniques are used when safety problems and the aim is to limit the extent of the damage caused by the incident?


Options are :

  • preventive surveillance
  • protective measures
  • detective control
  • corrective control
  • None

Answer : corrective control

FITSAF stands for Federal Information Technology Security Evaluation Model. It is the safety of the method of assessment of information systems. Which of the following FITSAF level indicates that the procedures and controls have been implemented?


Options are :

  • level 2
  • level 3
  • level 4
  • level 1
  • level 5

Answer : level 3

Which of the following roles are also known as accreditor?


Options are :

  • Chief information Officer
  • None
  • Chief Risk Officer
  • the data owner
  • Designated Accreditation Authority

Answer : Designated Accreditation Authority

CAP Certified Authorization Professional Practice Exam Set 8

Penetration testing (pen testing is also called) is in practice to test a computer system, network, or Web application to find vulnerabilities that an attacker can exploit. What can make use of a penetration test of the following areas? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • race conditions
  • File and directory permissions
  • Information system architectures
  • buffer overflows
  • kernel flaws
  • Social engineering

Answer : race conditions buffer overflows Social engineering

You work as a project manager in the organization. You are nearing the final stages of the implementation of projects and looking towards the ultimate risk monitoring and control activities. in the archives of the project, whichever of the following is the output of the monitoring and control of risks?


Options are :

  • Quantitative risk analysis
  • requested changes
  • audits
  • Qualitative risk analysis
  • None

Answer : requested changes

Information security officer (ISSO) and information security engineer (Isse) play the role of a supporter and an advisor, respectively. Which of the following statements are true about ISSO and Isse? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Isse manages security information system, which is slated for Certification and Accreditation (C & A).
  • Isse advises the continuous monitoring of the information system.
  • Isse advises the impact of system changes.
  • ISSO participate in development activities needed to implement changes to the system.
  • ISSO manages security information system, which is slated for Certification and Accreditation (C & A).

Answer : Isse advises the continuous monitoring of the information system. Isse advises the impact of system changes. ISSO manages security information system, which is slated for Certification and Accreditation (C & A).

Which of the following is used to indicate that the software has reached a quality level defined and is ready for dissemination, either electronically or on physical media?


Options are :

  • DAA
  • RTM
  • ATM
  • None
  • CRO

Answer : RTM

Mark works network administrator NetTech Inc. He wants users to access only those resources that are needed for them. Which of the following access control models he uses?


Options are :

  • Policy Access Control
  • Role-based Access Control
  • None
  • Mandatory Access Control
  • Discretionary Access Control

Answer : Role-based Access Control

Comprising the following steps DITSCAP process is Security Test and Evaluation (ST & E) takes place?


Options are :

  • step 2
  • step 3
  • Phase 1
  • step 4
  • None

Answer : step 3

CAP Certified Authorization Professional Practice Exam Set 12

Information risk management (IRM) is a process of identifying and evaluating the risks, to reduce it to an acceptable level, and implementing the right mechanisms to keep that. What are the types of risk? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Social status
  • Inside and outside attacks
  • intercourse
  • Physical damage
  • equipment failure
  • system interaction

Answer : Social status Inside and outside attacks intercourse Physical damage equipment failure

Phase 3 Risk Management Framework (RMF), a process called mitigation planning. Which of the following processes take place in step 3? Each correct answer represents acomplete solution. Check all that apply


Options are :

  • Threats, vulnerabilities, and controls will be evaluated.
  • Threats, vulnerabilities, and controls will be evaluated.
  • To assess the progress of the mitigation plan and the initial assessment.
  • To agree on a strategy to mitigate risks.

Answer : Threats, vulnerabilities, and controls will be evaluated. To assess the progress of the mitigation plan and the initial assessment. To agree on a strategy to mitigate risks.

You are the project manager NKJ project for your company. The success or failure of the project has a significant impact on the profitability of the organization for the coming year. Management has asked you to identify the risk events and communicate with the probability and impact of the event at the earliest possible stage of the project. Management wants to avoid the risks of events and must be analyzed the cost-benefits of each risk event on this project. What is the term given to tolerance of low-level stakeholders in this project?


Options are :

  • None
  • Risk utility functio
  • Risk and mentality
  • The relaxation-ready project managemen
  • risk aversion

Answer : Risk utility functio

Frank is a project manager NHH Project. He works as a project team to create a plan to document procedures to manage risks throughout the project. This document defines how the risks are identified and quantified. It also defines how the project is implemented contingency plans. What the document is Frank and NHH project team in creating this scenario?


Options are :

  • Risk Management plan
  • The project management plan
  • None
  • The resource management plan
  • The project plan

Answer : Risk Management plan

DIACAP applies to the acquisition, use and sustainment of any DoD system that collects, stores, transmits or processes unclassified or classified information since December 1997. What are the steps identified by DIACAP? Each correct answer represents a complete solution. Check all that apply


Options are :

  • definition systems
  • The professional requirements
  • confirmation
  • Validation
  • Accreditation
  • Identification

Answer : definition systems The professional requirements confirmation Validation

Which of the following directives of the Ministry of Defense called Defense Automation Resources Management Manual?


Options are :

  • DoD 7950.1-M
  • Dodd 8000.1
  • DoD 8910.1
  • DoD 5200.22-M
  • DoD 5200.1-R

Answer : DoD 7950.1-M

CAP Certified Authorization Professional Practice Exam Set 8

James work in the IT systems for staff Soft Tech Inc. He performs the following tasks: Runs regular backups and routine tests the validity of the backup data. Carried out recovering data from backups when needed. Maintain established in accordance with the archived data classification policy. What is the role of James in the organization?


Options are :

  • None
  • user
  • nurse
  • manager
  • Owner

Answer : nurse

Which of the following is the 1996 US federal law, the purpose of which is to improve the way the federal government to acquire, use and dispose of information technology?


Options are :

  • Paperwork Reduction Act
  • Lanham Act
  • Clinger-CohenAct
  • Computer Misuse Act
  • None

Answer : Clinger-CohenAct

Which of the following in the role of a professional monitor and participate in the organization's configuration management process?


Options are :

  • officer
  • Chief information Officer
  • None
  • The Joint Supervisory Provider
  • Senior Agency Information Security Officer

Answer : The Joint Supervisory Provider

Which of the following is a subset discipline of Corporate Governance focused on information security and their performance and risk management?


Options are :

  • Computer Abuse Ac
  • Clinger-Cohen Act
  • ISG
  • Lanham Act
  • None

Answer : ISG

What type of access control have a username and password system include?


Options are :

  • administrative
  • power
  • technical
  • physical
  • None

Answer : technical

You are the project manager NHH project for your company. You have completed the first round of the risk management plan and created the four outputs of risk response planning process. Which of the following is not a risk-off response planning?


Options are :

  • None
  • Risk Register Updates
  • PROJECT DOCUMENT Updates
  • Organizational process assets updates
  • risks associated with contractual decisions

Answer : Organizational process assets updates

CAP Certified Authorization Professional Practice Exam Set 9

Gary is a project manager for his project. He and the project team have conducted a qualitative risk analysis during and stepping into a quantitative risk analysis process as Marian, the project sponsor, wants to know what quantitative risk analysis to check. Which of the following best defines what quantitative risk analysis to check?


Options are :

  • the risk of quantitative analysis is to determine the actual cost of the determination of each identified risk event and the probability of each risk event risk.
  • Quantitative risk analysis reviews the results of risk identification and risk of the project prepares flexibility.
  • None
  • During the quantitative risk analysis to analyze the impact of risk events that may materially affect the competing demands of the project.
  • During the quantitative risk analysis examines risk events and their probability of impact on the project objectives.

Answer : During the quantitative risk analysis to analyze the impact of risk events that may materially affect the competing demands of the project.

Project to use the device, if the temperature of the engine exceeds 450 degrees Fahrenheit machine overheats and is closed for 48 hours. If this machine to overheat even once it delays by the end of the project. Working on a project to create a response that would reach the temperature of the machine 430, the machine is stopped to cool the at least one hour. Temperature 430 is called what?


Options are :

  • None
  • risk event
  • risk trigger
  • risk identification
  • Respond to risks

Answer : risk trigger

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions