CAP Certified Authorization Professional Practice Exam Set 8

Which of the following steps do not change management process start?


Options are :

  • Phase 1
  • None
  • step 4
  • step 2
  • step 3

Answer : step 4

Ned is a project manager HNN project for your company. Ned has asked you to help him carry out his project with some probability. What percentage of the project you are likely to use the distributions?


Options are :

  • risk identification
  • None
  • Risk probabilityand impact matrices
  • The risk of bias in new resources
  • Uncertainty values such as the duration of the scheduled activity

Answer : Uncertainty values such as the duration of the scheduled activity

In which the following steps are DITSCAP SSAA developed?


Options are :

  • step 4
  • step 3
  • step 2
  • None
  • Phase 1

Answer : Phase 1

Which of the following statements is true about the continuous monitoring of the process?


Options are :

  • It takes place before and after the system security accreditation.
  • None
  • It occurs when the initial system security accreditation.
  • It takes place in the middle of system security accreditation.
  • It takes place before the first system security accreditation.

Answer : It occurs when the initial system security accreditation.

CAP Certified Authorization Professional Practice Exam Set 1

What are the objectives of risk management? Each correct answer represents a complete solution. Choose three.


Options are :

  • Assessing the impact of potential threats
  • Finding the economic balance between the risk and the cost of the impact countermeasure
  • the identification of the accused
  • identification of risk

Answer : Assessing the impact of potential threats Finding the economic balance between the risk and the cost of the impact countermeasure identification of risk

What is not considered an environmental threat the source of the following?


Options are :

  • Hurricane
  • None
  • chemical
  • pollution
  • water

Answer : Hurricane

FITSAF stands for Federal Information Technology Security Evaluation Model. It is the safety of the method of assessment of information systems. Which of the following FITSAF level indicates that the procedures and controls have been implemented?


Options are :

  • level 3
  • level 4
  • level 2
  • level 1
  • level 5

Answer : level 3

Which of the following is the organization's security policy to implement the result of regulatory or other legal requirements?


Options are :

  • None
  • informative policy
  • regulatory policy
  • system Security policy
  • Advisory policy

Answer : regulatory policy

CAP Certified Authorization Professional Practice Exam Set 1

Which of the following formulas were developed FIPS 199 categorization information system


Options are :

  • SC information = {(confidentiality, impact), (integrity, impact), (availability, impact)}
  • None
  • SC information = {(confidentiality, impact), (integrity, controls), (availability, risk)}
  • SC information = {(confidentiality, controls), (integrity, controls), (access, controls)}
  • SC information = {(a confidentiality risk), (integrity, impact), (access, controls)}

Answer : SC information = {(confidentiality, impact), (integrity, impact), (availability, impact)}

Which of the following processes are used to protect data is based on secrecy, sensitivity, or such?


Options are :

  • data Classification
  • Configuration Management
  • change management
  • Hiding data
  • None

Answer : data Classification

Which of the following documents NIST defines effects?


Options are :

  • None
  • NIST SP 800-30
  • NIST SP 800-26
  • NIST SP 800-53
  • NIST SP 800-53A

Answer : NIST SP 800-30

Amy is a project manager for his company. His current project organization is very low tolerance for risk events that affect the project schedule. Management has asked Amy to consider the impact of all risks in the project schedule. What approach can take Amy to create risks that affect the project schedule prejudices?


Options are :

  • He may be a project to alleviate their time estimates chassis delays in the project schedule.
  • He can not filter all the risks based on their impact on the project schedule compared to other objectives.
  • None
  • He may delegate risky activities affecting the project schedule from the critical path as much as possible.
  • He can create the entire project rating system reflects a bias towards threatening the project schedule

Answer : He can create the entire project rating system reflects a bias towards threatening the project schedule

Which of the following statements is true about the remaining risks?


Options are :

  • It is a probabilistic risk after the implementation of all safety measures.
  • None
  • It can be considered as an indication of the vulnerability threats together.
  • It is a probabilistic risk before the implementation of security measures.
  • It is a weakness or deficiency in ensuring that threat can be utilized.

Answer : It is a probabilistic risk after the implementation of all safety measures.

Which of the following correctly describes the relations between the residual risk?


Options are :

  • The residual Risk = threats Exploit x x x the net asset value of the control Gap
  • None
  • The residual Risk = threats weakness x x x Asset Gap Gap Control
  • The residual Risk = threats Exploit x x x the net asset value of the control Gap
  • The residual Risk = threats weakness x x x the net asset value of the control Gap

Answer : The residual Risk = threats weakness x x x the net asset value of the control Gap

CAP Certified Authorization Professional Practice Exam Set 3

The project has a number of risks, which can cause serious economic consequences should they occur. You have studied the risk of events and made some responses to risk events in the risk but the management wants you to do more. They would like to create some kind of diagram of risk were identified with the probability and impact of the amount of the contribution for each risk event. What is the likely outcome of creating this type of chart?


Options are :

  • Respond to risks
  • Booking contingencies
  • The risk response plan
  • None
  • quantitative analysis

Answer : Booking contingencies

Which of the following formulas were developed FIPS 199 categorization data type?


Options are :

  • None
  • SC information type = {(a confidentiality risk), (integrity risk), (availability, risk)}
  • SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}
  • SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}
  • SC information type = {(confidentiality, controls), (integrity, controls), (authentication, control)}

Answer : SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}

Which of the following individuals shall inform all participants in the C & A life cycle operations, safety requirements and documented the needs of users?


Options are :

  • None
  • Certification Agent
  • IS Program Manager
  • The operator's representative
  • DAA

Answer : IS Program Manager

Which of the following steps begins with an overview of SSAA is DITSCAP accreditation?


Options are :

  • None
  • step 4
  • step 2
  • Phase 1
  • step 3

Answer : step 3

Step 2 DITSCAP C & known confirmation. The aim of this step is to provide a fully integrated system of certification testing and the accreditation. What are the activities of the process at this point? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Registration
  • Configuration refinement SSAA
  • The evaluation test result,
  • The development of the system
  • certification analysis

Answer : Configuration refinement SSAA The evaluation test result, The development of the system certification analysis

You are the project manager of greenhouse gas emissions from the project. You are preparing a quantitative during the risk analysis. You are using an organizational process assets to help you complete a quantitative risk analysis process. Which of the following is not a valid reason to use the funds as part of the organization process during the quantitative risk analysis?


Options are :

  • You are using an organization's process of trials, the property of similar projects Risk Expert Team.
  • You are using the organization's process property information on previous similar projects.
  • None
  • You are using an organizational process assets risk databases that may be available to industry sources.
  • You are using an organizational process assets to determine the cost of all the risks within current events project.

Answer : You are using an organizational process assets to determine the cost of all the risks within current events project.

CAP Certified Authorization Professional Practice Exam Set 11

Walter is a large construction project manager. He has worked with several suppliers to the project. Sellers will provide materials and labor project.Some several parts of the project works are very dangerous, so Walter has carried out safety requirements for all vendors and your project team. Stakeholders of the project have added new requirements that have led to new risks in the project. The supplier has identified a new risk, which can affect the project, if it comes to fruition. Walter agrees with the seller, and it has been updated therisk register and to create risk responses to mitigate the risk. What will Walter also update in this scenario into account the risk of the event?


Options are :

  • The project management plan
  • The project scope
  • The project communication plan
  • None
  • Projectcontractual relationship between the seller

Answer : The project management plan

You and your project team are just starting to risk identification project, which is scheduled to last 18 months. The project team has already identified a long list of risks that need to be analyzed. How often do you and your project team to identify risks?


Options are :

  • Several times, until the project moves embodiment
  • Identify risks is an iterative process.
  • It depends on how much risk initially identified.
  • At least once a month
  • None

Answer : Identify risks is an iterative process.

Which of the following administrative practice requires to determine the persons or organizations engaged in good practice in relation to the organization in the field?


Options are :

  • diligence
  • Segregation of duties
  • None
  • need to know
  • Segregation of duties

Answer : diligence

Which of the following is NOT responsible for the data owner?


Options are :

  • None
  • the approval of access requests
  • In which liability is day-to-day maintenance of the data protection mechanisms guardian information
  • Ensuring adequate security controls are in place
  • Maintaining and data protection

Answer : Maintaining and data protection

Which of the following documents are used to provide the basic approach to the assessment of NIST SP 800-53 security controls?


Options are :

  • None
  • NIST SP 800-53A
  • NIST SP 800-37
  • NIST SP 800-41
  • NIST SP 800-66

Answer : NIST SP 800-37

Which of the following is NOT a goal of a safety program?


Options are :

  • Entry
  • safety training
  • None
  • security plan
  • security organization

Answer : security plan

CAP Certified Authorization Professional Practice Exam Set 5

Which of the following refers to the security document, which is used by the US Department of Defense (DoD) to describe and adoption of networks and systems?


Options are :

  • None
  • SSAA
  • TCSEC
  • FITSAF
  • FIPS

Answer : SSAA

According to the US Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and controllers called the IA control. Which of the following eight areas are defined by the Ministry of Defense IA? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • DC Safety Design and Configuration
  • the acquisition of information systems, and Maintenance
  • VI weakness and Event Managemen
  • EC Enclave and Computing Environment

Answer : DC Safety Design and Configuration VI weakness and Event Managemen EC Enclave and Computing Environment

Which of the following assessment methods are used to examine, inspect and analyze the assessment objects?


Options are :

  • interview
  • Testing
  • research
  • None
  • error correction

Answer : research

Penetration testing (pen testing is also called) is in practice to test a computer system, network, or Web application to find vulnerabilities that an attacker can exploit. What can make use of a penetration test of the following areas? Each correct answer represents a complete solution. Check all that apply.


Options are :

  • Social engineering
  • kernel error
  • race conditions
  • buffer overflows
  • information system architectures
  • Trojan horses

Answer : Social engineering race conditions buffer overflows

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions