The Secret Of ISC2 CAP Pdf Exam

NEW QUESTION 1
Thomas is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project time and money. Positive risk events, such as these within the NHJ Project are also known as what?

• A. Opportunities
• B. Benefits
• C. Ancillary constituent components
• D. Contingency risks

Answer: A

NEW QUESTION 2
You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

• A. You will use organizational process assets for risk databases that may be available from industry sources.
• B. You will use organizational process assets for studies of similar projects by risk specialists.
• C. You will use organizational process assets to determine costs of all risks events within thecurrent project.
• D. You will use organizational process assets for information from prior similar projects.

Answer: C

NEW QUESTION 3
Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing. Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?

• A. Configuration management system
• B. Change log
• C. Scope change control system
• D. Integrated change control

Answer: D

NEW QUESTION 4
Which of the following processes is described in the statement below?
"It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

• A. Perform Quantitative Risk Analysis
• B. Monitor and Control Risks
• C. Perform Qualitative Risk Analysis
• D. Identify Risks

Answer: B

NEW QUESTION 5
In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?

• A. Phase 3
• B. Phase 1
• C. Phase 2
• D. Phase 0

Answer: C

NEW QUESTION 6
The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0?
Each correct answer represents a complete solution. Choose all that apply.

• A. Review documentation and technical data.
• B. Apply classification criteria to rank data assets and related IT resources.
• C. Establish criteria that will be used to classify and rank data assets.
• D. Identify threats, vulnerabilities, and controls that will be evaluated.
• E. Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.

Answer: BCDE

NEW QUESTION 7
You work as a project manager for TechSoft Inc. You are working with the project stakeholders onthe qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?

• A. Risk Reassessment
• B. Risk Categorization
• C. Risk Urgency Assessment
• D. Risk Data Quality Assessment

Answer: A

NEW QUESTION 8
The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations issued by the DAA?
Each correct answer represents a complete solution. Choose all that apply.

• A. IATO
• B. ATO
• C. IATT
• D. ATT
• E. DATO

Answer: ABCE

NEW QUESTION 9
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

• A. FITSAF
• B. TCSEC
• C. FIPS
• D. SSAA

Answer: B

NEW QUESTION 10
Rob is the project manager of the IDLK Project for his company. This project has a budget of $5,600,000 and is expected to last 18 months. Rob has learned that a new law may affect how the project is allowed to proceed - even though the organization has already invested over $750,000 in the project. What risk response is the most appropriate for this instance?

• A. Transference
• B. Mitigation
• C. Enhance
• D. Acceptance

Answer: D

NEW QUESTION 11
Which of the following formulas was developed by FIPS 199 for categorization of an information type?

• A. SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}
• B. SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}
• C. SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}
• D. SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}

Answer: B

NEW QUESTION 12
You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks.
Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?

• A. A qualitative risk analysis requires fast and simple data to complete the analysis.
• B. A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
• C. A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
• D. A qualitative risk analysis encourages biased data to reveal risk tolerances.

Answer: B

NEW QUESTION 13
Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

• A. Sammy is correct, because organizations can create risk scores for each objective of the project.
• B. Harry is correct, because the risk probability and impact considers all objectives of the project.
• C. Harry is correct, the risk probability and impact matrix is the only approach to risk assessment.
• D. Sammy is correct, because she is the project manager.

Answer: A

NEW QUESTION 14
Which of the following RMF phases is known as risk analysis?

• A. Phase 0
• B. Phase 1
• C. Phase 2
• D. Phase 3

Answer: C

NEW QUESTION 15
Which of the following phases begins with a review of the SSAA in the DITSCAP accreditation?

• A. Phase 1
• B. Phase 4
• C. Phase 3
• D. Phase 2

Answer: C

NEW QUESTION 16
An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?

• A. Anonymous
• B. Multi-factor
• C. Biometrics
• D. Mutual

Answer: B

NEW QUESTION 17
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

• A. The Change Manager
• B. The IT Security Manager
• C. The Service Level Manager
• D. The Configuration Manager

Answer: B

NEW QUESTION 18
Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?

• A. Uncertainty in values such as duration of schedule activities
• B. Bias towards risk in new resources
• C. Risk probabilityand impact matrixes
• D. Risk identification

Answer: A

NEW QUESTION 19
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?

• A. Confidential, Secret, and High
• B. Minimum, Moderate, and High
• C. Low, Normal, and High
• D. Low, Moderate, and High

Answer: D

NEW QUESTION 20
......