All About Free CAP Braindumps

NEW QUESTION 1
Eric is the project manager of the MTC project for his company. In this project a vendor has offered Eric a sizeable discount on all hardware if his order total for the project is more than $125,000. Right now, Eric is likely to spend $118,000 with vendor. If Eric spends $7,000 his cost savings for the project will be $12,500, but he cannot purchase hardware if he cannot implement the hardware immediately due to organizational policies. Eric consults with Amy and Allen, other project managers in the organization, and asks if she needs any hardware for their projects. Both Amy and Allen need hardware and they agree to purchase the hardware through Eric's relationship with the vendor. What positive risk response has happened in this instance?

• A. Transference
• B. Exploiting
• C. Sharing
• D. Enhancing

Answer: C

NEW QUESTION 2
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

• A. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
• B. Certification is a comprehensive assessment of the management, operational, and technical security controls inan information system.
• C. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: AB

NEW QUESTION 3
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?
Each correct answer represents a complete solution. Choose all that apply.

• A. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
• B. An ISSO takes part in the development activities that are required to implement system ch anges.
• C. An ISSE provides advice on the continuous monitoring of the information system.
• D. An ISSE provides advice on the impacts of system changes.
• E. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

Answer: CDE

NEW QUESTION 4
Which of the following NIST C&A documents is the guideline for identifying an information system as a National Security System?

• A. NIST SP800-53
• B. NIST SP 800-59
• C. NIST SP 800-37
• D. NIST SP 800-53A

Answer: B

NEW QUESTION 5
Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?

• A. DoD 8000.1
• B. DoD 5200.40
• C. DoD 5200.22-M
• D. DoD 8910.1

Answer: B

NEW QUESTION 6
Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program?
Each correct answer represents a complete solution. Choose all that apply.

• A. Security organization
• B. System classification
• C. Information classification
• D. Security education

Answer: ACD

NEW QUESTION 7
You are the project manager of the GGG project. You have completed the risk identification process for the initial phases of your project. As you begin to document the risk events in the risk register what additional information can you associate with the identified risk events?

• A. Risk schedule
• B. Risk potential responses
• C. Risk cost
• D. Risk owner

Answer: B

NEW QUESTION 8
An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official?
Each correct answer represents a complete solution. Choose all that apply.

• A. Establishing and implementing the organization's continuous monitoring program
• B. Determining the requirement of reauthorization and reauthorizing information systems when required
• C. Reviewing security status reports and critical security documents
• D. Ascertaining the security posture of the organization's information system

Answer: BCD

NEW QUESTION 9
Which of the following are the objectives of the security certification documentation task?
Each correct answer represents a complete solution. Choose all that apply.

• A. To prepare the Plan of Action and Milestones (POAM) based on the security assessment
• B. To provide the certification findings and recommendations to the information system owner
• C. To assemble the final security accreditation package and then submit it to the authorizing o fficial
• D. To update the system security plan based on the results of the security assessment

Answer: ABCD

NEW QUESTION 10
You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is. Which of the following risk processes is repeated after the plan risk responses to determine if the overall project risk has been satisfactorily decreased?

• A. Risk identification
• B. Qualitative risk analysis
• C. Risk response implementation
• D. Quantitative risk analysis

Answer: D

NEW QUESTION 11
You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?

• A. Seven
• B. Three
• C. Four
• D. One

Answer: C

NEW QUESTION 12
Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

• A. Auditor
• B. User
• C. Data custodian
• D. Data owner

Answer: A

NEW QUESTION 13
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process?
Each correct answer represents a complete solution. Choose all that apply.

• A. Conduct activities related to the disposition of the system data and objects.
• B. Execute and update IA implementation plan.
• C. Conduct validation activities.
• D. Combine validation results in DIACAP scorecard.

Answer: BCD

NEW QUESTION 14
You are the project manager for your organization. You have determined that an activity is too dangerous to complete internally so you hire licensed contractor to complete the work. The contractor, however, may not complete the assigned work on time which could cause delays in subsequent work beginning. This is an example of what type of risk event?

• A. Secondary risk
• B. Transference
• C. Internal
• D. Pure risk

Answer: A

NEW QUESTION 15
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

• A. Level 4
• B. Level 1
• C. Level 3
• D. Level 5
• E. Level 2

Answer: C

NEW QUESTION 16
Which of the following are included in Administrative Controls?
Each correct answer represents a complete solution. Choose all that apply.

• A. Conducting security-awareness training
• B. Screening of personnel
• C. Monitoring for intrusion
• D. Implementing change control procedures
• E. Developing policy

Answer: ABDE

NEW QUESTION 17
Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis process when Mary, the project sponsor, wants to know what quantitative risk analysis will review. Which of the following statements best defines what quantitative risk analysis will review?

• A. The quantitative risk analysis process will analyze the effect of risk events that may substantially impact the project's competing demands.
• B. The quantitative risk analysis reviews the results of risk identification and prepares the project for risk response management.
• C. The quantitative risk analysis process will review risk events for their probability and impact on the project objectives.
• D. The quantitative risk analysis seeks to determine the true cost of each identified risk event and the probability of each risk event to determine the risk exposure.

Answer: A

NEW QUESTION 18
Which of the following are the types of assessment tests addressed in NIST SP 800-53A?

• A. Functional, penetration, validation
• B. Validation, evaluation, penetration
• C. Validation, penetration, evaluation
• D. Functional, structural, penetration

Answer: D

NEW QUESTION 19
Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

• A. Harry is correct, because the risk probability and impact considers all objectives of the proj ect.
• B. Harry is correct, the risk probability and impact matrix is the only approach to risk assessm ent.
• C. Sammy is correct, because sheis the project manager.
• D. Sammy is correct, because organizations can create risk scores for each objective of the pr oject.

Answer: D

NEW QUESTION 20
......