The Improved Guide To CAP Test

NEW QUESTION 1
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media?

• A. RTM
• B. CRO
• C. DAA
• D. ATM

Answer: A

NEW QUESTION 2
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation?
Each correct answer represents a complete solution. Choose all that apply.

• A. System accreditation
• B. Type accreditation
• C. Site accreditation
• D. Secure accreditation

Answer: ABC

NEW QUESTION 3
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD?
Each correct answer represents a complete solution. Choose all that apply.

• A. DC Security Design & Configuration
• B. VI Vulnerability and Incident Management
• C. EC Enclave and Computing Environment
• D. Information systems acquisition, development, and maintenance

Answer: ABC

NEW QUESTION 4
Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?

• A. Senior Agency Information Security Officer
• B. Authorizing Official
• C. Common Control Provider
• D. Chief Information Officer

Answer: C

NEW QUESTION 5
You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

• A. Cost plus incentive fee
• B. Time and materials
• C. Cost plus percentage of costs
• D. Fixed fee

Answer: C

NEW QUESTION 6
Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

• A. The Supplier Manager
• B. The IT Service Continuity Manager
• C. The Service Catalogue Manager
• D. The Configuration Manager

Answer: A

NEW QUESTION 7
Neil works as a project manager for SoftTech Inc. He is working with Tom, the COO of his company, on several risks within the project. Tom understands that through qualitative analysis Neil has identified many risks in the project. Tom's concern, however, is that the priority list of these risk events are sorted in "high-risk," "moderate-risk," and "low-risk" as conditions apply within the project. Tom wants to know that is there any other objective on which Neil can make the priority list for project risks. What will be Neil's reply to Tom?

• A. Risk may be listed by the responses inthe near-term
• B. Risks may be listed by categories
• C. Risks may be listed by the additional analysis and response
• D. Risks may be listed by priority separately for schedule, cost, and performance

Answer: D

NEW QUESTION 8
Your organization has a project that is expected to last 20 months but the customer would really like the project completed in 18 months. You have worked on similar projects in the past and believe that you could fast track the project and reach the 18 month deadline. What increases when you fast track a project?

• A. Risks
• B. Costs
• C. Resources
• D. Communication

Answer: A

NEW QUESTION 9
Which of the following recovery plans includes a monitoring process and triggers for initiating planned actions?

• A. Contingency plan
• B. Business continuity plan
• C. Disaster recovery plan
• D. Continuity of Operations Plan

Answer: A

NEW QUESTION 10
What NIACAP certification levels are recommended by the certifier?
Each correct answer represents a complete solution. Choose all that apply.

• A. Minimum Analysis
• B. Basic System Review
• C. Detailed Analysis
• D. Maximum Analysis
• E. Comprehensive Analysis
• F. Basic Security Review

Answer: ACEF

NEW QUESTION 11
John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

• A. Risk Response Plan
• B. Risk Management Plan
• C. Project ManagementPlan
• D. Communications Management Plan

Answer: D

NEW QUESTION 12
Fred is the project manager of the CPS project. He is working with his project team to prioritize the identified risks within the CPS project. He and the team are prioritizing risks for further analysis or action by assessing and combining the risks probability of occurrence and impact.
What process is Fred completing?

• A. Risk identification
• B. Perform qualitative analysis
• C. Perform quantitative analysis
• D. Risk Breakdown Structure creation

Answer: B

NEW QUESTION 13
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

• A. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• C. Certification isthe official management decision given by a senior agency official to authorize operation of an information system.
• D. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: AD

NEW QUESTION 14
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

• A. Project contractual relationship with the vendor
• B. Project communications plan
• C. Project management plan
• D. Project scope statement

Answer: C

NEW QUESTION 15
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

• A. Level 2
• B. Level 5
• C. Level 4
• D. Level 1
• E. Level 3

Answer: E

NEW QUESTION 16
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)?
Each correct answer represents a complete solution. Choose all that apply.

• A. NIST Special Publication 800-53A
• B. NIST Special Publication 800-37A
• C. NIST Special Publication 800-59
• D. NIST Special Publication 800-53
• E. NIST Special Publication 800-37
• F. NIST Special Publication 800-60

Answer: ACDEF

NEW QUESTION 17
Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

• A. The custodian implements the information classification scheme after the initial assignment by the operations manager.
• B. The datacustodian implements the information classification scheme after the initial assignment by the data owner.
• C. The data owner implements the information classification scheme after the initial assignment by the custodian.
• D. The custodian makes the initialinformation classification assignments, and the operations manager implements the scheme.

Answer: B

NEW QUESTION 18
Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

• A. NIST SP 800-53A
• B. NIST SP 800-26
• C. NIST SP 800-53
• D. NIST SP 800-59
• E. NIST SP 800-60
• F. NIST SP 800-37

Answer: B

NEW QUESTION 19
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

• A. Authenticity
• B. Confidentiality
• C. Availability
• D. Integrity

Answer: B

NEW QUESTION 20
......