What High Quality CAP Free Practice Test Is

NEW QUESTION 1
You are preparing to complete the quantitative risk analysis process with your project team and several subject matter experts. You gather the necessary inputs including the project's cost management plan. Why is it necessary to include the project's cost management plan in the preparation for the quantitative risk analysis process?

• A. The project's cost management plan can help you to determine what the total cost of the project is allowed to be.
• B. The project's cost management plan provides direction on how costs may be changed due to identified risks.
• C. The project's cost management plan provides control that may help determine the structure for quantitative analysis of the budget.
• D. The project's cost management plan is not an input to the quantitative risk analysis process .

Answer: C

NEW QUESTION 2
Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

• A. Chief Information Security Officer
• B. Senior Management
• C. Information Security Steering Committee
• D. Business Unit Manager

Answer: B

NEW QUESTION 3
The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

• A. Perform certification evaluation of the integrated system
• B. System development
• C. Certification and accreditation decision
• D. Develop recommendation to the DAA
• E. Continue to review and refine the SSAA

Answer: ACDE

NEW QUESTION 4
Which of the following assessment methodologies defines a six-step technical security evaluation?

• A. FITSAF
• B. FIPS 102
• C. OCTAVE
• D. DITSCAP

Answer: B

NEW QUESTION 5
Sam is the project manager of a construction project in south Florida. This area of the United States is prone to hurricanes during certain parts of the year. As part of the project plan Sam and the project team acknowledge the possibility of hurricanes and the damage the hurricane could have on the project's deliverables, the schedule of the project, and the overall cost of the project.
Once Sam and the project stakeholders acknowledge the risk of the hurricane they go on planning the project as if the risk is not likely to happen. What type of risk response is Sam using?

• A. Mitigation
• B. Avoidance
• C. Passive acceptance
• D. Active acceptance

Answer: C

NEW QUESTION 6
A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?

• A. Add the identified risk to a quality control management control chart.
• B. Add the identified risk to the risk register.
• C. Add the identified risk to the issues log.
• D. Add the identified risk to the low-level risk watchlist.

Answer: B

NEW QUESTION 7
Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost and schedule baselines. Why would the risk response planning cause Tom the need to update the cost and schedule baselines?

• A. New or omitted work as part of a risk responsecan cause changes to the cost and/or schedule baseline.
• B. Risk responses protect the time and investment of the project.
• C. Baselines should not be updated, but refined through versions.
• D. Risk responses may take time and money to implement.

Answer: A

NEW QUESTION 8
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

• A. Maintenance of the SSAA
• B. Compliance validation
• C. Change management
• D. System operations
• E. Security operations
• F. Continue to review and refine the SSAA

Answer: ABCDE

NEW QUESTION 9
Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

• A. IFB
• B. RFI
• C. RFQ
• D. RFP

Answer: B

NEW QUESTION 10
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on nature. According to this criteria, which of the following controls consists of incident response processes, management oversight, security awareness, and training?

• A. Technical control
• B. Physical control
• C. Procedural control
• D. Compliance control

Answer: C

NEW QUESTION 11
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Information Assurance Manager
• B. Designated Approving Authority
• C. IS program manager
• D. User representative
• E. Certification agent

Answer: BCDE

NEW QUESTION 12
The Project Risk Management knowledge area focuses on which of the following processes?
Each correct answer represents a complete solution. Choose all that apply.

• A. Quantitative Risk Analysis
• B. Potential Risk Monitoring
• C. Risk Monitoring and Control
• D. Risk Management Planning

Answer: ACD

NEW QUESTION 13
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

• A. DoD 5200.22-M
• B. DoD 5200.1-R
• C. DoD 8910.1
• D. DoDD 8000.1
• E. DoD 7950.1-M

Answer: E

NEW QUESTION 14
Which of the following NIST documents defines impact?

• A. NIST SP 800-26
• B. NIST SP 800-53A
• C. NIST SP 800-53
• D. NIST SP 800-30

Answer: D

NEW QUESTION 15
You are the project manager for a construction project. The project includes a work that involves very high financial risks. You decide to insure processes so that any ill happening can be compensated. Which type of strategies have you used to deal with the risks involved with that particular work?

• A. Transfer
• B. Mitigate
• C. Accept
• D. Avoid

Answer: A

NEW QUESTION 16
Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?

• A. IATT
• B. ATO
• C. IATO
• D. DATO

Answer: C

NEW QUESTION 17
Which of the following is not a part of Identify Risks process?

• A. Decision tree diagram
• B. Cause and effect diagram
• C. Influence diagram
• D. System or process flow chart

Answer: A

NEW QUESTION 18
Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a profityou??re your organization seizes this opportunity it would be an example of what risk response?

• A. Opportunistic
• B. Positive
• C. Enhancing
• D. Exploiting

Answer: D

NEW QUESTION 19
Certification and Accreditation (C&A or CnA) is a process for implementing information security.
Which of the following is the correct order of C&A phases in a DITSCAP assessment?

• A. Definition, Validation, Verification, and Post Accreditation
• B. Verification, Definition, Validation, and Post Accreditation
• C. Verification, Validation, Definition, and Post Accreditation
• D. Definition, Verification, Validation, and Post Accreditation

Answer: D

NEW QUESTION 20
......