How Many Questions Of CAP Study Guide

NEW QUESTION 1
Which of the following individuals is responsible for configuration management and control task?

• A. Authorizing official
• B. Information system owner
• C. Chief information officer
• D. Common control provider

Answer: B

NEW QUESTION 2
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process?
Each correct answer represents a complete solution. Choose all that apply.

• A. Develop DIACAP strategy.
• B. Assign IA controls.
• C. Assemble DIACAP team.
• D. Initiate IA implementation plan.
• E. Register system with DoD Component IA Program.
• F. Conduct validation activity.

Answer: ABCDE

NEW QUESTION 3
Which of the following is used in the practice of Information Assurance (IA) to define assurance requirements?

• A. Classic information security model
• B. Communications Management Plan
• C. Five Pillars model
• D. Parkerian Hexad

Answer: A

NEW QUESTION 4
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs?

• A. IS program manager
• B. Certification Agent
• C. User representative
• D. DAA

Answer: A

NEW QUESTION 5
Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project's deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?

• A. Mitigation
• B. Acceptance
• C. Transference
• D. Avoidance

Answer: A

NEW QUESTION 6
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

• A. Information system owner
• B. Authorizing Official
• C. Chief Risk Officer (CRO)
• D. Chief Information Officer (CIO)

Answer: A

NEW QUESTION 7
Beth is the project manager of the BFG Project for her company. In this project Beth has decided to create a contingency response based on the performance of the project schedule. If the project schedule variance is greater than $10,000 the contingency plan will be implemented. What is the formula for the schedule variance?

• A. SV=EV-PV
• B. SV=EV/AC
• C. SV=PV-EV
• D. SV=EV/PV

Answer: A

NEW QUESTION 8
In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

• A. Phase 2
• B. Phase 3
• C. Phase 1
• D. Phase 4

Answer: B

NEW QUESTION 9
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies?
Each correct answer represents a complete solution. Choose all that apply.

• A. Systematic
• B. Regulatory
• C. Advisory
• D. Informative

Answer: BCD

NEW QUESTION 10
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

• A. Cost management plan
• B. Quality management plan
• C. Procurement management plan
• D. Stakeholder register

Answer: C

NEW QUESTION 11
Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States?

• A. Computer Fraud and Abuse Act
• B. FISMA
• C. Lanham Act
• D. Computer Misuse Act

Answer: B

NEW QUESTION 12
You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?

• A. Information on prior, similar projects
• B. Review of vendor contracts to examine risks in past projects
• C. Risk databases that may be available from industry sources
• D. Studies of similar projects by risk specialists

Answer: B

NEW QUESTION 13
Which of the following NIST publications defines impact?

• A. NIST SP 800-41
• B. NIST SP 800-37
• C. NIST SP 800-30
• D. NIST SP 800-53

Answer: C

NEW QUESTION 14
You are the project manager for your organization. You are working with your key stakeholders in the qualitative risk analysis process. You understand that there is certain bias towards the risk events in the project that you need to address, manage, and ideally reduce. What solution does the PMBOK recommend to reduce the influence of bias during qualitative risk analysis?

• A. Establish the definitions of the levels of probability and impact
• B. Isolate the stakeholders by project phases to determine their risk bias
• C. Involve all stakeholders to vote on the probability and impact of the risk events
• D. Provideiterations of risk analysis for true reflection of a risk probability and impact

Answer: A

NEW QUESTION 15
The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

• A. Registration
• B. Document mission need
• C. Negotiation
• D. Initial Certification Analysis

Answer: ABC

NEW QUESTION 16
Which of the following RMF phases identifies key threats and vulnerabilities that could compromise the confidentiality, integrity, and availability of the institutional critical assets?

• A. Phase 2
• B. Phase 1
• C. Phase 3
• D. Phase 0

Answer: B

NEW QUESTION 17
Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

• A. Acceptance
• B. Mitigation
• C. Avoidance
• D. Transference

Answer: C

NEW QUESTION 18
In which type of access control do user ID and password system come under?

• A. Administrative
• B. Technical
• C. Physical
• D. Power

Answer: B

NEW QUESTION 19
You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a long list of risks that need to be analyzed. How often should you and the project team do risk identification?

• A. At least once per month
• B. Identify risks is an iterative process.
• C. It depends on how many risks are initially identified.
• D. Several times until the project moves into execution

Answer: B

NEW QUESTION 20
......