CAP Exam - ISC2 CAP Certified Authorization Professional

NEW QUESTION 1
Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project's deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?

• A. Acceptance
• B. Mitigation
• C. Avoidance
• D. Transference

Answer: B

NEW QUESTION 2
Which of the following is not a part of Identify Risks process?

• A. System or process flow chart
• B. Influence diagram
• C. Decision tree diagram
• D. Cause and effect diagram

Answer: C

NEW QUESTION 3
Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project documents including the plans, assumptions lists, project files, and contracts. What key thing will help Joan to discover risks within the review of the project documents?

• A. The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursue.
• B. Plans that have loose definitions of terms and disconnected approaches will reveal risks.
• C. Poorly written requirements will reveal inconsistencies in the project plans and documents.
• D. Lack of consistency between the plans and the project requirements and assumptions can be the indicators of risk in the project.

Answer: D

NEW QUESTION 4
Beth is the project manager of the BFG Project for her company. In this project Beth has decided to create a contingency response based on the performance of the project schedule. If the project schedule variance is greater than $10,000 the contingency plan will be implemented. What is the formula for the schedule variance?

• A. SV=EV-PV
• B. SV=EV/AC
• C. SV=PV-EV
• D. SV=EV/PV

Answer: A

NEW QUESTION 5
Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?

• A. Project charter
• B. Risk register
• C. Project scope statement
• D. Risk low-level watch list

Answer: B

NEW QUESTION 6
In which of the following phases does the change management process start?

• A. Phase 2
• B. Phase 1
• C. Phase 4
• D. Phase 3

Answer: C

NEW QUESTION 7
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

• A. DoDD 8000.1
• B. DoD 7950.1-M
• C. DoD 5200.22-M
• D. DoD 8910.1
• E. DoD 5200.1-R

Answer: B

NEW QUESTION 8
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.
What levels of potential impact are defined by FIPS 199?
Each correct answer represents a complete solution. Choose all that apply.

• A. Low
• B. Moderate
• C. High
• D. Medium

Answer: ACD

NEW QUESTION 9
You are the project manager of the BlueStar project in your company. Your company is structured as a functional organization and you report to the functional manager that you are ready to move onto the qualitative risk analysis process. What will you need as inputs for the qualitative risk analysis of the project in this scenario?

• A. You will need the risk register, risk management plan, project scope statement, and any relevant organizational process assets.
• B. You will need the risk register, risk management plan, outputs of qualitative risk analysis, and any relevant organizational process assets.
• C. You will need the risk register, risk management plan, permission from the functional manager, and any relevant organizational process assets.
• D. Qualitative risk analysis does not happen through the project manager in a functional struc ture.

Answer: A

NEW QUESTION 10
The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations issued by the DAA?
Each correct answer represents a complete solution. Choose all that apply.

• A. IATO
• B. ATO
• C. IATT
• D. ATT
• E. DATO

Answer: ABCE

NEW QUESTION 11
Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project documents including the plans, assumptions lists, project files, and contracts. What key thing will help Joan to discover risks within the review of the project documents?

• A. Lack of consistency between the plans and the project requirements and assumptions can bethe indicators of risk in the project.
• B. The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursue.
• C. Plans that have loose definitions of terms and disconnected approaches will revealrisks.
• D. Poorly written requirements will reveal inconsistencies in the project plans and documents.

Answer: A

NEW QUESTION 12
Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis process when Mary, the project sponsor, wants to know what quantitative risk analysis will review. Which of the following statements best defines what quantitative risk analysis will review?

• A. The quantitative risk analysis process will analyze the effect of risk events that may substantially impact the project's competing demands.
• B. The quantitative risk analysis reviews the results of risk identification and prepares the project for risk response management.
• C. The quantitative risk analysis process will review risk events for their probability and impact on the project objectives.
• D. The quantitative risk analysis seeks to determine the true cost of each identified risk event and the probability of each risk event to determine the risk exposure.

Answer: A

NEW QUESTION 13
Fill in the blank with an appropriate word.
________ ensures that the information is not disclosed to unauthorized persons or processes.

• A. Confidentiality

Answer: A

NEW QUESTION 14
Which of the following NIST Special Publication documents provides a guideline on network security testing?

• A. NIST SP 800-60
• B. NIST SP 800-53A
• C. NIST SP 800-37
• D. NIST SP 800-42
• E. NIST SP 800-59
• F. NIST SP 800-53

Answer: D

NEW QUESTION 15
Sam is the project manager of a construction project in south Florida. This area of the United States is prone to hurricanes during certain parts of the year. As part of the project plan Sam and the project team acknowledge the possibility of hurricanes and the damage the hurricane could have on the project's deliverables, the schedule of the project, and the overall cost of the project.
Once Sam and the project stakeholders acknowledge the risk of the hurricane they go on planning the project as if the risk is not likely to happen. What type of risk response is Sam using?

• A. Mitigation
• B. Avoidance
• C. Passive acceptance
• D. Active acceptance

Answer: C

NEW QUESTION 16
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media?

• A. RTM
• B. CRO
• C. DAA
• D. ATM

Answer: A

NEW QUESTION 17
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process?
Each correct answer represents a complete solution. Choose all that apply.

• A. Develop DIACAP strategy.
• B. Assign IA controls.
• C. Assemble DIACAP team.
• D. Initiate IA implementation plan.
• E. Register system with DoD Component IA Program.
• F. Conduct validation activity.

Answer: ABCDE

NEW QUESTION 18
Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

• A. The Supplier Manager
• B. The IT Service Continuity Manager
• C. The Service Catalogue Manager
• D. The Configuration Manager

Answer: A

NEW QUESTION 19
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

• A. Risk response plan
• B. Quantitative analysis
• C. Risk response
• D. Contingency reserve

Answer: D

NEW QUESTION 20
......