CAP Exam - ISC2 CAP Certified Authorization Professional

  1. Home
  2. ISC2
  3. CAP Dumps

certleader.com

Your success in ISC2 CAP is our sole target and we develop all our CAP braindumps in a way that facilitates the attainment of this target. Not only is our CAP study material the best you can find, it is also the most detailed and the most updated. CAP Practice Exams for ISC2 CAP are written to the highest standards of technical accuracy.

Online ISC2 CAP free dumps demo Below:

NEW QUESTION 1
Certification and Accreditation (C&A or CnA) is a process for implementing information security.
Which of the following is the correct order of C&A phases in a DITSCAP assessment?

  • A. Definition, Validation, Verification, and Post Accreditation
  • B. Verification, Definition, Validation, and Post Accreditation
  • C. Definition, Verification, Validation, and Post Accreditation
  • D. Verification, Validation, Definition, and Post Accreditation

Answer: C

NEW QUESTION 2
Which of the following is NOT a phase of the security certification and accreditation process?

  • A. Initiation
  • B. Security certification
  • C. Operation
  • D. Maintenance

Answer: C

NEW QUESTION 3
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used?
Each correct answer represents a complete solution. Choose all that apply.

  • A. To implement the design of system architecture
  • B. To determine the adequacy of security mechanisms, assurances, and other properties to enforce the security policy
  • C. To assess the degree of consistency between the system documentation and its implement ation
  • D. To uncover design, implementation, and operational flaws that may allow the violation of security policy

Answer: BCD

NEW QUESTION 4
Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

  • A. Chief Information Security Officer
  • B. Senior Management
  • C. Information Security Steering Committee
  • D. Business Unit Manager

Answer: B

NEW QUESTION 5
Which of the following statements about Discretionary Access Control List (DACL) is true?

  • A. It is a rule list containing access control entries.
  • B. It specifies whether an audit activity should be performed when an object attempts to access a resource.
  • C. It is a unique number that identifies a user, group,and computer account.
  • D. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

Answer: D

NEW QUESTION 6
Which of the following NIST documents defines impact?

  • A. NIST SP 800-26
  • B. NIST SP 800-53A
  • C. NIST SP 800-53
  • D. NIST SP 800-30

Answer: D

NEW QUESTION 7
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs?

  • A. IS program manager
  • B. Certification Agent
  • C. User representative
  • D. DAA

Answer: A

NEW QUESTION 8
Which of the following is NOT a responsibility of a data owner?

  • A. Maintaining and protecting data
  • B. Ensuring that the necessary security controls are in place
  • C. Delegating responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian
  • D. Approving access requests

Answer: A

NEW QUESTION 9
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

  • A. Business continuity plan
  • B. Continuity of Operations Plan
  • C. Disaster recovery plan
  • D. Contingency plan

Answer: D

NEW QUESTION 10
Which of the following statements about the authentication concept of information security management is true?

  • A. It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.
  • B. It ensures that modifications are not made to data by unauthorized personnel or processes .
  • C. It establishes the users' identity and ensures that the users are who they say they are.
  • D. It ensures the reliable and timely access to resources.

Answer: C

NEW QUESTION 11
Which of the following individuals makes the final accreditation decision?

  • A. DAA
  • B. ISSO
  • C. CIO
  • D. CISO

Answer: A

NEW QUESTION 12
Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production?
Each correct answer represents a part of the solution. Choose all that apply.

  • A. NIST
  • B. FIPS
  • C. FISMA
  • D. Office of Management and Budget (OMB)

Answer: CD

NEW QUESTION 13
Which of the following risk responses delineates that the project plan will not be changed to deal with the risk?

  • A. Acceptance
  • B. Mitigation
  • C. Exploitation
  • D. Transference

Answer: A

NEW QUESTION 14
Certification and Accreditation (C&A or CnA) is a process for implementing information security.
Which of the following is the correct order of C&A phases in a DITSCAP assessment?

  • A. Definition, Validation, Verification, and Post Accreditation
  • B. Verification, Definition, Validation, and Post Accreditation
  • C. Verification, Validation, Definition, and Post Accreditation
  • D. Definition, Verification, Validation, and Post Accreditation

Answer: D

NEW QUESTION 15
You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

  • A. Acceptance
  • B. Mitigation
  • C. Sharing
  • D. Transference

Answer: C

NEW QUESTION 16
Fred is the project manager of the PKL project. He is working with his project team to complete the quantitative risk analysis process as a part of risk management planning. Fred understands that once the quantitative risk analysis process is complete, the process will need to be completed again in at least two other times in the project. When will the quantitative risk analysis process need to be repeated?

  • A. Quantitative risk analysisprocess will be completed again after the plan risk response planning and as part of procurement.
  • B. Quantitative risk analysis process will be completed again after the cost managementplanning and as a part of monitoring and controlling.
  • C. Quantitativerisk analysis process will be completed again after new risks are identified and as part of monitoring and controlling.
  • D. Quantitative risk analysis process will be completed again after the risk response planning and as a part of monitoring and controlling.

Answer: D

NEW QUESTION 17
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

  • A. Level 4
  • B. Level 1
  • C. Level 3
  • D. Level 5
  • E. Level 2

Answer: C

NEW QUESTION 18
In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?

  • A. Continuous Monitoring Phase
  • B. Accreditation Phase
  • C. Preparation Phase
  • D. DITSCAP Phase

Answer: A

NEW QUESTION 19
There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?

  • A. Exploit
  • B. Share
  • C. Enhance
  • D. Acceptance

Answer: D

NEW QUESTION 20
......

100% Valid and Newest Version CAP Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/CAP/ (New 395 Q&As)


© All pages Copyright to by dumpslabs.com. All rights reserved. thedumpscentre.com