CAP Exam - ISC2 CAP Certified Authorization Professional

NEW QUESTION 1
Which of the following objectives are defined by integrity in the C.I.A triad of information security systems?
Each correct answer represents a part of the solution. Choose three.

• A. It preserves the internal and external consistency of information.
• B. It prevents the unauthorized or unintentional modification of information by the authorized users.
• C. It prevents the intentional or unintentional unauthorized disclosure of a message's contents .
• D. It prevents the modification of information by the unauthorized users.

Answer: ABD

NEW QUESTION 2
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

• A. Phase 3
• B. Phase 2
• C. Phase 4
• D. Phase 1

Answer: A

NEW QUESTION 3
For which of the following reporting requirements are continuous monitoring documentation reports used?

• A. FISMA
• B. NIST
• C. HIPAA
• D. FBI

Answer: A

NEW QUESTION 4
Which of the following system security policies is used to address specific issues of concern to the organization?

• A. Program policy
• B. Issue-specific policy
• C. Informative policy
• D. System-specific policy

Answer: B

NEW QUESTION 5
You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is. Which of the following risk processes is repeated after the plan risk responses to determine if the overall project risk has been satisfactorily decreased?

• A. Risk identification
• B. Qualitative risk analysis
• C. Risk response implementation
• D. Quantitative risk analysis

Answer: D

NEW QUESTION 6
Billy is the project manager of the HAR Project and is in month six of the project. The project is scheduled to last for 18 months. Management asks Billy how often the project team is participating in risk reassessment in this project. What should Billy tell management if he's following the best practices for risk management?

• A. At every status meeting the project team project risk management is an agenda item.
• B. Project risk management happens at every milestone.
• C. Project risk management has been concluded with the project planning.
• D. Project risk management is scheduled for every monthin the 18-month project.

Answer: A

NEW QUESTION 7
Which of the following objectives are defined by integrity in the C.I.A triad of information security systems?
Each correct answer represents a part of the solution. Choose three.

• A. It preservesthe internal and external consistency of information.
• B. It prevents the unauthorized or unintentional modification of information by the authorized users.
• C. It prevents the modification of information by the unauthorized users.
• D. It prevents the intentional or unintentional unauthorized disclosure of a message's contents .

Answer: ABC

NEW QUESTION 8
Risks with low ratings of probability and impact are included on a ____ for future monitoring.

• A. Watchlist
• B. Risk alarm
• C. Observation list
• D. Risk register

Answer: A

NEW QUESTION 9
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies?
Each correct answer represents a complete solution. Choose all that apply.

• A. Systematic
• B. Regulatory
• C. Advisory
• D. Informative

Answer: BCD

NEW QUESTION 10
Which of the following classification levels defines the information that, if disclosed to the unauthorized parties, could be reasonably expected to cause exceptionally grave damage to the national security?

• A. Secret information
• B. Top Secret information
• C. Confidential information
• D. Unclassified information

Answer: B

NEW QUESTION 11
Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

• A. The custodian implements the information classification scheme after the initial assignment by the operations manager.
• B. The datacustodian implements the information classification scheme after the initial assignment by the data owner.
• C. The data owner implements the information classification scheme after the initial assignment by the custodian.
• D. The custodian makes the initialinformation classification assignments, and the operations manager implements the scheme.

Answer: B

NEW QUESTION 12
Management wants you to create a visual diagram of what resources will be utilized in the project deliverables. What type of a chart is management asking you to create?

• A. Work breakdown structure
• B. Roles and responsibility matrix
• C. Resource breakdown structure
• D. RACI chart

Answer: C

NEW QUESTION 13
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

• A. Authenticity
• B. Integrity
• C. Availability
• D. Confidentiality

Answer: D

NEW QUESTION 14
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?

• A. Adaptive controls
• B. Preventive controls
• C. Detective controls
• D. Corrective controls

Answer: B

NEW QUESTION 15
Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

• A. Access control entry (ACE)
• B. Discretionary access control entry (DACE)
• C. Access control list (ACL)
• D. Security Identifier (SID)

Answer: A

NEW QUESTION 16
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

• A. DoD 5200.22-M
• B. DoD 5200.1-R
• C. DoD 8910.1
• D. DoDD 8000.1
• E. DoD 7950.1-M

Answer: E

NEW QUESTION 17
Which of the following statements about role-based access control (RBAC) model is true?

• A. In this model, the permissions are uniquely assigned to each user account.
• B. In this model, a user can access resources according to his role in the organization.
• C. In this model, the same permission is assigned to each user account.
• D. In this model, the users canaccess resources according to their seniority.

Answer: B

NEW QUESTION 18
The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer?
Each correct answer represents a complete solution. Choose all that apply.

• A. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
• B. Preserving high-level communications and working group relationships in an organization
• C. Establishing effective continuous monitoring program for the organization
• D. Facilitating the sharing of security risk-related information among authorizing officials

Answer: ABC

NEW QUESTION 19
Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work.
What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?

• A. Cost change control system
• B. Scope change control system
• C. Integrated change control
• D. Configuration management system

Answer: D

NEW QUESTION 20
......