CAP Exam - ISC2 CAP Certified Authorization Professional

NEW QUESTION 1
Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis process when
Mary, the project sponsor, wants to know what quantitative risk analysis will review. Which of the following statements best defines what quantitative risk analysis will review?

• A. The quantitative risk analysis seeks to determine the true cost of each identified risk event and the probability of each risk event to determine the risk exposure.
• B. The quantitative risk analysis process will review risk events for their probability and impact on the project objectives.
• C. The quantitative risk analysis reviews the results of risk identification and prepares the project for risk response management.
• D. The quantitative risk analysis process will analyze the effect of risk events that may substantially impact the project's competing demands.

Answer: D

NEW QUESTION 2
In which of the following phases does the SSAA maintenance take place?

• A. Phase 3
• B. Phase 2
• C. Phase 1
• D. Phase 4

Answer: D

NEW QUESTION 3
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

• A. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• C. Certification isthe official management decision given by a senior agency official to authorize operation of an information system.
• D. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: AD

NEW QUESTION 4
You are the project manager of the GHY Project for your company. You have completed the risk response planning with your project team. You now need to update the WBS. Why would the project manager need to update the WBS after the risk response planning process? Choose the best answer.

• A. Because of risks associated with work packages
• B. Because of work that was omitted during the WBS creation
• C. Because of risk responses that are now activities
• D. Because of new work generated by the risk responses

Answer: D

NEW QUESTION 5
You are the project manager for GHY Project and are working to create a risk response for a negative risk. You and the project team have identified the risk that the project may not complete on time, as required by the management, due to the creation of the user guide for the software you're creating. You have elected to hire an external writer in order to satisfy the requirements and to alleviate the risk event. What type of risk response have you elected to use in this instance?

• A. Sharing
• B. Avoidance
• C. Transference
• D. Exploiting

Answer: C

NEW QUESTION 6
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

• A. Cost management plan
• B. Quality management plan
• C. Procurement management plan
• D. Stakeholder register

Answer: C

NEW QUESTION 7
You are the project manager of QSL project for your organization. You are working you??re your project team and several key stakeholders to create a diagram that shows how various elements of a system interrelate and the mechanism of causation within the system. What diagramming technique are you using as a part of the risk identification process?

• A. Cause and effect diagrams
• B. System or process flowcharts
• C. Predecessor and successor diagramming
• D. Influence diagrams

Answer: B

NEW QUESTION 8
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

• A. Network security policy
• B. User password policy
• C. Backup policy
• D. Privacy policy

Answer: D

NEW QUESTION 9
Which of the following acts promote a risk-based policy for cost effective security?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Clinger-Cohen Act
• B. Lanham Act
• C. Computer Misuse Act
• D. Paperwork Reduction Act (PRA)

Answer: AD

NEW QUESTION 10
Which of the following refers to the ability to ensure that the data is not modified or tampered with?

• A. Confidentiality
• B. Availability
• C. Integrity
• D. Non-repudiation

Answer: C

NEW QUESTION 11
The Software Configuration Management (SCM) process defines the need to trace changes, and the ability to verify that the final delivered software has all of the planned enhancements that are supposed to be included in the release. What are the procedures that must be defined for each software project to ensure that a sound SCM process is implemented?
Each correct answer represents a complete solution. Choose all that apply.

• A. Configuration status accounting
• B. Configuration change control
• C. Configuration deployment
• D. Configuration audits
• E. Configuration identification
• F. Configuration implementation

Answer: ABDE

NEW QUESTION 12
John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

• A. Communications Management Plan
• B. Risk Management Plan
• C. Project Management Plan
• D. Risk ResponsePlan

Answer: A

NEW QUESTION 13
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

• A. Safeguards
• B. Preventive controls
• C. Detective controls
• D. Corrective controls

Answer: D

NEW QUESTION 14
Mark works as a project manager for TechSoft Inc. Mark, the project team, and the key project stakeholders have completed a round of qualitative risk analysis. He needs to update the risk register with his findings so that he can communicate the risk results to the project stakeholders - including management. Mark will need to update all of the following information except for which one?

• A. Watchlist of low-priority risks
• B. Prioritized list of quantified risks
• C. Risks grouped by categories
• D. Trends in qualitative risk analysis

Answer: B

NEW QUESTION 15
What does OCTAVE stand for?

• A. Operationally Computer Threat, Asset, and Vulnerability Evaluation
• B. Operationally Critical Threat, Asset, and Vulnerability Evaluation
• C. Operationally Computer Threat, Asset, and Vulnerability Elimination
• D. Operationally Critical Threat, Asset, and Vulnerability Elimination

Answer: B

NEW QUESTION 16
Your project uses a piece of equipment that if the temperature of the machine goes above 450 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. Should this machine overheat even once it will delay the project's end date. You work with your project to create a response that should the temperature of the machine reach 430, the machine will be paused for at least an hour to cool it down. The temperature of 430 is called what?

• A. Risk identification
• B. Risk response
• C. Risk trigger
• D. Risk event

Answer: C

NEW QUESTION 17
Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?

• A. Procurement management
• B. Change management
• C. Risk management
• D. Configuration management

Answer: B

NEW QUESTION 18
What are the responsibilities of a system owner?
Each correct answer represents a complete solution. Choose all that apply.

• A. Integrates security considerations into application and system purchasing decisions and development projects.
• B. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.
• C. Ensures that adequate security is being provided by the necessary controls, password management, remoteaccess controls, operating system configurations, and so on.
• D. Ensures that the necessary security controls are in place.

Answer: ABC

NEW QUESTION 19
A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

• A. Security law
• B. Privacy law
• C. Copyright law
• D. Trademark law

Answer: B

NEW QUESTION 20
......