It is more faster and easier to pass the ISC2 CAP exam by using Approved ISC2 ISC2 CAP Certified Authorization Professional questuins and answers. Immediate access to the Update CAP Exam and find the same core area CAP questions with professionally verified answers, then PASS your exam with a high score now.

Free demo questions for ISC2 CAP Exam Dumps Below:

NEW QUESTION 1
Which of the following individuals is responsible for ensuring the security posture of the organization's information system?

  • A. Authorizing Official
  • B. Chief Information Officer
  • C. Security Control Assessor
  • D. Common Control Provider

Answer: A

NEW QUESTION 2
Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production?
Each correct answer represents a part of the solution. Choose all that apply.

  • A. NIST
  • B. FIPS
  • C. FISMA
  • D. Office of Management and Budget (OMB)

Answer: CD

NEW QUESTION 3
What does RTM stand for?

  • A. Resource Testing Method
  • B. Replaced Traceability Matrix
  • C. Requirements Traceability Matrix
  • D. Resource Tracking Matrix

Answer: C

NEW QUESTION 4
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

  • A. Authorizing Official
  • B. Chief Risk Officer (CRO)
  • C. Chief Information Officer (CIO)
  • D. Information system owner

Answer: D

NEW QUESTION 5
You are the project manager for GHY Project and are working to create a risk response for a negative risk. You and the project team have identified the risk that the project may not complete on time, as required by the management, due to the creation of the user guide for the software you're creating. You have elected to hire an external writer in order to satisfy the requirements and to alleviate the risk event. What type of risk response have you elected to use in this instance?

  • A. Sharing
  • B. Avoidance
  • C. Transference
  • D. Exploiting

Answer: C

NEW QUESTION 6
You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project which of the following are likely to increase?

  • A. Risks
  • B. Human resource needs
  • C. Quality control concerns
  • D. Costs

Answer: A

NEW QUESTION 7
Which one of the following is the only output for the qualitative risk analysis process?

  • A. Enterprise environmental factors
  • B. Project management plan
  • C. Risk register updates
  • D. Organizational process assets

Answer: C

NEW QUESTION 8
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

  • A. Safeguards
  • B. Preventive controls
  • C. Detective controls
  • D. Corrective controls

Answer: D

NEW QUESTION 9
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Systematic
  • B. Informative
  • C. Regulatory
  • D. Advisory

Answer: BCD

NEW QUESTION 10
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

  • A. Continuity of Operations Plan
  • B. Disaster recovery plan
  • C. Contingency plan
  • D. Business continuity plan

Answer: C

NEW QUESTION 11
You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register?
Each correct answer represents a complete solution. Choose two.

  • A. List of potential responses
  • B. List of identified risks
  • C. List ofmitigation techniques
  • D. List of key stakeholders

Answer: AB

NEW QUESTION 12
Which of the following statements is true about residual risks?

  • A. It is a weakness or lack of safeguard that can be exploited by a threat.
  • B. It can be considered as an indicator of threats coupled with vulnerability.
  • C. It is the probabilistic risk after implementing all security measures.
  • D. It is the probabilistic risk before implementing all security measures.

Answer: C

NEW QUESTION 13
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?

  • A. Substantial
  • B. Significant
  • C. Abbreviated
  • D. Comprehensive

Answer: C

NEW QUESTION 14
An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Establishing and implementing the organization's continuous monitoring program
  • B. Determining the requirement of reauthorization and reauthorizing information systems when required
  • C. Reviewing security status reports and critical security documents
  • D. Ascertaining the security posture of the organization's information system

Answer: BCD

NEW QUESTION 15
Which one of the following is the only output for the qualitative risk analysis process?

  • A. Project management plan
  • B. Risk register updates
  • C. Enterprise environmental factors
  • D. Organizational process assets

Answer: B

NEW QUESTION 16
In which type of access control do user ID and password system come under?

  • A. Administrative
  • B. Technical
  • C. Power
  • D. Physical

Answer: B

NEW QUESTION 17
You are the project manager of the BlueStar project in your company. Your company is structured as a functional organization and you report to the functional manager that you are ready to move onto the qualitative risk analysis process. What will you need as inputs for the qualitative risk analysis of the project in this scenario?

  • A. You will need the risk register, risk management plan, project scope statement, and any relevant organizational process assets.
  • B. You will need the risk register, risk management plan, outputs of qualitative risk analysis, and any relevant organizational process assets.
  • C. You will need the risk register, risk management plan, permission from the functional manager, and any relevant organizational process assets.
  • D. Qualitative risk analysis does not happen through the project manager in a functional struc ture.

Answer: A

NEW QUESTION 18
......

P.S. Easily pass CAP Exam with 395 Q&As Downloadfreepdf.net Dumps & pdf Version, Welcome to Download the Newest Downloadfreepdf.net CAP Dumps: https://www.downloadfreepdf.net/CAP-pdf-download.html (395 New Questions)