Precise ISC2 CAP Study Guides Online

NEW QUESTION 1
You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks.
Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?

• A. A qualitative risk analysis requires fast and simple data to complete the analysis.
• B. A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
• C. A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
• D. A qualitative risk analysis encourages biased data to reveal risk tolerances.

Answer: B

NEW QUESTION 2
Which of the following individuals makes the final accreditation decision?

• A. DAA
• B. ISSO
• C. CIO
• D. CISO

Answer: A

NEW QUESTION 3
Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

• A. It depends on what the outcome of a lawsuit will determine.
• B. No, the ZAS Corporation did not complete all of the work.
• C. It depends on what the termination clause of the contract stipulates.
• D. Yes, the ZAS Corporation did not choose to terminate the contract work.

Answer: C

NEW QUESTION 4
In what portion of a project are risk and opportunities greatest and require intense planning and anticipation of risk events?

• A. Planning
• B. Executing
• C. Closing
• D. Initiating

Answer: D

NEW QUESTION 5
Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney encourages the project team to begin the grouping of identified risks by common causes. What is the primary advantage to group risks by common causes during qualitative risk analysis?

• A. It can lead to developing effective risk responses.
• B. It can lead to the creation of risk categories unique to each project.
• C. It helps the project team realize the areas of the project most laden with risks.
• D. It saves time by collecting the related resources, such as project team members, to analyze the risk events.

Answer: A

NEW QUESTION 6
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Post-Authorization
• B. Pre-certification
• C. Post-certification
• D. Certification
• E. Authorization

Answer: ABDE

NEW QUESTION 7
Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of a response strategy is this?

• A. External risk response
• B. Internal risk management strategy
• C. Contingent response strategy
• D. Expert judgment

Answer: C

NEW QUESTION 8
In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

• A. Full operational test
• B. Penetration test
• C. Paper test
• D. Walk-through test

Answer: B

NEW QUESTION 9
Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project documents including the plans, assumptions lists, project files, and contracts. What key thing will help Joan to discover risks within the review of the project documents?

• A. Lack of consistency between the plans and the project requirements and assumptions can bethe indicators of risk in the project.
• B. The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursue.
• C. Plans that have loose definitions of terms and disconnected approaches will revealrisks.
• D. Poorly written requirements will reveal inconsistencies in the project plans and documents.

Answer: A

NEW QUESTION 10
You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and high-level review of each identified risk event?

• A. Qualitative risk analysis
• B. Seven risk responses
• C. Quantitative risk analysis
• D. A risk probability-impact matrix

Answer: A

NEW QUESTION 11
The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0?
Each correct answer represents a complete solution. Choose all that apply.

• A. Review documentation and technical data.
• B. Apply classification criteria to rank data assets and related IT resources.
• C. Establish criteria that will be used to classify and rank data assets.
• D. Identify threats, vulnerabilities, and controls that will be evaluated.
• E. Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.

Answer: BCDE

NEW QUESTION 12
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process?
Each correct answer represents a complete solution. Choose all that apply.

• A. Conduct activities related to the disposition of the system data and objects.
• B. Execute and update IA implementation plan.
• C. Conduct validation activities.
• D. Combine validation results in DIACAP scorecard.

Answer: BCD

NEW QUESTION 13
The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

• A. Registration
• B. Document mission need
• C. Negotiation
• D. Initial Certification Analysis

Answer: ABC

NEW QUESTION 14
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation?
Each correct answer represents a complete solution. Choose all that apply.

• A. Secure accreditation
• B. Type accreditation
• C. System accreditation
• D. Site accreditation

Answer: BCD

NEW QUESTION 15
Which of the following statements about Discretionary Access Control List (DACL) is true?

• A. It is a rule list containing access control entries.
• B. It specifies whether an audit activity should be performed when an object attempts to access a resource.
• C. It is a unique number that identifies a user, group,and computer account.
• D. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

Answer: D

NEW QUESTION 16
You are the project manager for a construction project. The project includes a work that involves very high financial risks. You decide to insure processes so that any ill happening can be compensated. Which type of strategies have you used to deal with the risks involved with that particular work?

• A. Transfer
• B. Mitigate
• C. Accept
• D. Avoid

Answer: A

NEW QUESTION 17
Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document is Frank and the NHH Project team creating in this scenario?

• A. Project management plan
• B. Resource management plan
• C. Risk management plan
• D. Project plan

Answer: C

NEW QUESTION 18
......