Cause all that matters here is passing the ISC2 CAP exam. Cause all that you need is a high score of CAP ISC2 CAP Certified Authorization Professional exam. The only one thing you need to do is downloading Pass4sure CAP exam study guides now. We will not let you down with our money-back guarantee.

Online CAP free questions and answers of New Version:

NEW QUESTION 1
You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of lack of space, casting it is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following?

  • A. Mitigation
  • B. Avoidance
  • C. Transference
  • D. Acceptance

Answer: C

NEW QUESTION 2
Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

  • A. Avoidance
  • B. Acceptance
  • C. Transference
  • D. Mitigation

Answer: A

NEW QUESTION 3
Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work.
What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?

  • A. Cost change control system
  • B. Scope change control system
  • C. Integrated change control
  • D. Configuration management system

Answer: D

NEW QUESTION 4
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

  • A. FITSAF
  • B. TCSEC
  • C. FIPS
  • D. SSAA

Answer: B

NEW QUESTION 5
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation?

  • A. Parkerian Hexad
  • B. Capability Maturity Model (CMM)
  • C. Classic information security model
  • D. Five Pillars model

Answer: D

NEW QUESTION 6
Where can a project manager find risk-rating rules?

  • A. Risk probability and impact matrix
  • B. Organizational process assets
  • C. Enterprise environmental factors
  • D. Risk management plan

Answer: B

NEW QUESTION 7
Which of the following administrative policy controls requires individuals or organizations to be engaged in good business practices relative to the organization's industry?

  • A. Segregation of duties
  • B. Separation of duties
  • C. Need to Know
  • D. Due care

Answer: D

NEW QUESTION 8
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

  • A. Phase 3
  • B. Phase 2
  • C. Phase 4
  • D. Phase 1

Answer: A

NEW QUESTION 9
Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

  • A. IFB
  • B. RFI
  • C. RFQ
  • D. RFP

Answer: B

NEW QUESTION 10
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

  • A. Level 1
  • B. Level 2
  • C. Level 4
  • D. Level 5
  • E. Level 3

Answer: C

NEW QUESTION 11
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

  • A. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
  • B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  • C. Certification is the official management decision given by a senior agency official to authorize operation of an information system.
  • D. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

Answer: AD

NEW QUESTION 12
Which of the following describes residual risk as the risk remaining after risk mitigation has occurred?

  • A. DIACAP
  • B. ISSO
  • C. SSAA
  • D. DAA

Answer: A

NEW QUESTION 13
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

  • A. FITSAF
  • B. FIPS
  • C. TCSEC
  • D. SSAA

Answer: D

NEW QUESTION 14
Which of the following is a security policy implemented by an organization due to compliance, regulation, or other legal requirements?

  • A. Advisory policy
  • B. Informative policy
  • C. System Security policy
  • D. Regulatory policy

Answer: D

NEW QUESTION 15
Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

  • A. NIST SP 800-53A
  • B. NIST SP 800-26
  • C. NIST SP 800-53
  • D. NIST SP 800-59
  • E. NIST SP 800-60
  • F. NIST SP 800-37

Answer: B

NEW QUESTION 16
Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project's deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?

  • A. Acceptance
  • B. Mitigation
  • C. Avoidance
  • D. Transference

Answer: B

NEW QUESTION 17
Which of the following documents is described in the statement below?
"It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

  • A. Project charter
  • B. Risk management plan
  • C. Risk register
  • D. Quality management plan

Answer: C

NEW QUESTION 18
......

P.S. Easily pass CAP Exam with 395 Q&As 2passeasy Dumps & pdf Version, Welcome to Download the Newest 2passeasy CAP Dumps: https://www.2passeasy.com/dumps/CAP/ (395 New Questions)