The Secret Of ISC2 CAP Brain Dumps

NEW QUESTION 1
Which of the following processes is used to protect the data based on its secrecy, sensitivity, or confidentiality?

• A. Change Control
• B. Data Hiding
• C. Configuration Management
• D. Data Classification

Answer: D

NEW QUESTION 2
What project management plan is most likely to direct the quantitative risk analysis process for a project in a matrix environment?

• A. Staffing management plan
• B. Risk analysis plan
• C. Human resource management plan
• D. Risk management plan

Answer: D

NEW QUESTION 3
In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?

• A. Phase 3
• B. Phase 1
• C. Phase 2
• D. Phase 0

Answer: C

NEW QUESTION 4
Which of the following is a risk response planning technique associated with threats that seeks to reduce the probability of occurrence or impact of a risk to below an acceptable threshold?

• A. Exploit
• B. Transference
• C. Mitigation
• D. Avoidance

Answer: C

NEW QUESTION 5
Which of the following system security policies is used to address specific issues of concern to the organization?

• A. Program policy
• B. Issue-specific policy
• C. Informative policy
• D. System-specific policy

Answer: B

NEW QUESTION 6
Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?

• A. NIST SP 800-53
• B. NIST SP 800-59
• C. NIST SP 800-53A
• D. NIST SP 800-37
• E. NIST SP 800-60

Answer: B

NEW QUESTION 7
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

• A. FIPS
• B. TCSEC
• C. SSAA
• D. FITSAF

Answer: C

NEW QUESTION 8
Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created?

• A. The level of detail is set by historical information.
• B. The level of detail must define exactly the risk response for each identified risk.
• C. The level of detail is set of project risk governance.
• D. The level of detail should correspond with the priority ranking

Answer: D

NEW QUESTION 9
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

• A. Risk response plan
• B. Quantitative analysis
• C. Risk response
• D. Contingency reserve

Answer: D

NEW QUESTION 10
You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What is this called?

• A. Confidentiality
• B. Encryption
• C. Integrity
• D. Availability

Answer: A

NEW QUESTION 11
You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project which of the following are likely to increase?

• A. Quality control concerns
• B. Costs
• C. Risks
• D. Human resource needs

Answer: C

NEW QUESTION 12
You work as a project manager for TechSoft Inc. You are working with the project stakeholders onthe qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?

• A. Risk Reassessment
• B. Risk Categorization
• C. Risk Urgency Assessment
• D. Risk Data Quality Assessment

Answer: A

NEW QUESTION 13
You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?

• A. Qualitative risk analysis
• B. Quantitative analysis
• C. Historical information
• D. Rolling wave planning

Answer: A

NEW QUESTION 14
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

• A. Level 2
• B. Level 3
• C. Level 5
• D. Level 4
• E. Level 1

Answer: B

NEW QUESTION 15
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

• A. FITSAF
• B. TCSEC
• C. FIPS
• D. SSAA

Answer: B

NEW QUESTION 16
Which of the following is NOT a responsibility of a data owner?

• A. Maintaining and protecting data
• B. Ensuring that the necessary security controls are in place
• C. Delegating responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian
• D. Approving access requests

Answer: A

NEW QUESTION 17
Joan is the project manager of the BTT project for her company. She has worked with her project to create risk responses for both positive and negative risk events within the project. As a result of this process Joan needs to update the project document updates. She has updated the assumptions log as a result of the findings and risk responses, but what other documentation will need to be updated as an output of risk response planning?

• A. Lessons learned
• B. Scope statement
• C. Risk Breakdown Structure
• D. Technical documentation

Answer: D

NEW QUESTION 18
......