How Many Questions Of CAP Exam Engine

NEW QUESTION 1
Which of the following statements are true about security risks?
Each correct answer represents a complete solution. Choose three.

• A. They can be removed completely by taking proper actions.
• B. They can be analyzed and measured by the risk analysis process.
• C. They can be mitigated by reviewing and taking responsible actions based on possible risks.
• D. They are considered an indicator of threats coupled with vulnerability.

Answer: BCD

NEW QUESTION 2
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD?
Each correct answer represents a complete solution. Choose all that apply.

• A. VI Vulnerability and Incident Management
• B. DC Security Design & Configuration
• C. EC Enclave and Computing Environment
• D. Information systems acquisition, development, and maintenance

Answer: ABC

NEW QUESTION 3
You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?

• A. Information on prior, similar projects
• B. Review of vendor contracts to examine risks in past projects
• C. Risk databases that may be available from industry sources
• D. Studies of similar projects by risk specialists

Answer: B

NEW QUESTION 4
Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the project will risk management become easier. What answer best resolves the difficulty of risk management practices and the effort required?

• A. Risk management only becomes easier the more often it is practiced.
• B. Risk management is an iterative process and never becomes easier.
• C. Risk management only becomes easier when the project moves into project execution.
• D. Risk management only becomes easier when the project is closed.

Answer: A

NEW QUESTION 5
You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?

• A. Project management plan
• B. Risk management plan
• C. Risk log
• D. Risk register

Answer: D

NEW QUESTION 6
Which of the following formulas was developed by FIPS 199 for categorization of an information type?

• A. SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}
• B. SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}
• C. SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}
• D. SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}

Answer: B

NEW QUESTION 7
Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project's deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?

• A. Mitigation
• B. Acceptance
• C. Transference
• D. Avoidance

Answer: A

NEW QUESTION 8
Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?

• A. Procurement management
• B. Change management
• C. Risk management
• D. Configuration management

Answer: B

NEW QUESTION 9
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used?
Each correct answer represents a complete solution. Choose all that apply.

• A. To implement the design of system architecture
• B. To determine the adequacy of security mechanisms, assurances, and other properties to enforce the security policy
• C. To assess the degree of consistency between the system documentation and its implement ation
• D. To uncover design, implementation, and operational flaws that may allow the violation of security policy

Answer: BCD

NEW QUESTION 10
You work as a project manager for BlueWell Inc. You with your team are using a method or a (technical) process that conceives the risks even if all theoretically possible safety measures would be applied. One of your team member wants to know that what is a residual risk. What will you reply to your team member?

• A. It is a risk that remains because no risk response is taken.
• B. It is a risk that remains after planned risk responses are taken.
• C. It is a risk that can not be addressed by a risk response.
• D. It is a risk that will remain no matter what type of risk response is offered.

Answer: B

NEW QUESTION 11
Which of the following are the types of assessment tests addressed in NIST SP 800-53A?

• A. Functional, penetration, validation
• B. Validation, evaluation, penetration
• C. Validation, penetration, evaluation
• D. Functional, structural, penetration

Answer: D

NEW QUESTION 12
Which of the following are the goals of risk management?
Each correct answer represents a complete solution. Choose three.

• A. Finding an economic balance between the impact of the risk and the cost of the countermeasure
• B. Identifying the risk
• C. Assessing the impact of potential threats
• D. Identifying the accused

Answer: ABC

NEW QUESTION 13
Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

• A. Configuration management
• B. Procurement management
• C. Risk management
• D. Change management

Answer: A

NEW QUESTION 14
Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost and schedule baselines. Why would the risk response planning cause Tom the need to update the cost and schedule baselines?

• A. New or omitted work as part of a risk response can cause changes to the cost and/or schedule baseline.
• B. Risk responses protect the time and investment of the project.
• C. Risk responses may take time and money to implement.
• D. Baselines should not be updated, but refined through versions.

Answer: A

NEW QUESTION 15
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

• A. Maintenance of the SSAA
• B. Compliance validation
• C. Change management
• D. System operations
• E. Security operations
• F. Continue to review and refine the SSAA

Answer: ABCDE

NEW QUESTION 16
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project, what is likely to increase?

• A. Human resource needs
• B. Risks
• C. Costs
• D. Quality control concerns

Answer: B

NEW QUESTION 17
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

• A. The Change Manager
• B. The IT Security Manager
• C. The Service Level Manager
• D. The Configuration Manager

Answer: B

NEW QUESTION 18
......