Limited Time Discount Offer 30% Off - Ends in 02:00:00

×

ISC CAP Exam - Certified Authorization Professional

Download Free ISC CAP Exam Questions

File name

Views

Size

Downloads

 

643

265.4 KB

592

Questions & Answers for ISC CAP

Showing 1-15 of 395 Questions

Question #1 - Topic 1

Which of the following are included in Administrative Controls?
Each correct answer represents a complete solution. Choose all that apply.

A. Conducting security-awareness training

B. Screening of personnel

C. Monitoring for intrusion

D. Implementing change control procedures

E. Developing policy

Question #2 - Topic 1

In which of the following phases of the DITSCAP process does Security Test and
Evaluation (ST&E) occur?

A. Phase 2

B. Phase 3

C. Phase 1

D. Phase 4

Question #3 - Topic 1

Ben is the project manager of the YHT Project for his company. Alice, one of his team
members, is confused about when project risks will happen in the project. Which one of the
following statements is the most accurate about when project risk happens?

A. Project risk can happen at any moment.

B. Project risk is uncertain, so no one can predict when the event will happen.

C. Project risk happens throughout the project execution.

D. Project riskis always in the future.

Question #4 - Topic 1

You and your project team are just starting the risk identification activities for a project that
is scheduled to last for 18 months. Your project team has already identified a long list of
risks that need to be analyzed. How often should you and the project team do risk
identification?

A. At least once per month

B. Identify risks is an iterative process.

C. It depends on how many risks are initially identified.

D. Several times until the project moves into execution

Question #5 - Topic 1

Which of the following professionals plays the role of a monitor and takes part in the
organization's configuration management process?

A. Senior Agency Information Security Officer

B. Authorizing Official

C. Common Control Provider

D. Chief Information Officer

Question #6 - Topic 1

Which of the following roles is also known as the accreditor?

A. Chief Risk Officer

B. Data owner

C. Designated Approving Authority

D. Chief Information Officer

Question #7 - Topic 1

Your project has several risks that may cause serious financial impact should they happen.
You have studied the risk events and made some potential risk responses for the risk
events but management wants you to do more. They'd like for you to create some type of a
chart that identified the risk probability and impact with a financial amount for each risk
event. What is the likely outcome of creating this type of chart?

A. Risk response plan

B. Quantitative analysis

C. Risk response

D. Contingency reserve

Question #8 - Topic 1

You are the project manager for GHY Project and are working to create a risk response for
a negative risk. You and the project team have identified the risk that the project may not
complete on time, as required by the management, due to the creation of the user guide for
the software you're creating. You have elected to hire an external writer in order to satisfy
the requirements and to alleviate the risk event. What type of risk response have you
elected to use in this instance?

A. Sharing

B. Avoidance

C. Transference

D. Exploiting

Question #9 - Topic 1

Which of the following evidences are the collection of facts that, when considered together,
can be used to infer a conclusion about the malicious activity/person?

A. Circumstantial

B. Incontrovertible

C. Direct

D. Corroborating

Question #10 - Topic 1

Which of the following are the common roles with regard to data in an information
classification program?
Each correct answer represents a complete solution. Choose all that apply.

A. Custodian

B. User

C. Security auditor

D. Editor

E. Owner

Question #11 - Topic 1

Sam is the project manager of a construction project in south Florida. This area of the
United
States is prone to hurricanes during certain parts of the year. As part of the project plan
Sam and the project team acknowledge the possibility of hurricanes and the damage the
hurricane could have on the project's deliverables, the schedule of the project, and the
overall cost of the project.
Once Sam and the project stakeholders acknowledge the risk of the hurricane they go on
planning the project as if the risk is not likely to happen. What type of risk response is Sam
using?

A. Mitigation

B. Avoidance

C. Passive acceptance

D. Active acceptance

Question #12 - Topic 1

You are preparing to start the qualitative risk analysis process for your project. You will be
relying on some organizational process assets to influence the process. Which one of the
following is NOT a probable reason for relying on organizational process assets as an input
for qualitative risk analysis?

A. Information on prior, similar projects

B. Review of vendor contracts to examine risks in past projects

C. Risk databases that may be available from industry sources

D. Studies of similar projects by risk specialists

Question #13 - Topic 1

James work as an IT systems personnel in SoftTech Inc. He performs the following tasks:
Runs regular backups and routine tests of the validity of the backup data.
Performs data restoration from the backups whenever required.
Maintains the retained records in accordance with the established information classification
policy.
What is the role played by James in the organization?

A. Manager

B. Owner

C. Custodian

D. User

Question #14 - Topic 1

Eric is the project manager of the MTC project for his company. In this project a vendor has
offered Eric a sizeable discount on all hardware if his order total for the project is more than
$125,000. Right now, Eric is likely to spend $118,000 with vendor. If Eric spends $7,000 his
cost savings for the project will be $12,500, but he cannot purchase hardware if he cannot
implement the hardware immediately due to organizational policies. Eric consults with Amy
and Allen, other project managers in the organization, and asks if she needs any hardware
for their projects. Both Amy and Allen need hardware and they agree to purchase the
hardware through Eric's relationship with the vendor. What positive risk response has
happened in this instance?

A. Transference

B. Exploiting

C. Sharing

D. Enhancing

Question #15 - Topic 1

Certification and Accreditation (C&A or CnA) is a process for implementing information
security. It is a systematic procedure for evaluating, describing, testing, and authorizing
systems prior to or after a system is in operation. Which of the following statements are
true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

A. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.

C. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

D. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

Try Our Special 30% Discount Offer for
Premium CAP VCE File

  • Verified by experts

CAP Premium File

  • Real Questions
  • Last Update: Dec 4, 2019
  • 100% Accurate Answers
  • Fast Exam Update

$14.99

$21.41

WINTER SALE: 30% DISCOUNT
This is ONE TIME OFFER

You save
30%

Enter Your Email Address to Receive Your 30% Discount Code

WINTER SALE: 30% DISCOUNT

You save
30%

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from support@exam-labs.com and follow the directions.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

  • Realistic exam simulation and exam editor with preview functions
  • Whole exam in a single file with several different question types
  • Customizable exam-taking mode & detailed score reports