Top Tips Of Up To The Immediate Present CAP Pdf Exam

NEW QUESTION 1
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.
What levels of potential impact are defined by FIPS 199?
Each correct answer represents a complete solution. Choose all that apply.

• A. Medium
• B. High
• C. Low
• D. Moderate

Answer: ABC

NEW QUESTION 2
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?

• A. Symptoms
• B. Cost of the project
• C. Warning signs
• D. Risk rating

Answer: B

NEW QUESTION 3
Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

• A. Corrective action
• B. Technical performance measurement
• C. Risk audit
• D. Earned value management

Answer: A

NEW QUESTION 4
John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

• A. Communications Management Plan
• B. Risk Management Plan
• C. Project Management Plan
• D. Risk ResponsePlan

Answer: A

NEW QUESTION 5
Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

• A. Harry is correct, because the risk probability and impact considers all objectives of the proj ect.
• B. Harry is correct, the risk probability and impact matrix is the only approach to risk assessm ent.
• C. Sammy is correct, because sheis the project manager.
• D. Sammy is correct, because organizations can create risk scores for each objective of the pr oject.

Answer: D

NEW QUESTION 6
Which of the following statements about Discretionary Access Control List (DACL) is true?

• A. It is a rule list containing access control entries.
• B. It specifies whether an audit activity should be performed when an object attempts to access a resource.
• C. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
• D. It is a unique number that identifies a user, group, and computer account

Answer: C

NEW QUESTION 7
Neil works as a project manager for SoftTech Inc. He is working with Tom, the COO of his company, on several risks within the project. Tom understands that through qualitative analysis Neil has identified many risks in the project. Tom's concern, however, is that the priority list of these risk events are sorted in "high-risk," "moderate-risk," and "low-risk" as conditions apply within the project. Tom wants to know that is there any other objective on which Neil can make the priority list for project risks. What will be Neil's reply to Tom?

• A. Risk may be listed by the responses inthe near-term
• B. Risks may be listed by categories
• C. Risks may be listed by the additional analysis and response
• D. Risks may be listed by priority separately for schedule, cost, and performance

Answer: D

NEW QUESTION 8
You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?

• A. Risk register
• B. Risk log
• C. Risk management plan
• D. Project management plan

Answer: A

NEW QUESTION 9
You are the project manager of the GGH Project in your company. Your company is structured as a functional organization and you report to the functional manager that you are ready to move onto the quantitative risk analysis process. What things will you need as inputs for the quantitative risk analysis of the project in this scenario?

• A. You will need the risk register, risk management plan, permission from the functional manager, and any relevant organizational process assets.
• B. You will need the risk register, risk management plan, outputs of qualitative risk analysis, and any relevant organizational process assets.
• C. You will need the risk register, risk management plan, cost management plan, schedule management plan, and any relevant organizational process assets.
• D. Quantitative risk analysis does not happen through the project manager in a functional structure.

Answer: C

NEW QUESTION 10
Which of the following statements about the availability concept of Information security management is true?

• A. It ensures that modifications are not made to data by unauthorized personnel or processes .
• B. It ensures reliable and timely access to resources.
• C. It determines actions and behaviors of a single individual within a system.
• D. It ensures that unauthorized modifications are not made to data by authorized personnel or processes.

Answer: B

NEW QUESTION 11
Harry is a project manager of a software development project. In the early stages of planning, he and the stakeholders operated with the belief that the software they were developing would work with their organization's current computer operating system. Now that the project team has started developing the software it has become apparent that the software will not work with nearly half of the organization's computer operating systems. The incorrect belief Harry had in the software compatibility is an example of what in project management?

• A. Issue
• B. Risk
• C. Constraint
• D. Assumption

Answer: D

NEW QUESTION 12
Which of the following individuals is responsible for configuration management and control task?

• A. Commoncontrol provider
• B. Information system owner
• C. Authorizing official
• D. Chief information officer

Answer: B

NEW QUESTION 13
Which of the following parts of BS 7799 covers risk analysis and management?

• A. Part 1
• B. Part 3
• C. Part 2
• D. Part 4

Answer: B

NEW QUESTION 14
In which type of access control do user ID and password system come under?

• A. Administrative
• B. Technical
• C. Power
• D. Physical

Answer: B

NEW QUESTION 15
Which of the following objectives are defined by integrity in the C.I.A triad of information security systems?
Each correct answer represents a part of the solution. Choose three.

• A. It preserves the internal and external consistency of information.
• B. It prevents the unauthorized or unintentional modification of information by the authorized users.
• C. It prevents the intentional or unintentional unauthorized disclosure of a message's contents .
• D. It prevents the modification of information by the unauthorized users.

Answer: ABD

NEW QUESTION 16
What is the objective of the Security Accreditation Decision task?

• A. To determine whether the agency-level risk is acceptable or not.
• B. To make an accreditation decision
• C. To accredit the information system
• D. To approve revisions of NIACAP

Answer: A

NEW QUESTION 17
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

• A. FIPS
• B. TCSEC
• C. SSAA
• D. FITSAF

Answer: C

NEW QUESTION 18
......