A Review Of Vivid CAP Training

NEW QUESTION 1
You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

• A. You will use organizational process assets for studies of similar projects by risk specialists.
• B. You will use organizational process assets to determine costs of all risks events within the current project.
• C. You will use organizational process assets for information from prior similar projects.
• D. You will use organizational process assets for risk databases that may be available from industry sources.

Answer: B

NEW QUESTION 2
In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?

• A. Continuous Monitoring Phase
• B. Accreditation Phase
• C. Preparation Phase
• D. DITSCAP Phase

Answer: A

NEW QUESTION 3
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

• A. Project management plan
• B. Project contractual relationship with the vendor
• C. Project communications plan
• D. Project scope statement

Answer: A

NEW QUESTION 4
Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

• A. Acceptance
• B. Mitigation
• C. Avoidance
• D. Transference

Answer: C

NEW QUESTION 5
Which one of the following is the only output for the qualitative risk analysis process?

• A. Project management plan
• B. Risk register updates
• C. Enterprise environmental factors
• D. Organizational process assets

Answer: B

NEW QUESTION 6
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD?
Each correct answer represents a complete solution. Choose all that apply.

• A. DC Security Design & Configuration
• B. VI Vulnerability and Incident Management
• C. EC Enclave and Computing Environment
• D. Information systems acquisition, development, and maintenance

Answer: ABC

NEW QUESTION 7
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

• A. SSAA
• B. FIPS
• C. FITSAF
• D. TCSEC

Answer: A

NEW QUESTION 8
Which of the following statements are true about security risks?
Each correct answer represents a complete solution. Choose three.

• A. They can be removed completely by taking proper actions.
• B. They can be analyzed and measured by the risk analysis process.
• C. They can be mitigated by reviewing and taking responsible actions based on possible risks.
• D. They are considered an indicator of threats coupled with vulnerability.

Answer: BCD

NEW QUESTION 9
Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project documents including the plans, assumptions lists, project files, and contracts. What key thing will help Joan to discover risks within the review of the project documents?

• A. Lack of consistency between the plans and the project requirements and assumptions can bethe indicators of risk in the project.
• B. The project documents will help the project manager, or Joan, to identify what risk identification approach is best to pursue.
• C. Plans that have loose definitions of terms and disconnected approaches will revealrisks.
• D. Poorly written requirements will reveal inconsistencies in the project plans and documents.

Answer: A

NEW QUESTION 10
You are the project manager of QSL project for your organization. You are working you??re your project team and several key stakeholders to create a diagram that shows how various elements of a system interrelate and the mechanism of causation within the system. What diagramming technique are you using as a part of the risk identification process?

• A. Cause and effect diagrams
• B. System or process flowcharts
• C. Predecessor and successor diagramming
• D. Influence diagrams

Answer: B

NEW QUESTION 11
Kelly is the project manager of the BHH project for her organization. She is completing the risk identification process for this portion of her project. Which one of the following is the only thing that the risk identification process will create for Kelly?

• A. Project document updates
• B. Risk register updates
• C. Change requests
• D. Risk register

Answer: D

NEW QUESTION 12
Which of the following formulas was developed by FIPS 199 for categorization of an information type?

• A. SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}
• B. SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}
• C. SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}
• D. SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}

Answer: B

NEW QUESTION 13
Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of a response strategy is this?

• A. Contingent response strategy
• B. Expert judgment
• C. Internal risk management strategy
• D. External risk response

Answer: A

NEW QUESTION 14
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

• A. Level 4
• B. Level 1
• C. Level 3
• D. Level 5
• E. Level 2

Answer: C

NEW QUESTION 15
Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk?
Each correct answer represents a complete solution. Choose all that apply.

• A. System interaction
• B. Human interaction
• C. Equipment malfunction
• D. Inside and outside attacks
• E. Social status
• F. Physical damage

Answer: BCDEF

NEW QUESTION 16
You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

• A. These risks can be accepted.
• B. These risks can be added to a low priority risk watch list.
• C. All risks must have a valid, documented risk response.
• D. These risks can be dismissed.

Answer: B

NEW QUESTION 17
You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project which of the following are likely to increase?

• A. Risks
• B. Human resource needs
• C. Quality control concerns
• D. Costs

Answer: A

NEW QUESTION 18
......