The Improved Guide To CAP Test Question

NEW QUESTION 1
Which of the following statements about System Access Control List (SACL) is true?

• A. It contains a list of any events that are set to audit for that particular object.
• B. It is a mechanism for reducing the need for globally unique IP addresses.
• C. It contains a list of both users and groups and whatever permissions they have.
• D. It exists for each and every permission entry assigned to any object.

Answer: A

NEW QUESTION 2
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Pre-certification
• B. Certification
• C. Post-certification
• D. Authorization
• E. Post-Authorization

Answer: ABDE

NEW QUESTION 3
You are the project manager for a construction project. The project includes a work that involves very high financial risks. You decide to insure processes so that any ill happening can be compensated. Which type of strategies have you used to deal with the risks involved with that particular work?

• A. Transfer
• B. Mitigate
• C. Accept
• D. Avoid

Answer: A

NEW QUESTION 4
Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project's deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?

• A. Acceptance
• B. Mitigation
• C. Avoidance
• D. Transference

Answer: B

NEW QUESTION 5
Which of the following relations correctly describes residual risk?

• A. Residual Risk = Threats x Vulnerability x Asset Gap x Control Gap
• B. Residual Risk = Threats x Exploit x Asset Value x Control Gap
• C. Residual Risk = Threats x Exploit x Asset Value x Control Gap
• D. Residual Risk = Threats x Vulnerability x Asset Value x Control Gap

Answer: D

NEW QUESTION 6
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

• A. Cost management plan
• B. Procurement management plan
• C. Stakeholder register
• D. Quality management plan

Answer: B

NEW QUESTION 7
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

• A. Authenticity
• B. Integrity
• C. Availability
• D. Confidentiality

Answer: D

NEW QUESTION 8
The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0?
Each correct answer represents a complete solution. Choose all that apply.

• A. Review documentation and technical data.
• B. Apply classification criteria to rank data assets and related IT resources.
• C. Establish criteria that will be used to classify and rank data assets.
• D. Identify threats, vulnerabilities, and controls that will be evaluated.
• E. Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.

Answer: BCDE

NEW QUESTION 9
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)?
Each correct answer represents a complete solution. Choose all that apply.

• A. NIST Special Publication 800-53A
• B. NIST Special Publication 800-37A
• C. NIST Special Publication 800-59
• D. NIST Special Publication 800-53
• E. NIST Special Publication 800-37
• F. NIST Special Publication 800-60

Answer: ACDEF

NEW QUESTION 10
You are the project manager of the NNH Project. In this project you have created a contingency response that the schedule performance index should be less than 0.93. The NHH Project has a budget at completion of $945,000 and is 45 percent complete though the project should be 49 percent complete. The project has spent $455,897 to reach the 45 percent complete milestone.
What is the project's schedule performance index?

• A. 1.06
• B. 0.93
• C. -$37,800
• D. 0.92

Answer: D

NEW QUESTION 11
Which of the following are the types of assessment tests addressed in NIST SP 800-53A?

• A. Functional, penetration, validation
• B. Validation, evaluation, penetration
• C. Validation, penetration, evaluation
• D. Functional, structural, penetration

Answer: D

NEW QUESTION 12
Amy is the project manager for her company. In her current project the organization has a very low tolerance for risk events that will affect the project schedule. Management has asked Amy to consider the affect of all the risks on the project schedule. What approach can Amy take to create a bias against risks that will affect the schedule of the project?

• A. She can have the project team pad their time estimates to alleviate delays in the project schedule.
• B. She can shift risk-laden activities that affect the project schedule from the critical path as much as possible.
• C. She can create an overall project rating scheme to reflect the bias towards risks that affect the project schedule.
• D. She can filter all risks based on their affect on schedule versus other project objectives.

Answer: C

NEW QUESTION 13
James work as an IT systems personnel in SoftTech Inc. He performs the following tasks: Runs regular backups and routine tests of the validity of the backup data.
Performs data restoration from the backups whenever required.
Maintains the retained records in accordance with the established information classification policy.
What is the role played by James in the organization?

• A. Manager
• B. User
• C. Owner
• D. Custodian

Answer: D

NEW QUESTION 14
You are the project manager for your organization. You have determined that an activity is too dangerous to complete internally so you hire licensed contractor to complete the work. The contractor, however, may not complete the assigned work on time which could cause delays in subsequent work beginning. This is an example of what type of risk event?

• A. Secondary risk
• B. Transference
• C. Internal
• D. Pure risk

Answer: A

NEW QUESTION 15
You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is. Which of the following risk processes is repeated after the plan risk responses to determine if the overall project risk has been satisfactorily decreased?

• A. Risk identification
• B. Qualitative risk analysis
• C. Risk response implementation
• D. Quantitative risk analysis

Answer: D

NEW QUESTION 16
Which of the following acts promote a risk-based policy for cost effective security?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Clinger-Cohen Act
• B. Lanham Act
• C. Computer Misuse Act
• D. Paperwork Reduction Act (PRA)

Answer: AD

NEW QUESTION 17
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.
What levels of potential impact are defined by FIPS 199?
Each correct answer represents a complete solution. Choose all that apply.

• A. Low
• B. Moderate
• C. High
• D. Medium

Answer: ACD

NEW QUESTION 18
......