Exam Code: CAP (Practice Exam Latest Test Questions VCE PDF)
Exam Name: ISC2 CAP Certified Authorization Professional
Certification Provider: ISC2
Free Today! Guaranteed Training- Pass CAP Exam.

Q217. The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?

Each correct answer represents a complete solution. Choose all that apply.

A. An ISSO manages the security of the information system that is slated for Certification &Accreditation (C&A).

B. An ISSE manages the security of the information system that is slated for Certification &  Accreditation (C&A).

C. An ISSE provides advice on the continuous monitoring of the information system.

D. An ISSO takes part in the development activities that are required to implement system ch anges.

E. An ISSE provides advice on the impacts of system changes.

Answer: ACE


Q218. Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document is Frank and the NHH Project team creating in this scenario?

A. Project management plan

B. Resource management plan

C. Risk management plan

D. Project plan

Answer: C


Q219. You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?

A. Quantitative risk analysis andmodeling techniques

B. Data gathering and representation techniques

C. Expert judgment

D. Organizational process assets

Answer: D


Q220. A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies?

Each correct answer represents a complete solution. Choose all that apply.

A. Systematic

B. Informative

C. Regulatory

D. Advisory

Answer: BCD


Q221. Which of the following methods of authentication uses finger prints to identify users?

A. PKI

B. Mutual authentication

C. Biometrics

D. Kerberos

Answer: C


Q222. Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation?

A. Chief Risk Officer

B. Chief Information Security Officer

C. Information System Owner

D. Chief Information Officer

Answer: C


Q223. You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan?

A. Teamingagreements

B. Crashing the project

C. Transference

D. Fast tracking the project

Answer: B


Q224. You work as a project manager for TechSoft Inc. You are working with the project stakeholders onthe qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?

A. Risk Reassessment

B. Risk Categorization

C. Risk Urgency Assessment

D. Risk Data Quality Assessment

Answer: A