Act now and download your ISC2 CAP test today! Do not waste time for the worthless ISC2 CAP tutorials. Download Most recent ISC2 ISC2 CAP Certified Authorization Professional exam with real questions and answers and begin to learn ISC2 CAP with a classic professional.

Q185. Which of the following assessment methods involves observing or conducting the operation of physical devices?

A. Interview

B. Deviation

C. Examination

D. Testing

Answer: D


Q186. An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?

A. Anonymous

B. Multi-factor

C. Biometrics

D. Mutual

Answer: B


Q187. Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?

Each correct answer represents a complete solution. Choose two.

A. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

B. Certification is a comprehensive assessment of the management, operational, and technical security controls inan information system.

C. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.

D. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer: AB


Q188. The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase?

Each correct answer represents a complete solution. Choose all that apply.

A. Registration

B. Document mission need

C. Negotiation

D. Initial Certification Analysis

Answer: ABC


Q189. You are the project manager of the NKQ project for your organization. You have completed the quantitative risk analysis process for this portion of the project. What is the only output of the quantitative risk analysis process?

A. Probability of reaching project objectives

B. Risk contingency reserve

C. Risk response

D. Risk register updates

Answer: D


Q190. Certification and Accreditation (C&A or CnA) is a process for implementing information security.

Which of the following is the correct order of C&A phases in a DITSCAP assessment?

A. Definition, Validation, Verification, and Post Accreditation

B. Verification, Definition, Validation, and Post Accreditation

C. Definition, Verification, Validation, and Post Accreditation

D. Verification, Validation, Definition, and Post Accreditation

Answer: C


Q191. Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

A. Hackers

B. Visitors

C. Customers

D. Employees

Answer: D


Q192. In which of the following elements of security does the object retain its veracity and is intentionally modified by the authorized subjects?

A. Integrity

B. Nonrepudiation

C. Availability

D. Confidentiality

Answer: A