It is impossible to pass ISC2 CAP exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed ISC2 CAP practice questions. You will get a surprising result by our Avant-garde ISC2 CAP Certified Authorization Professional practice guides.
Q177. Which of the following individuals is responsible for preparing and submitting security status reports to the organizations?
A. Chief Information Officer
B. Senior Agency Information Security Officer
C. Common Control Provider
D. Authorizing Official
Answer: C
Q178. In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?
A. Phase 3
B. Phase 1
C. Phase 2
D. Phase 0
Answer: C
Q179. Which of the following formulas was developed by FIPS 199 for categorization of an information type?
A. SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}
B. SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}
C. SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}
D. SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}
Answer: B
Q180. Thomas is a key stakeholder in your project. Thomas has requested several changes to the project scope for the project you are managing. Upon review of the proposed changes, you have discovered that these new requirements are laden with risks and you recommend to the change control board that the changes be excluded from the project scope. The change control board agrees with you. What component of the change control system communicates the approval or denial of a proposed change request?
A. Configuration management system
B. Change log
C. Scope change control system
D. Integrated change control
Answer: D
Q181. Which of the following individuals is responsible for configuration management and control task?
A. Authorizing official
B. Information system owner
C. Chief information officer
D. Common control provider
Answer: B
Q182. Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)?
Each correct answer represents a complete solution. Choose all that apply.
A. NIST Special Publication 800-53A
B. NIST Special Publication 800-37A
C. NIST Special Publication 800-59
D. NIST Special Publication 800-53
E. NIST Special Publication 800-37
F. NIST Special Publication 800-60
Answer: ACDEF
Q183. You are the project manager of a large construction project. Part of the project involves the wiring of the electricity in the building your project is creating. You and the project team determine the electrical work is too dangerous to perform yourself so you hire an electrician to perform the work for the project. This is an example of what type of risk response?
A. Transference
B. Mitigation
C. Avoidance
D. Acceptance
Answer: A
Q184. In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.
What levels of potential impact are defined by FIPS 199?
Each correct answer represents a complete solution. Choose all that apply.
A. Low
B. Moderate
C. High
D. Medium
Answer: ACD