we provide Free ISC2 CAP answers which are the best for clearing CAP test, and to get certified by ISC2 ISC2 CAP Certified Authorization Professional. The CAP Questions & Answers covers all the knowledge points of the real CAP exam. Crack your ISC2 CAP Exam with latest dumps, guaranteed!

Q153. Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

A. Mandatory Access Control

B. Role-Based Access Control

C. Discretionary Access Control

D. Policy Access Control

Answer: B


Q154. You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

A. You will use organizational process assets for studies of similar projects by risk specialists.

B. You will use organizational process assets to determine costs of all risks events within the current project.

C. You will use organizational process assets for information from prior similar projects.

D. You will use organizational process assets for risk databases that may be available from industry sources.

Answer: B


Q155. Which of the following access control models uses a predefined set of access privileges for an object of a system?

A. Discretionary Access Control

B. Mandatory Access Control

C. Policy Access Control

D. Role-Based Access Control

Answer: B


Q156. Which of the following statements about Discretionary Access Control List (DACL) is true?

A. It is a rule list containing access control entries.

B. It specifies whether an audit activity should be performed when an object attempts to access a resource.

C. It is a unique number that identifies a user, group,and computer account.

D. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

Answer: D


Q157. Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?

Each correct answer represents a complete solution. Choose all that apply.

A. Race conditions

B. Social engineering

C. Information system architectures

D. Buffer overflows

E. Kernel flaws

F. Trojan horses

G. File and directory permissions

Answer: ABDEFG


Q158. Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

A. Risk management

B. Security management

C. Configuration management

D. Changecontrol management

Answer: D


Q159. The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer?

Each correct answer represents a complete solution. Choose all that apply.

A. Preserving high-level communications and working group relationships in an organization

B. Facilitating the sharing of security risk-related information among authorizing officials

C. Establishing effective continuous monitoring program for the organization

D. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

Answer: ACD


Q160. Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

A. Project contractual relationship with the vendor

B. Project communications plan

C. Project management plan

D. Project scope statement

Answer: C