We provide real CAP exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass ISC2 CAP Exam quickly & easily. The CAP PDF type is available for reading and printing. You can print more and practice many times. With the help of our ISC2 CAP dumps pdf and vce product and material, you can easily pass the CAP exam.

Q137. Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing?

Each correct answer represents a complete solution. Choose all that apply.

A. Full-box

B. Zero-knowledge test

C. Full-knowledge test

D. Open-box

E. Partial-knowledge test

F. Closed-box

Answer: BCDEF


Q138. Which of the following statements is true about the continuous monitoring process?

A. It takes place in the middle of system security accreditation.

B. It takes place before and after system security accreditation.

C. It takes place before the initial system security accreditation.

D. It takes place after the initial system security accreditation.

Answer: D


Q139. Virginia is the project manager for her organization. She has hired a subject matter expert to interview the project stakeholders on certain identified risks within the project. The subject matter expert will assess the risk event with what specific goal in mind?

A. To determine the bias of the risk event based on each person interviewed

B. To determine the probability and cost of the risk event

C. To determine the validity of each risk event

D. To determine the level of probability and impact for each risk event

Answer: D


Q140. You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes?

A. Acceptance

B. Mitigation

C. Exploiting

D. Sharing

Answer: D


Q141. Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media?

A. RTM

B. CRO

C. DAA

D. ATM

Answer: A


Q142. You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?

A. Information on prior, similar projects

B. Review of vendor contracts to examine risks in past projects

C. Risk databases that may be available from industry sources

D. Studies of similar projects by risk specialists

Answer: B


Q143. Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

A. Corrective action

B. Technical performance measurement

C. Risk audit

D. Earned value management

Answer: A


Q144. Your organization has named you the project manager of the JKN Project. This project has a BAC of $1,500,000 and it is expected to last 18 months. Management has agreed that if the schedule baseline has a variance of more than five percent then you will need to crash the project. What happens when the project manager crashes a project?

A. Project costs will increase.

B. The amount of hours a resource can be used will diminish.

C. The projectwill take longer to complete, but risks will diminish.

D. Project risks will increase.

Answer: A