We provide real CAP exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass ISC2 CAP Exam quickly & easily. The CAP PDF type is available for reading and printing. You can print more and practice many times. With the help of our ISC2 CAP dumps pdf and vce product and material, you can easily pass the CAP exam.
Q145. You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?
A. You will use organizational process assets for risk databases that may be available from industry sources.
B. You will use organizational process assets for studies of similar projects by risk specialists.
C. You will use organizational process assets to determine costs of all risks events within thecurrent project.
D. You will use organizational process assets for information from prior similar projects.
Answer: C
Q146. Which of the following is used throughout the entire C&A process?
A. DAA
B. DITSCAP
C. SSAA
D. DIACAP
Answer: C
Q147. You are the project manager of the GHY project for your organization. You are about to start the qualitative risk analysis process for the project and you need to determine the roles and responsibilities for conducting risk management. Where can you find this information?
A. Risk management plan
B. Enterprise environmental factors
C. Staffing management plan
D. Risk register
Answer: A
Q148. Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?
A. DITSCAP
B. NIACAP
C. NSA-IAM
D. ASSET
Answer: B
Q149. Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
A. SSAA
B. FIPS
C. FITSAF
D. TCSEC
Answer: A
Q150. James work as an IT systems personnel in SoftTech Inc. He performs the following tasks: Runs regular backups and routine tests of the validity of the backup data.
Performs data restoration from the backups whenever required.
Maintains the retained records in accordance with the established information classification policy.
What is the role played by James in the organization?
A. Manager
B. Owner
C. Custodian
D. User
Answer: C
Q151. During which of the following processes, probability and impact matrix is prepared?
A. Plan Risk Responses
B. Perform Quantitative Risk Analysis
C. Perform Qualitative Risk Analysis
D. Monitoring and Control Risks
Answer: C
Q152. Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the project will risk management become easier. What answer best resolves the difficulty of risk management practices and the effort required?
A. Risk management only becomes easier the more often it is practiced.
B. Risk management is an iterative process and never becomes easier.
C. Risk management only becomes easier when the project moves into project execution.
D. Risk management only becomes easier when the project is closed.
Answer: A