Your success in ISC2 CAP is our sole target and we develop all our CAP braindumps in a way that facilitates the attainment of this target. Not only is our CAP study material the best you can find, it is also the most detailed and the most updated. CAP Practice Exams for ISC2 CAP are written to the highest standards of technical accuracy.
Q129. Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk?
Each correct answer represents a complete solution. Choose all that apply.
A. System interaction
B. Human interaction
C. Equipment malfunction
D. Inside and outside attacks
E. Social status
F. Physical damage
Answer: BCDEF
Q130. You are the project manager of the GHQ project for your company. You are working you’re your project team to prepare for the qualitative risk analysis process. Mary, a project team member, does not understand why you need to complete qualitative risks analysis. You explain to Mary that qualitative risks analysis helps you determine which risks needs additional analysis. There are also some other benefits that qualitative risks analysis can do for the project. Which one of the following is NOT an accomplishment of the qualitative risk analysis process?
A. Cost of the risk impact if the risk event occurs
B. Corresponding impact on project objectives
C. Time frame for a risk response
D. Prioritization of identified risk events based on probability and impact
Answer: A
Q131. What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process?
Each correct answer represents a complete solution. Choose all that apply.
A. Develop DIACAP strategy.
B. Assign IA controls.
C. Assemble DIACAP team.
D. Initiate IA implementation plan.
E. Register system with DoD Component IA Program.
F. Conduct validation activity.
Answer: ABCDE
Q132. Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production?
Each correct answer represents a part of the solution. Choose all that apply.
A. NIST
B. FIPS
C. Office of Management and Budget (OMB)
D. FISMA
Answer: CD
Q133. Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of a response strategy is this?
A. External risk response
B. Internal risk management strategy
C. Contingent response strategy
D. Expert judgment
Answer: C
Q134. During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
A. Risk rating
B. Warning signs
C. Cost of the project
D. Symptoms
Answer: C
Q135. For which of the following reporting requirements are continuous monitoring documentation reports used?
A. FISMA
B. NIST
C. HIPAA
D. FBI
Answer: A
Q136. Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?
A. IATT
B. ATO
C. IATO
D. DATO
Answer: C