Want to know Ucertify CAP Exam practice test features? Want to lear more about ISC2 ISC2 CAP Certified Authorization Professional certification experience? Study Refined ISC2 CAP answers to Replace CAP questions at Ucertify. Gat a success with an absolute guarantee to pass ISC2 CAP (ISC2 CAP Certified Authorization Professional) test on your first attempt.

2021 Oct CAP free exam questions

Q141. Which of the following approaches can be used to build a security program?

Each correct answer represents a complete solution. Choose all that apply.

A. Bottom-Up Approach

B. Right-Up Approach

C. Top-Down Approach

D. Left-Up Approach

Answer: AC


Q142. You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register?

Each correct answer represents a complete solution. Choose two.

A. List of potential responses

B. List of identified risks

C. List ofmitigation techniques

D. List of key stakeholders

Answer: AB


Q143. The Identify Risk process determines the risks that affect the project and document their characteristics. Why should the project team members be involved in the Identify Risk process?

A. They are the individuals that will have the best responses for identified risks events within the project.

B. They are the individuals that are most affected by the risk events.

C. They are the individuals that will need a sense of ownership and responsibility for the risk events.

D. They are the individuals that will most likely cause and respond to the risk events.

Answer: C


Q144. David is the project manager of HGF project for his company. David, the project team, and several key stakeholders have completed risk identification and are ready to move into qualitative risk analysis. Tracy, a project team member, does not understand why they need to complete qualitative risk analysis. Which one of the following is the best explanation for completing qualitative risk analysis?

A. It isa rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.

B. It is a cost-effective means of establishing probability and impact for the project risks.

C. Qualitative risk analysis helps segment the project risks, create a risk breakdown structure, and create fast and accurate risk responses.

D. All risks must pass through quantitative risk analysis before qualitative risk analysis.

Answer: A


Q145. What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process?

Each correct answer represents a complete solution. Choose all that apply.

A. Conduct activities related to the disposition of the system data and objects.

B. Execute and update IA implementation plan.

C. Conduct validation activities.

D. Combine validation results in DIACAP scorecard.

Answer: BCD


Up to the immediate present CAP exam prep:

Q146. You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

A. Cost management plan

B. Procurement management plan

C. Stakeholder register

D. Quality management plan

Answer: B


Q147. Certification and Accreditation (C&A or CnA) is a process for implementing information security.

Which of the following is the correct order of C&A phases in a DITSCAP assessment?

A. Definition, Validation, Verification, and Post Accreditation

B. Verification, Definition, Validation, and Post Accreditation

C. Verification, Validation, Definition, and Post Accreditation

D. Definition, Verification, Validation, and Post Accreditation

Answer: D


Q148. Which of the following risk responses delineates that the project plan will not be changed to deal with the risk?

A. Acceptance

B. Mitigation

C. Exploitation

D. Transference

Answer: A


Q149. You work as a project manager for BlueWell Inc. You are currently working with the project stakeholders to identify risks in your project. You understand that the qualitative risk assessment and analysis can reflect the attitude of the project team and other stakeholders to risk. Effective assessment of risk requires management of the risk attitudes of the participants. What should you, the project manager, do with assessment of identified risks in consideration of the attitude and bias of the participants towards the project risk?

A. Document the bias for the risk events and communicate the bias with management

B. Evaluate and document the bias towards the risk events

C. Evaluate the bias through SWOT for true analysis of the risk events

D. Evaluate the bias towards the risk events and correct the assessment accordingly

Answer: D


Q150. Management wants you to create a visual diagram of what resources will be utilized in the project deliverables. What type of a chart is management asking you to create?

A. Work breakdown structure

B. Resource breakdown structure

C. RACI chart

D. Roles and responsibility matrix

Answer: B