Note! Following CAP Exam is Retired now. Please select the alternative replacement for your Exam Certification.

CAP Exam Dumps - CAP - Certified Authorization Professional

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
Next
Last >>

Question # 17

Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

Sammy is correct, because organizations can create risk scores for each objective of the project.

Harry is correct, because the risk probability and impact considers all objectives of the project.

Harry is correct, the risk probability and impact matrix is the only approach to risk assessment.

Sammy is correct, because she is the project manager.

Full Access

Question # 18

The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase?

Each correct answer represents a complete solution. Choose all that apply.

Maintenance of the SSAA

Compliance validation

Change management

System operations

Security operations

Continue to review and refine the SSAA

Full Access

Question # 19

Which of the following RMF phases is known as risk analysis?

Phase 2

Phase 1

Phase 0

Phase 3

Full Access

Question # 20

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

Risk response plan

Quantitative analysis

Risk response

Contingency reserve

Full Access

Question # 21

In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

Phase 2

Phase 3

Phase 1

Phase 4

Full Access

Question # 22

You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a long list of risks that need to be analyzed. How often should you and the project team do risk identification?

At least once per month

Identify risks is an iterative process.

It depends on how many risks are initially identified.

Several times until the project moves into execution

Full Access

Question # 23

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information

Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD?

Each correct answer represents a complete solution. Choose all that apply.

VI Vulnerability and Incident Management

DC Security Design & Configuration

EC Enclave and Computing Environment

Information systems acquisition, development, and maintenance

Full Access

Question # 24

Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?

Each correct answer represents a complete solution. Choose all that apply.

Social engineering

File and directory permissions

Buffer overflows

Kernel flaws

Race conditions

Information system architectures

Trojan horses

Full Access

Go to page: