★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Exambible older ISC2 lecturers and also experts may say yes to in which Exambible ISC2 CAP examination questions and answers are almost appropriate. The particular pass rate associated with ISC2 CAP Certified Authorization Professional has been almost 95 %. Over s, were able to demonstrate how the CAP examine components made beneficial reference for ISC2 prospects. The CAP pdf file definitely worth the examinees sparing without trying to study. It is possible to bet the shoe you will have optimistic result by the Exambible ISC2 CAP Certified Authorization Professional practice checks.
2016 Jun CAP exam topics
Q1. Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the project will risk management become easier. What answer best resolves the difficulty of risk management practices and the effort required?
A. Risk management only becomes easier the more often it is practiced.
B. Risk management is an iterative process and never becomes easier.
C. Risk management only becomes easier when the project moves into project execution.
D. Risk management only becomes easier when the project is closed.
Q2. Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?
A. DoD 8000.1
B. DoD 5200.40
C. DoD 5200.22-M
D. DoD 8910.1
Q3. Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified.
What should Jenny do with these risk events?
A. The events should be determined if they need to be accepted or responded to.
B. The events should be entered into qualitative risk analysis.
C. The events should continue on with quantitative risk analysis.
D. The events should be entered into the risk register.
Q4. Fred is the project manager of the PKL project. He is working with his project team to complete the quantitative risk analysis process as a part of risk management planning. Fred understands that once the quantitative risk analysis process is complete, the process will need to be completed again in at least two other times in the project. When will the quantitative risk analysis process need to be repeated?
A. Quantitative risk analysisprocess will be completed again after the plan risk response planning and as part of procurement.
B. Quantitative risk analysis process will be completed again after the cost managementplanning and as a part of monitoring and controlling.
C. Quantitativerisk analysis process will be completed again after new risks are identified and as part of monitoring and controlling.
D. Quantitative risk analysis process will be completed again after the risk response planning and as a part of monitoring and controlling.
Q5. FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?
A. Level 2
B. Level 3
C. Level 5
D. Level 4
E. Level 1
Renewal CAP download:
Q6. Which of the following assessment methods is used to review, inspect, and analyze assessment objects?
Q7. Which of the following is not a part of Identify Risks process?
A. Decision tree diagram
B. Cause and effect diagram
C. Influence diagram
D. System or process flow chart
Q8. The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.
A. Perform certification evaluation of the integrated system
B. System development
C. Certification and accreditation decision
D. Develop recommendation to the DAA
E. Continue to review and refine the SSAA
Q9. Which of the following statements about Discretionary Access Control List (DACL) is true?
A. It is a rule list containing access control entries.
B. It specifies whether an audit activity should be performed when an object attempts to access a resource.
C. It is a unique number that identifies a user, group,and computer account.
D. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
Q10. Which of the following statements correctly describes DIACAP residual risk?
A. It is the remaining risk to the information system after risk palliation has occurred.
B. It is a process of security authorization.
C. It is the technical implementation of the security design.
D. It is used to validate the information system.
see more ISC2 CAP Certified Authorization Professional