ISC2. Exam Questions CAP. ISC2 CAP Certified Authorization Professional. Version:Demo

Similar documents
ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

Streamlined FISMA Compliance For Hosted Information Systems

<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager.

Certified Information Security Manager (CISM) Course Overview

Threat and Vulnerability Assessment Tool

TEL2813/IS2820 Security Management

INFORMATION ASSURANCE DIRECTORATE

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP

MB2-710 Exam Questions Demo Microsoft. Exam Questions MB Microsoft Dynamics CRM 2016 Online Deployment

Security Management Models And Practices Feb 5, 2008

Program Review for Information Security Management Assistance. Keith Watson, CISSP- ISSAP, CISA IA Research Engineer, CERIAS

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

Courses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X

CCISO Blueprint v1. EC-Council

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Security Standards for Electric Market Participants

Exam Questions MB2-708

JN0-102 Exam Questions Demo Juniper. Exam Questions JN Junos, Associate (JNCIA-Junos)

SAC PA Security Frameworks - FISMA and NIST

CIS 444: Computer. Networking. Courses X X X X X X X X X

_isms_27001_fnd_en_sample_set01_v2, Group A

Federal Information Security Management Act (FISMA) Operational Controls and Their Relationship to Process Maturity

MIS Week 9 Host Hardening

Exam Questions Demo Microsoft. Exam Questions Developing Microsoft Azure Solutions

Solutions Technology, Inc. (STI) Corporate Capability Brief

Inspector General. Report on the Peace Corps Information Security Program. Peace Corps Office of. Background FISCAL YEAR 2017

MB6-890 Exam Questions Demo Microsoft. Exam Questions MB Microsoft Dynamics AX Development Introduction

Protecting your data. EY s approach to data privacy and information security

Exam Questions Demo Microsoft. Exam Questions HTML5 Application Development Fundamentals

SY0-501 Exam Questions Demo CompTIA. Exam Questions SY CompTIA Security+ Version:Demo

Exam Questions IIA-CGAP

Principles of Information Security, Fourth Edition. Chapter 1 Introduction to Information Security

Information Security Policy

Information Technology Branch Organization of Cyber Security Technical Standard

Cisco. Exam Questions DCTECH Supporting Cisco Data Center System Devices. Version:Demo

Cisco. Exam Questions SWITCH Implementing Cisco IP Switched Networks. Version:Demo

Information Technology General Control Review

Chapter 18: Evaluating Systems

Department of Defense INSTRUCTION

Cisco. Exam Questions Cisco Express Foundation for Field Engineers. Version:Demo

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

NIST Special Publication

Exam Questions Demo Cisco. Exam Questions

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

Altius IT Policy Collection Compliance and Standards Matrix

Department of Management Services REQUEST FOR INFORMATION

CompTIA Cybersecurity Analyst+

Standard for Security of Information Technology Resources

Google Cloud & the General Data Protection Regulation (GDPR)

Appendix 12 Risk Assessment Plan

Microsoft. Exam Questions Windows Operating System Fundamentals. Version:Demo

Exam Questions C

Ensuring System Protection throughout the Operational Lifecycle

NIST Security Certification and Accreditation Project

Exam Questions P

Altius IT Policy Collection Compliance and Standards Matrix

How AlienVault ICS SIEM Supports Compliance with CFATS

PK0-003 Q&As. Project+ (2009) Pass CompTIA PK0-003 Exam with 100% Guarantee. Free Download Real Questions & Answers PDF and VCE file from:

COURSE BROCHURE CISA TRAINING

Sage Data Security Services Directory

Exam Questions C

ADIENT VENDOR SECURITY STANDARD

The NIST Cybersecurity Framework

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA

DIACAP and the GIG IA Architecture. 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) (C)

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

DRAFT NATIONAL EDUCATION AND TRAINING STANDARD FOR SYSTEM CERTIFIERS

manner. IOPA conducts its reviews in conformance with Government Auditing Standards issued by the Comptroller General of the United States.

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

CISM QAE ITEM DEVELOPMENT GUIDE

CompTIA Project+ (2009 Edition) Certification Examination Objectives

Information Security Management System

Appendix 12 Risk Assessment Plan

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

CompTIA CASP (Advanced Security Practitioner)

BCM Program Development

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

NYDFS Cybersecurity Regulations

National Defense University and IRMC. National Defense University

CISA Training.

Objectives of the Security Policy Project for the University of Cyprus

ACHIEVING COMPLIANCE WITH NIST SP REV. 4:

Development Authority of the North Country Governance Policies

MIS5206-Section Protecting Information Assets-Exam 1

ASD CERTIFICATION REPORT

Predstavenie štandardu ISO/IEC 27005

International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management. Frequently Asked Questions

Certified Information Systems Auditor (CISA)

EXAM PREPARATION GUIDE

1Y0-A22 Exam Questions Demo Citrix. Exam Questions 1Y0-A22. Citrix XenApp 6.5 Advanced Administration

Continuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER

L E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N

Massimo Nardone, TKK, S Security of Communication Protocols

Healthcare Security Success Story

Building Secure Systems

Transcription:

ISC2 Exam Questions CAP ISC2 CAP Certified Authorization Professional Version:Demo

1. Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three. A. Finding an economic balance between the impact of the risk and the cost of the countermeasure B. Identifying the risk C. Assessing the impact of potential threats D. Identifying the accused Answer: ABC 2. In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system? A. Full operational test B. Penetration test C. Paper test D. Walk-through test 3. You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process? A. You will use organizational process assets for studies of similar projects by risk specialists. B. You will use organizational process assets to determine costs of all risks events within the current project. C. You will use organizational process assets for information from prior similar projects. D. You will use organizational process assets for risk databases that may be available from industry sources. 4. Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems? A. SSAA B. FIPS

C. FITSAF D. TCSEC Answer: A 5. Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project? A. Acceptance B. Mitigation C. Avoidance D. Transference 6. Which of the following statements is true about residual risks? A. It is a weakness or lack of safeguard that can be exploited by a threat. B. It can be considered as an indicator of threats coupled with vulnerability. C. It is the probabilistic risk after implementing all security measures. D. It is the probabilistic risk before implementing all security measures. 7. Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning." A. Risk register B. Risk management plan C. Project charter D. Quality management plan Answer: A

8. You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process? A. Cost management plan B. Quality management plan C. Procurement management plan D. Stakeholder register 9. Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of a response strategy is this? A. External risk response B. Internal risk management strategy C. Contingent response strategy D. Expert judgment 10. Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system? A. FITSAF B. TCSEC C. FIPS D. SSAA 11. Your project uses a piece of equipment that if the temperature of the machine goes above 450 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. Should this machine overheat even once it will delay the project's end date. You work with your project to create a response that should the temperature of the machine reach 430, the machine will be paused for at least an hour to cool it down. The temperature of 430 is called what?

A. Risk identification B. Risk response C. Risk trigger D. Risk event 12. According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD? Each correct answer represents a complete solution. Choose all that apply. A. DC Security Design & Configuration B. VI Vulnerability and Incident Management C. EC Enclave and Computing Environment D. Information systems acquisition, development, and maintenance Answer: ABC 13. Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation? A. Parkerian Hexad B. Capability Maturity Model (CMM) C. Classic information security model D. Five Pillars model Answer: D 14. You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan? A. Teamingagreements B. Crashing the project C. Transference

D. Fast tracking the project 15. FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented? A. Level 2 B. Level 3 C. Level 5 D. Level 4 E. Level 1 16. You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response? A. Risk register B. Risk log C. Risk management plan D. Project management plan Answer: A 17. Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs? A. Continuity of Operations Plan B. Disaster recovery plan C. Contingency plan D. Business continuity plan

18. The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply. A. System development B. Certification analysis C. Registration D. Assessment of the Analysis Results E. Configuring refinement of the SSAA Answer: ABDE 19. ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799. What are the ISO 17799 domains? Each correct answer represents a complete solution. Choose all that apply. A. Information security policy for the organization B. Personnel security C. Business continuity management D. System architecture management E. System development and maintenance Answer: ABCE 20. Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two. A. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system. B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system. C. Certification isthe official management decision given by a senior agency official to authorize operation of an information system.

D. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system. Answer: AD

Powered by TCPDF (www.tcpdf.org) CAP Exam Questions Demo Thank You for Trying Our Product We offer two products: 1st - We have Practice Tests Software with Actual Exam Questions 2nd - Questons and Answers in PDF Format CAP Practice Exam Features: * CAP Questions and Answers Updated Frequently * CAP Practice Questions Verified by Expert Senior Certified Staff * CAP Most Realistic Questions that Guarantee you a Pass on Your FirstTry * CAP Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year 100% Actual & Verified Instant Download, Please Click Order The CAP Practice Test Here

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback