Ensurepass
2017 July ISC Official New Released CAP Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/CAP.html

Certified Authorization Professional

QUESTION 121

Which of the following are the goals ofrisk management? Each correct answer represents a complete solution. Choose three.

 

A.

Finding an economic balance between the impact of the risk and the cost of the countermeasure

B.

Identifying the risk

C.

Assessing the impact of potential threats

D.

Identifying the accused

 

Correct Answer: ABC

 

 

QUESTION 122

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

 

A.

Full operational test

B.

Penetration test

C.

Paper test

D.

Walk-through test

 

Correct Answer: B

 

 

QUESTION 123

You are the project manager of the GHG project. You are preparing for the quantitative risk analysis proces
s. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

 

A.

You will use organizational process assets for studies of similar projects by riskspecialists.

B.

You will use organizational process assets to determine costs of all risks events within the current project.

C.

You will use organizational process assets for information from prior similar projects.

D.

You will use organizational process assets for risk databases that may be available from industry sources.

 

Correct Answer: B

 

 

QUESTION 124

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

 

A.

SSAA

B.

FIPS

C.

FITSAF

D.

TCSEC

 

Correct Answer: A

 

 

QUESTION 125

Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high riskexposure. What risk response has been enacted in this project?

 

A.

Acceptance

B.

Mitigation

C.

Avoidance

D.

Transference

 

Correct Answer: C

 

 

QUESTION 126

Which of the following statements is true about residual risks?

 

A.

It is a weakness or lack of safeguard that can be exploited by a threat.

B.

It can be considered as an indicator of threats coupled with vulnerability.

C.

It is the probabilistic risk after implementing all security measures.

D.

It is the probabilistic risk before implementing all security measures.

 

Correct Answer: C

 

 

QUESTION 127

Which of the following documents is described in the statement below?

 

“It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, andrisk response planning.”

 

A.

Risk register

B.

Risk management plan

C.

Project charter

D.

Quality management plan

 

Correct Answer: A

 

 

QUESTION 128

You are the project manager of the GHY project for your organization. You are working withyour project team to beginidentifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

 

A.

Cost management plan

B.

Quality management plan

C.

Procurement management plan

D.

Stakeholder register

 

Correct Answer: C

QUESTION 129

Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of a response strategyis this?

 

A.

External risk response

B.

Internal risk management strategy

C.

Contingent response strategy

D.

Expert judgment

 

Correct Answer: C

 

 

QUESTION 130

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

 

A.

FITSAF

B.

TCSEC

C.

FIPS

D.

SSAA

 

Correct Answer: B

100% Free Download!
—Download Free Demo:CAP Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass CAP Full Exam PDF and VCE Q&As:395
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE