Ensurepass
2017 July ISC Official New Released CAP Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/CAP.html

Certified Authorization Professional

QUESTION 191

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation?

 

A.

Chief Risk Officer

B.

Chief Information Security Officer

C.

Information System Owner

D.

Chief Information Officer

 

Correct Answer: C

 

 

QUESTION 192

Walter is the project manager of a large construction project. He’ll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all ofthe vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

 

A.

Project management plan

B.

Project contractual relationship with the vendor

C.

Project communications plan

D.

Project scope statement

 

Correct Answer: A

 

 


QUESTION 193

Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?

 

A.

IATT

B.

ATO

C.

IATO

D.

DATO

 

Correct Answer: C

 

 

QUESTION 194

Fill in the blank with an appropriate word.

 

________ ensures that the information is not disclosed to unauthorized persons or processes.

 

A.

Confidentiality

 

Correct Answer: A

 

 

QUESTION 195

Nancy is the project manager of the NHH project.She and the project team have identified a significant risk in the project during the qualitative risk analysis process. Bob is familiar with the technology that the risk is affecting and proposes to Nancy a solution to the risk event. Nancy tells Bob thatshe has noted his response, but the risk really needs to pass through the quantitative risk analysis process before creating responses. Bob disagrees and ensures Nancy that his response is most appropriate for the identified risk. Who is correct in this scenario?

 

A.

Bob is correct. Bob is familiar with the technology and the risk event so his response should be implemented.

B.

Nancy is correct. Because Nancy is the project manager she can determine the correct procedures for risk analysis and risk responses. In addition, she has noted the risk response that Bob recommends.

C.

Nancy is correct. All risks of significant probability and impact should pass the quantitative risk analysis process before risk responses are created.

D.

Bob is correct. Not all riskevents have to pass the quantitative risk analysis process to develop effective risk responses.

 

Correct Answer: D

 

 

QUESTION 196

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls builtinto a computer system?

 

A.

FITSAF

B.

TCSEC

C.

FIPS

D.

SSAA

 

Correct Answer: B

 

 

QUESTION 197

The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Maintenance of the SSAA

B.

Compliance validation

C.

Change management

D.

System operations

E.

Security operations

F.

Continue to review and refine the SSAA

 

Correct Answer: ABCDE

 

 

QUESTION 198

The only output of the perform qualitative risk analysis are risk register updates. When the project manager updates the risk register he will need to include several pieces of information including all of the following except for which one?

 

A.

Trends in qualitative risk analysis

B.

Risk probability-impact matrix

C.

Watchlist of low-priority risks

D.

Risks grouped by categories

 

Correct Answer: B

 

 

QUESTION 199

Billy is the project manager of the HAR Project and is in month six of the project. Theproject is scheduled to last for 18 months. Management asks Billy how often the project team is participating in risk reassessment in this project. What should Billy tell management if he’s following the best practices for risk management?

 

A.

At every status meeting the project team project risk management is an agenda item.

B.

Project risk management happens at every milestone
.

C.

Project risk management has been concluded with the project planning.

D.

Project risk management is scheduled for every monthin the 18-month project.

 

Correct Answer: A

 

 

 

 

 

 

QUESTION 200

Rob is the project manager of the IDLK Project for his company. This project has a budget of $5,600,000 and is expected to last 18 months. Rob has learned that a new law may affect how the project is allowed to proceed – even though the organization has already invested over $750,000 in the project. What risk response is the most appropriate for this instance?

 

A.

Transference

B.

Mitigation

C.

Enhance

D.

Acceptance

 

Correct Answer: D

100% Free Download!
—Download Free Demo:CAP Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass CAP Full Exam PDF and VCE Q&As:395
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE