Ensurepass
2017 July ISC Official New Released CAP Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/CAP.html

Certified Authorization Professional

QUESTION 211

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

 

A.

Level 1

B.

Level 2

C.

Level 4

D.

Level 5

E.

Level 3

 

Correct Answer: C

 

QUESTION 212

A high-profile, high-priority project within your organization is being created. Management wants you to pay special attention to the project risks and do all that youcan to ensure that all of the risks are identified early in the project. Management has to ensure that this project succeeds. Management’s risk aversion in this project is associated with what term?

 

A.

Utility function

B.

Risk conscience

C.

Quantitativerisk analysis

D.

Risk mitigation

 

Correct Answer: A

 

 

QUESTION 213

Which of the following governance bodies directs and coordinates implementations of the information security program?

 

A.

Information Security Steering Committee

B.

Senior Management

C.

Business Unit Manager

D.

Chief Information Security Officer

 

Correct Answer: D

 

 

QUESTION 214

What are the subordinate tasks of theImplement and Validate Assigned IA Controlphase inthe DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Conduct activities related to the disposition of the system data and objects.

B.

Execute and update IA implementation plan.

C.

Conduct validation activities.

D.

Combine validation results in DIACAP scorecard.

 

Correct Answer: BCD

 

 

QUESTION 215

Which ofthe following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?

 

A.

Phase 3

B.

Phase 1

C.

Phase 2

D.

Phase 4

 

Correct Answer: C

 

 

 

 

 

QUESTION 216

The phase 0 of Risk Management Framework(RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0? Each correct a
nswer represents a complete solution. Choose all that apply.

 

A.

Review documentation and technical data.

B.

Apply classification criteria to rank data assets and related IT resources.

C.

Establish criteria that will be used to classify and rank data assets.

D.

Identify threats, vulnerabilities, and controls that will be evaluated.

E.

Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.

 

Correct Answer: BCDE

 

 

QUESTION 217

Which of the following fields of management focuses on establishing and maintaining consistency of a system’s or product’s performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

 

A.

Configuration management

B.

Procurement management

C.

Risk management

D.

Change management

 

Correct Answer: A

 

 

QUESTION 218

Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

 

A.

The Change Manager

B.

The IT Security Manager

C.

The Service Level Manager

D.

The Configuration Manager

 

Correct Answer: B

 

 

QUESTION 219

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

 

A.

Safeguard

B.

Single Loss Expectancy (SLE)

C.

Exposure Factor (EF)

D.

Annualized Rate of Occurrence (ARO)

 

Correct Answer: D

 

 

 

 

QUESTION 220

Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. Whatare the objectives of a security program? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Security organization

B.

System classification

C.

Information classification

D.

Security education

 

Correct Answer: ACD

100% Free Download!
—Download Free Demo:CAP Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass CAP Full Exam PDF and VCE Q&As:395
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE