Ensurepass
2017 July ISC Official New Released CAP Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/CAP.html

Certified Authorization Professional

QUESTION 241

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Full-box

B.

Zero-knowledge test

C.

Full-knowledge test

D.

Open-box

E.

Partial-knowledge testF. Closed-box

 

Correct Answer: BCDE

 

 

QUESTION 242

You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in therisk register? Each correct answer represents a complete solution. Choose two.

 

A.

List of potential responses

B.

List of identified risks

C.

List ofmitigation techniques

D.

List of key stakeholders

 

Correct Answer: AB

 

 

QUESTION 243

The Software Configuration Management (SCM) process defines the need to trace changes, and the ability to verify that the final delivered software has all of the planned enhancements that are supposed to be included in the release. What are the procedures that must be defined for each software project to ensure that a sound SCM process is implemented? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Configuration status accounting

B.

Configuration change control

C.

Configuration deployment

D.

Configuration audits

E.

Configuration identification

F.

Configuration implementation

Correct Answer: ABDE

 

 

QUESTION 244

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

 

A.

FIPS

B.

TCSEC

C.

SSAA

D.

FITSAF

 

Correct Answer: C

 

 

QUESTION 245

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.

 

A.

Information Assurance Manager

B.

Designated Approving Authority

C.

IS program manager

D.

User representative

E.

Certification agent

 

Correct Answer: BCDE

 

 

QUESTION 246

Which of the following processes is described in the statement below?

 

“It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project.”

 

A.

Perform Quantitative Risk Analysis

B.

Perform Qualitative Risk Analysis

C.

Monitor and Control Risks

D.

Identify Risks

 

Correct Answer: C

 

 

QUESTION 247

There are seven risk responses for any project. Which one of the following is a valid riskresponse for a negative risk event?

 

A.

Enhance

B.

Exploit

C.

Acceptance

D.

Share

 

Correct Answer: C

 

 

QUESTION 248

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. What are the different types of NIACAP accreditation? Each correct answer represents a complete solution. Choose all that apply.

 

A.

System accreditation

B.

Type accreditation

C.

Site accreditation

D.

Secure accreditation

 

Correct Answer: ABC

 

 

QUESTION 249

You are the project manager of the GHY Project for your company. You have completed the risk response planning with your project team. You now need to update the WBS. Why would the project manager need to update the WBS after the risk response planning process? Choose the best answer.

 

A.

Because of risks associated with work packages

B.

Because of work that was omitted during the WBS creation

C.

Because of risk responses that are now activities

D.

Because of new work generated by the risk responses

 

Correct Answer: D

 

 

QUESTION 250

The risk transference is referred to the transfer of risks to a third party, usually for a fee, it creates a contractual-relationship for the third party to manage the risk on behalf of the performing organization. Which one of the following isNOTan example of the transference risk response?

 

A.

Use of insurance

B.

Life cycle costing

C.

Warranties

D.

Performance bonds

 

Correct Answer: B

100% Free Download!
—Download Free Demo:CAP Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass CAP Full Exam PDF and VCE Q&As:395
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE