Ensurepass
2017 July ISC Official New Released CAP Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/CAP.html

Certified Authorization Professional

QUESTION 261

Lisa is the project manager of the SQL project for her company. She has completed the risk response planning with her project team and is now ready to update the risk register to reflect the risk response. Which of the following statements best describes the level of detail Lisa should include with the risk responses she has created?

 

A.

The level of detail is set by historical information.

B.

The level of detail must define exactly the risk response for each identified risk.

C.

The level of detail is set of project risk governance.

D.

The level of detail should correspond with the priority ranking

 

Correct Answer: D

 

 

QUESTION 262

David is the project manager of HGF project for his company. David, the project team, and several key stakeholders have completed risk identification andare ready to move into qualitative risk analysis. Tracy, a project team member, does not understand why they need to complete qualitative risk analysis. Which one of the following is the best explanation for completing qualitative risk analysis?

 

A.

It isa rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.

B.

It is a cost-effective means of establishing probability and impact for the project risks.

C.

Qualitative risk analysis helps segment the project risks, create a risk breakdownstructure, and create fast and accurate risk responses.

D.

All risks must pass through quantitative risk analysis before qualitative risk analysis.

 

Correct Answer: A

 

 

QUESTION 263

The Identify Riskprocess determines the risks that affect the project and document their characteristics. Why should the project team members be involved in the Identify Risk process?

 

A.

They are the individuals that will have the best responses for identified risks events within the project.

B.

They are the individuals that are most affected by the risk events.

C.

They are the individuals that will need a sense of ownership and responsibility for the risk e vents.

D.

They are the individuals that will most likely cause and respond to the risk events.

 

Correct Answer: C

 

 

QUESTION 264

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

 

A.

NIST SP 800-53A

B.

NIST SP 800-26

C.

NIST SP 800-53

D.

NIST SP 800-59

E.

NIST SP 800-60

F.

NIST SP 800-37

 

Correct Answer: B

 

 

QUESTION 265

Which of the following recovery plans includes specific strategies and actions to deal withspecific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

 

A.

Business continuity plan

B.

Continuity of Operations Plan

C.

Disaster recovery plan

D.

Contingency plan

 

Correct Answer: D

 

 

 

 

 

QUESTION 266

An organization monitors the hard disks of its employees’ computers from time to time. Which policy does this pertain to?

 

A.

Network security policy

B.

User password policy

C.

Backup policy

D.

Privacy policy

 

Correct Answer: D

 

 

QUESTION 267

You work as a project manager for BlueWell Inc. You are working with your team members on the risk responses in the project. Which risk response will likely cause a project to use the procurement processes?

 

A.

Acceptance

B.

Mitigation

C.

Exploiting

D.

Sharing

 

Correct Answer: D

 

 

QUESTION 268

ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO17799. What are the ISO 17799 domains? Each correct answer represents a complete solution. Choose all that apply.

 

A.

Information security policy for the organization

B.

System architecture management

C.

Business continuity management

D.

System developmentand maintenance

E.

Personnel security

 

Correct Answer: ACDE

 

 

QUESTION 269

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

 

A.

Level 2

B.

Level 5

C.

Level 4

D.

Level 1

E.

Level 3

 

Correct Answer: E

QUESTION 270

Sammy is the project manager for her organization. She would like to rate each risk based on its probabilityand affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that anaccumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

 

A.

Harry is correct, because the risk probability and impact considers all objectives of the proj ect.

B.

Harry is correct, the risk probability and impact matrix is the only approach to riskassessm ent.

C.

Sammy is correct, because sheis the project manager.

D.

Sammy is correct, because organizations can create risk scores for each objective of the pr oject.

 

Correct Answer: D

100% Free Download!
—Download Free Demo:CAP Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass CAP Full Exam PDF and VCE Q&As:395
—Get 10% off your purchase! Copy it:TJDN-947R-9CCD [2017.07.01-2017.07.31]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE