CAP Online Practice Questions and Answers

Jenny is the project manager of the NHJ Project for her company. She has identified several positive risk events within the project and she thinks these events can save the project time and money. You, a new team member wants to know that how many risk responses are available for a positive risk event. What will Jenny reply to you?

A. Four

B. Seven

C. Acceptance is the only risk response for positive risk events.

D. Three

Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.

A. Custodian

B. User

C. Security auditor

D. Editor

E. Owner

You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. They would like you to analyze the project risks with a goal of improving the project's performance as a whole. What approach can you use to achieve the goal of improving the project's performance through risk analysis with your project stakeholders?

A. Involve subject matter experts in the risk analysis activities

B. Focus on the high-priority risks through qualitative risk analysis

C. Use qualitative risk analysis to quickly assess the probability and impact of risk events

D. Involve the stakeholders for risk identification only in the phases where the project directlyaffects them

There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?

A. Acceptance

B. Mitigation

C. Sharing

D. Transference

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

A. Full operational test

B. Penetration test

C. Paper test

D. Walk-through test

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

A. SSAA

B. FIPS

C. FITSAF

D. TCSEC

You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

A. Cost management plan

B. Quality management plan

C. Procurement management plan

D. Stakeholder register

The Phase 4 of DITSCAP CandA is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

A. Maintenance of the SSAA

B. Compliance validation

C. Change management

D. System operations

E. Security operations

F. Continue to review and refine the SSAA

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.

A. Information Assurance Manager

B. Designated Approving Authority

C. IS program manager

D. User representative

E. Certification agent

In 2003, NIST developed a new Certification and Accreditation (CandA) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.

A. Medium

B. High

C. Low

D. Moderate