CAP Online Practice Questions and Answers

Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

A. Access control entry (ACE)

B. Discretionary access control entry (DACE)

C. Access control list (ACL)

D. Security Identifier (SID)

Which of the following assessment methodologies defines a six-step technical security evaluation?

A. OCTAVE

B. FITSAF

C. DITSCAP

D. FIPS 102

You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a long list of risks that need to be analyzed. How often should you and the project team do risk identification?

A. At least once per month

B. Identify risks is an iterative process.

C. It depends on how many risks are initially identified.

D. Several times until the project moves into execution

During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?

A. Risk rating

B. Warning signs

C. Cost of the project

D. Symptoms

You are the project manager of the NKQ project for your organization. You have completed the quantitative risk analysis process for this portion of the project. What is the only output of the quantitative risk analysis process?

A. Probability of reaching project objectives

B. Risk contingency reserve

C. Risk response

D. Risk register updates

Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?

A. IATT

B. ATO

C. IATO

D. DATO

The Phase 4 of DITSCAP CandA is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

A. Maintenance of the SSAA

B. Compliance validation

C. Change management

D. System operations

E. Security operations

F. Continue to review and refine the SSAA

John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

A. Risk Response Plan

B. Risk Management Plan

C. Project ManagementPlan

D. Communications Management Plan

Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the project will risk management become easier. What answer best resolves the difficulty of risk management practices and the effort required?

A. Risk management only becomes easier the more often it is practiced.

B. Risk management is an iterative process and never becomes easier.

C. Risk management only becomes easier when the project moves into project execution.

D. Risk management only becomes easier when the project is closed.

Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply.

A. Clinger-Cohen Act

B. Lanham Act

C. Computer Misuse Act

D. Paperwork Reduction Act (PRA)