File Info
| Exam | Certified Authorization Professional |
| Number | CAP |
| File Name | ISC.CAP.VCEplus.2024-08-31.142q.vcex |
| Size | 98 KB |
| Posted | Aug 31, 2024 |
| Download | ISC.CAP.VCEplus.2024-08-31.142q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?
- Change control management
- Security management
- Configuration management
- Risk management
Correct answer: A
Question 2
Which of the following is not a part of Identify Risks process?
- System or process flow chart
- Influence diagram
- Decision tree diagram
- Cause and effect diagram
Correct answer: C
Question 3
In which of the following phases does the SSAA maintenance take place?
- Phase 3
- Phase 2
- Phase 1
- Phase 4
Correct answer: D
Question 4
Harry is a project manager of a software development project. In the early stages of planning, he and the stakeholders operated with the belief that the software they were developing would work with their organization's current computer operating system. Now that the project team has started developing the software it has become apparent that the software will not work with nearly half of the organization's computer operating systems.
The incorrect belief Harry had in the software compatibility is an example of what in project management?
- Issue
- Risk
- Constraint
- Assumption
Correct answer: D
Question 5
Which of the following statements about Discretionary Access Control List (DACL) is true?
- It is a rule list containing access control entries.
- It specifies whether an audit activity should be performed when an object attempts to access a resource.
- It is a unique number that identifies a user, group, and computer account.
- It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
Correct answer: D
Question 6
Which types of project tends to have more well-understood risks?
- State-of-art technology projects
- Recurrent projects
- Operational work projects
- First-of-its kind technology projects
Correct answer: B
Question 7
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?
Each correct answer represents a complete solution. Choose all that apply.
- An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
- An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
- An ISSE provides advice on the continuous monitoring of the information system.
- An ISSO takes part in the development activities that are required to implement system ch anges.
- An ISSE provides advice on the impacts of system changes.
Correct answer: ACE
Question 8
Which of the following processes is described in the statement below?
"This is the process of numerically analyzing the effect of identified risks on overall project objectives."
- Identify Risks
- Perform Quantitative Risk Analysis
- Perform Qualitative Risk Analysis
- Monitor and Control Risks
Correct answer: B
Question 9
In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?
- Continuous Monitoring Phase
- Accreditation Phase
- Preparation Phase
- DITSCAP Phase
Correct answer: A
Question 10
Which of the following processes is used to protect the data based on its secrecy, sensitivity, or confidentiality?
- Change Control
- Data Hiding
- Configuration Management
- Data Classification
Correct answer: D
