Last Updated on February 21, 2022 by Admin 3

CAP : Certified Authorization Professional : Part 02

  1. You work as a project manager for BlueWell Inc. You are about to complete the quantitative risk analysis process for your project. You can use three available tools and techniques to complete this process. Which one of the following is NOT a tool or technique that is appropriate for the quantitative risk analysis process?

    • Quantitative risk analysis and modeling techniques
    • Data gathering and representation techniques
    • Expert judgment
    • Organizational process assets
  2. Gary is the project manager for his organization. He is working with the project stakeholders on the project requirements and how risks may affect their project. One of the stakeholders is confused about what constitutes risks in the project. Which of the following is the most accurate definition of a project risk?

    • It is an uncertain event that can affect the project costs.
    • It is an uncertain event or condition within the project execution.
    • It is an uncertain event that can affect at least one project objective.
    • It is an unknown event that can affect the project scope.
  3. You work as a project manager for TechSoft Inc. You are working with the project stakeholders onthe qualitative risk analysis process in your project. You have used all the tools to the qualitative risk analysis process in your project. Which of the following techniques is NOT used as a tool in qualitative risk analysis process?

    • Risk Reassessment
    • Risk Categorization
    • Risk Urgency Assessment
    • Risk Data Quality Assessment
  4. You are the project manager for your organization. You have determined that an activity is too dangerous to complete internally so you hire licensed contractor to complete the work. The contractor, however, may not complete the assigned work on time which could cause delays in subsequent work beginning. This is an example of what type of risk event?

    • Secondary risk
    • Transference
    • Internal
    • Pure risk
  5. Which of the following risk responses delineates that the project plan will not be changed to deal with the risk?

    • Acceptance
    • Mitigation
    • Exploitation
    • Transference
  6. Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric’s organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric’s organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

    • It depends on what the outcome of a lawsuit will determine.
    • No, the ZAS Corporation did not complete all of the work.
    • It depends on what the termination clause of the contract stipulates.
    • Yes, the ZAS Corporation did not choose to terminate the contract work.
  7. Mark works as a project manager for TechSoft Inc. Mark, the project team, and the key project stakeholders have completed a round of qualitative risk analysis. He needs to update the risk register with his findings so that he can communicate the risk results to the project stakeholders – including management. Mark will need to update all of the following information except for which one?

    • Watchlist of low-priority risks
    • Prioritized list of quantified risks
    • Risks grouped by categories
    • Trends in qualitative risk analysis
  8. Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards?

    Each correct answer represents a complete solution. Choose all that apply.

    • SA System and Services Acquisition
    • CA Certification, Accreditation, and Security Assessments
    • IR Incident Response
    • Information systems acquisition, development, and maintenance
  9. The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?

    Each correct answer represents a complete solution. Choose all that apply.

    • An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
    • An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
    • An ISSE provides advice on the continuous monitoring of the information system.
    • An ISSO takes part in the development activities that are required to implement system changes.
    • An ISSE provides advice on the impacts of system changes.
  10. Which of the following processes is described in the statement below?

    “This is the process of numerically analyzing the effect of identified risks on overall project objectives.”

    • Identify Risks
    • Perform Quantitative Risk Analysis
    • Perform Qualitative Risk Analysis
    • Monitor and Control Risks
  11. The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer?

    Each correct answer represents a complete solution. Choose all that apply.

    • Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan
    • Preserving high-level communications and working group relationships in an organization
    • Establishing effective continuous monitoring program for the organization
    • Facilitating the sharing of security risk-related information among authorizing officials
  12. Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project’s deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?

    • Acceptance
    • Mitigation
    • Avoidance
    • Transference
  13. You are the project manager of the BlueStar project in your company. Your company is structured as a functional organization and you report to the functional manager that you are ready to move onto the qualitative risk analysis process. What will you need as inputs for the qualitative risk analysis of the project in this scenario?

    • You will need the risk register, risk management plan, project scope statement, and any relevant organizational process assets.
    • You will need the risk register, risk management plan, outputs of qualitative risk analysis, and any relevant organizational process assets.
    • You will need the risk register, risk management plan, permission from the functional manager, and any relevant organizational process assets.
    • Qualitative risk analysis does not happen through the project manager in a functional struc ture.
  14. Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work.

    What component of the change control system would review the proposed changes’ impact on the features and functions of the project’s product?

    • Cost change control system
    • Scope change control system
    • Integrated change control
    • Configuration management system
  15. Which of the following tasks are identified by the Plan of Action and Milestones document?

    Each correct answer represents a complete solution. Choose all that apply.

    • The plans that need to be implemented
    • The resources needed to accomplish the elements of the plan
    • Any milestones that are needed in meeting the tasks
    • The tasks that are required to be accomplished
    • Scheduled completion dates for the milestones
  16. Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During this process she and the project team uncover several risks events that were not previously identified.

    What should Jenny do with these risk events?

    • The events should be determined if they need to be accepted or responded to.
    • The events should be entered into qualitative risk analysis.
    • The events should continue on with quantitative risk analysis.
    • The events should be entered into the risk register.
  17. Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee’s computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

    • Authenticity
    • Confidentiality
    • Availability
    • Integrity
  18. Your organization has named you the project manager of the JKN Project. This project has a BAC of $1,500,000 and it is expected to last 18 months. Management has agreed that if the schedule baseline has a variance of more than five percent then you will need to crash the project. What happens when the project manager crashes a project?

    • Project costs will increase.
    • The amount of hours a resource can be used will diminish.
    • The project will take longer to complete, but risks will diminish.
    • Project risks will increase.
  19. Which of the following individuals makes the final accreditation decision?

    • ISSE
    • DAA
    • CRO
    • ISSO
  20. Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?

    • DoD 8000.1
    • DoD 5200.40
    • DoD 5200.22-M
    • DoD 8910.1