Last Updated on February 21, 2022 by Admin 3

CAP : Certified Authorization Professional : Part 03

  1. Which of the following statements reflect the ‘Code of Ethics Canons’ in the ‘(ISC)2 Code of Ethics’?

    Each correct answer represents a complete solution. Choose all that apply.

    • Protect society, the commonwealth, and the infrastructure.
    • Act honorably, honestly, justly, responsibly, and legally.
    • Provide diligent and competent service to principals.
    • Give guidance for resolving good versus good and bad versus bad dilemmas.
  2. The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase?

    Each correct answer represents a complete solution. Choose all that apply.

    • Perform certification evaluation of the integrated system
    • System development
    • Certification and accreditation decision
    • Develop recommendation to the DAA
    • Continue to review and refine the SSAA
  3. John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

    • Risk Response Plan
    • Risk Management Plan
    • Project Management Plan
    • Communications Management Plan
  4. Harry is a project manager of a software development project. In the early stages of planning, he and the stakeholders operated with the belief that the software they were developing would work with their organization’s current computer operating system. Now that the project team has started developing the software it has become apparent that the software will not work with nearly half of the organization’s computer operating systems. The incorrect belief Harry had in the software compatibility is an example of what in project management?

    • Issue
    • Risk
    • Constraint
    • Assumption
  5. Which of the following statements about Discretionary Access Control List (DACL) is true?

    • It is a rule list containing access control entries.
    • It specifies whether an audit activity should be performed when an object attempts to access a resource.
    • It is a unique number that identifies a user, group, and computer account.
    • It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
  6. Which types of project tends to have more well-understood risks?

    • State-of-art technology projects
    • Recurrent projects
    • Operational work projects
    • First-of-its kind technology projects
  7. Virginia is the project manager for her organization. She has hired a subject matter expert to interview the project stakeholders on certain identified risks within the project. The subject matter expert will assess the risk event with what specific goal in mind?

    • To determine the bias of the risk event based on each person interviewed
    • To determine the probability and cost of the risk event
    • To determine the validity of each risk event
    • To determine the level of probability and impact for each risk event
  8. A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies?

    Each correct answer represents a complete solution. Choose all that apply.

    • Systematic
    • Informative
    • Regulatory
    • Advisory
  9. In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.

    What levels of potential impact are defined by FIPS 199?

    Each correct answer represents a complete solution. Choose all that apply.

    • Medium
    • High
    • Low
    • Moderat
  10. What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process?

    Each correct answer represents a complete solution. Choose all that apply.

    • Conduct activities related to the disposition of the system data and objects.
    • Execute and update IA implementation plan.
    • Conduct validation activities.
    • Combine validation results in DIACAP scorecard.
  11. Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?

    • Phase 3
    • Phase 1
    • Phase 2
    • Phase 4
  12. The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0?

    Each correct answer represents a complete solution. Choose all that apply.

    • Review documentation and technical data.
    • Apply classification criteria to rank data assets and related IT resources.
    • Establish criteria that will be used to classify and rank data assets.
    • Identify threats, vulnerabilities, and controls that will be evaluated.
    • Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.
  13. FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

    • Level 1
    • Level 2
    • Level 4
    • Level 5
    • Level 3
  14. A high-profile, high-priority project within your organization is being created. Management wants you to pay special attention to the project risks and do all that you can to ensure that all of the risks are identified early in the project. Management has to ensure that this project succeeds.

    Management’s risk aversion in this project is associated with what term?

    • Utility function
    • Risk conscience
    • Quantitative risk analysis
    • Risk mitigation
  15. Which of the following governance bodies directs and coordinates implementations of the information security program?

    • Information Security Steering Committee
    • Senior Management
    • Business Unit Manager
    • Chief Information Security Officer
  16. Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program?

    Each correct answer represents a complete solution. Choose all that apply.

    • Security organization
    • System classification
    • Information classification
    • Security education
  17. Which of the following are the types of access controls?

    Each correct answer represents a complete solution. Choose three.

    • Administrative
    • Automatic
    • Technical
    • Physical
  18. You are the project manager of the NNQ Project for your company and are working you’re your project team to define contingency plans for the risks within your project. Mary, one of your project team members, asks what a contingency plan is. Which of the following statements best defines what a contingency response is?

    • Some responses are designed for use only if certain events occur.
    • Some responses have a cost and a time factor to consider for each risk event.
    • Some responses must counteract pending risk events.
    • Quantified risks should always have contingency responses.
  19. Which of the following fields of management focuses on establishing and maintaining consistency of a system’s or product’s performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

    • Configuration management
    • Procurement management
    • Risk management
    • Change management
  20. Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

    • The Change Manager
    • The IT Security Manager
    • The Service Level Manager
    • The Configuration Manager