CAP ISC2 Exam Questions and Free Practice Test

Question 73

Which of the following are included in Administrative Controls?
Each correct answer represents a complete solution. Choose all that apply.

A. Conducting security-awareness training

B. Screening of personnel

C. Monitoring for intrusion

D. Implementing change control procedures

E. Developing policy

Correct Answer:ABDE

Question 74

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

A. Registration

B. Document mission need

C. Negotiation

D. Initial Certification Analysis

Correct Answer:ABC

Question 75

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

A. Risk management plan

B. Stakeholder management strategy

C. Risk register

D. Lessons learned documentation

Correct Answer:C

Question 76

Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk?
Each correct answer represents a complete solution. Choose all that apply.

A. System interaction

B. Human interaction

C. Equipment malfunction

D. Inside and outside attacks

E. Social status

F. Physical damage

Correct Answer:BCDEF

Question 77

Nancy is the project manager of the NHH project. She and the project team have identified a significant risk in the project during the qualitative risk analysis process. Bob is familiar with the technology that the risk is affecting and proposes to Nancy a solution to the risk event. Nancy tells Bob that she has noted his response, but the risk really needs to pass through the quantitative risk analysis process before creating responses. Bob disagrees and ensures Nancy that his response is most appropriate for the identified risk. Who is correct in this scenario?

A. Bob is correc

B. Bob is familiar with the technology and the risk event so his response should be implemented.

C. Nancy is correc

D. Because Nancy is the project manager she can determine the correct procedures for risk analysis and risk response

E. In addition, she has noted the risk response that Bob recommends.

F. Nancy is correc

G. All risks of significant probability and impact should pass the quantitative risk analysis process before risk responses are created.

H. Bob is correc

I. Not all riskevents have to pass the quantitative risk analysis process to develop effective risk responses.

Correct Answer:D

Question 78

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

A. Safeguards

B. Preventive controls

C. Detective controls

D. Corrective controls

Correct Answer:D

START CAP EXAM