CAP ISC2 Exam Questions and Free Practice Test

Question 37

Which of the following formulas was developed by FIPS 199 for categorization of an information system?

A. SC information system = {(confidentiality, impact), (integrity, controls), (availability, risk)}

B. SC information system = {(confidentiality, impact), (integrity, impact),(availability, impact)}

C. SC information system = {(confidentiality, controls), (integrity, controls), (availability, controls )}

D. SC information system = {(confidentiality, risk), (integrity, impact), (availability, controls)}

Correct Answer:B

Question 38

Which of the following is not a part of Identify Risks process?

A. System or process flow chart

B. Influence diagram

C. Decision tree diagram

D. Cause and effect diagram

Correct Answer:C

Question 39

Which of the following statements about Discretionary Access Control List (DACL) is true?

A. It is a rule list containing access control entries.

B. It specifies whether an audit activity should be performed when an object attempts to access a resource.

C. It is a unique number that identifies a user, group,and computer account.

D. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

Correct Answer:D

Question 40

Which of the following processes is described in the statement below?
"It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

A. Perform Quantitative Risk Analysis

B. Monitor and Control Risks

C. Perform Qualitative Risk Analysis

D. Identify Risks

Correct Answer:B

Question 41

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

A. TCSEC

B. FIPS

C. SSAA

D. FITSAF

Correct Answer:A

Question 42

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

A. Continuity of Operations Plan

B. Disaster recovery plan

C. Contingency plan

D. Business continuity plan

Correct Answer:C

START CAP EXAM