CAP ISC2 Exam Questions and Free Practice Test

Question 43

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

A. Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.

B. Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.

C. Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.

D. Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

Correct Answer:D

Question 44

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?

A. DoD 8000.1

B. DoD 5200.40

C. DoD 5200.22-M

D. DoD 8910.1

Correct Answer:B

Question 45

Which of the following individuals is responsible for the final accreditation decision?

A. Certification Agent

B. User Representative

C. Information System Owner

D. Risk Executive

Correct Answer:C

Question 46

Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?

A. Harry is correct, because the risk probability and impact considers all objectives of the proj ect.

B. Harry is correct, the risk probability and impact matrix is the only approach to risk assessm ent.

C. Sammy is correct, because sheis the project manager.

D. Sammy is correct, because organizations can create risk scores for each objective of the pr oject.

Correct Answer:D

Question 47

Which of the following documents is used to provide a standard approach to the assessment of NIST SP 800-53 security controls?

A. NIST SP 800-37

B. NIST SP 800-41

C. NIST SP 800-53A

D. NIST SP 800-66

Correct Answer:C

Question 48

Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

A. Project contractual relationship with the vendor

B. Project communications plan

C. Project management plan

D. Project scope statement

Correct Answer:C

START CAP EXAM