CAP Practice Questions

DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December...

Which of the following is a subset discipline of Corporate Governance focused on information security systems and their performance and risk management?

Ben is the project manager of the YHT Project for his company. Alice, one of his team members, is confused about when project risks will happen in the project. Which one of the fol...

You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming...

Where can a project manager find risk-rating rules?

There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to the perform quantitative risk analysis process?

Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk even...

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activ...

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning. Which of the following processes take place in phase 3? Each correct answer represents a...

Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the in...

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level...

Neil works as a project manager for SoftTech Inc. He is working with Tom, the COO of his company, on several risks within the project. Tom understands that through qualitative anal...

In which type of access control do user ID and password system come under?

You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What s...

Your project uses a piece of equipment that if the temperature of the machine goes above 450 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. Shou...

Adrian is the project manager of the NHP Project. In her project there are several work packages that deal with electrical wiring. Rather than to manage the risk internally she has...

James work as an IT systems personnel in SoftTech Inc. He performs the following tasks: - Runs regular backups and routine tests of the validity of the backup data. - Performs data...

Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

You are the project manager for your organization. You have identified a risk event you're your organization could manage internally or externally. If you manage the event internal...

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

Management wants you to create a visual diagram of what resources will be utilized in the project deliverables. What type of a chart is management asking you to create?

You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of...

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the diffe...

A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk respons...

Risks with low ratings of probability and impact are included on a ____ for future monitoring.

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative...

Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This docume...

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an in...

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

Which of the following roles is also known as the accreditor?

In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event ha...

Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.

Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

Your organization has a project that is expected to last 20 months but the customer would really like the project completed in 18 months. You have worked on similar projects in the...

The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations is...

Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost a...

During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?

You are the project manager of the NKQ project for your organization. You have completed the quantitative risk analysis process for this portion of the project. What is the only ou...

You work as the project manager for Bluewell Inc. You are working on NGQQ Projectyou're your company. You have completed the risk analysis processes for the risk events. You and th...

You work as a project manager for BlueWell Inc. You are currently working with the project stakeholders to identify risks in your project. You understand that the qualitative risk...

Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

Courtney is the project manager for her organization. She is working with the project team to complete the qualitative risk analysis for her project. During the analysis Courtney e...

You work as a project manager for BlueWell Inc. You are working with Nancy, the COO of your company, on several risks within the project. Nancy understands that through qualitative...

You work as a project manager for BlueWell Inc. Management has asked you to work with the key project stakeholder to analyze the risk events you have identified in the project. The...