CAP Practice Questions
404 real CAP exam questions with expert-verified answers and explanations. Page 2 of 9.
- Question #51Security and Privacy Governance, Risk Management, and Compliance Program
Your project is an agricultural-based project that deals with plant irrigation systems. You have discovered a byproduct in your project that your organization could use to make a p...
Risk ManagementRisk Response StrategiesOpportunity ManagementExploiting Opportunities - Question #52Security and Privacy Governance, Risk Management, and Compliance Program
You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular co...
Contract typesProcurement riskProgram managementBuyer risk - Question #53Scope of the System
Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?
NIST SP 800-59National Security SystemsSystem IdentificationInformation System Categorization - Question #54Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation...
Risk Management ProcessRisk IdentificationProject ManagementInformation Security Governance - Question #55Security and Privacy Governance, Risk Management, and Compliance Program
There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?
Risk ManagementRisk ResponsesPositive RisksNegative Risks - Question #56Security and Privacy Governance, Risk Management, and Compliance Program
What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?
NegotiationBATNARisk Management Strategy - Question #57Scope of the System
Which of the following is the acronym of RTM?
Requirements Traceability MatrixAcronymsSystem RequirementsSDLC - Question #58Security and Privacy Governance, Risk Management, and Compliance Program
Thomas is the project manager of the NHJ Project for his company. He has identified several positive risk events within his project and he thinks these events can save the project...
Risk ManagementPositive RiskOpportunities - Question #59Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the GGG project. You have completed the risk identification process for the initial phases of your project. As you begin to document the risk events...
Risk Management ProcessRisk RegisterRisk IdentificationRisk Response Planning - Question #60Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following are the tasks performed by the owner in the information classification schemes? Each correct answer represents a part of the solution. Choose three.
Information ClassificationData Owner RolesSecurity GovernanceRoles and Responsibilities - Question #61Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.
Security program developmentProgram building approachesTop-down approachBottom-up approach - Question #62Security and Privacy Governance, Risk Management, and Compliance Program
Mary is the project manager for the BLB project. She has instructed the project team to assemble, to review the risks. She has included the schedule management plan as an input for...
Risk ManagementQuantitative Risk AnalysisSchedule ManagementRisk Analysis Inputs - Question #63Security and Privacy Governance, Risk Management, and Compliance Program
Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has...
Risk assessmentProject riskRisk impactRisk scoring - Question #64Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following phases of the DITSCAP C&A process is used to define the C&A level of effort, to identify the main C&A roles and responsibilities, and to create an agreement...
DITSCAPC&A processSecurity requirementsPhase 1 - Question #65Security and Privacy Governance, Risk Management, and Compliance Program
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required...
Security PolicyPolicy DevelopmentSecurity GovernancePolicy Elements - Question #66Security and Privacy Governance, Risk Management, and Compliance Program
The Project Risk Management knowledge area focuses on which of the following processes? Each correct answer represents a complete solution. Choose all that apply.
Risk Management ProcessesProject Risk ManagementRisk AnalysisRisk Monitoring - Question #67Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following objectives are defined by integrity in the C.I.A triad of information security systems? Each correct answer represents a part of the solution. Choose three.
CIA TriadIntegrityInformation Security Principles - Question #68Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.
Risk Management GoalsRisk IdentificationRisk AssessmentRisk Response - Question #69Assessment/Audit of Security and Privacy Controls
In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an in...
Penetration TestingSecurity AssessmentTesting MethodologiesVulnerability Exploitation - Question #70Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the q...
Quantitative Risk AnalysisOrganizational Process AssetsRisk Management - Question #71System Compliance
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
DoD SecuritySystem AccreditationSSAAAuthorization Documents - Question #72Security and Privacy Governance, Risk Management, and Compliance Program
Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a h...
Risk AvoidanceRisk Response StrategiesRisk ManagementProject Scope Management - Question #73Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following statements is true about residual risks?
Residual RiskRisk ManagementRisk DefinitionSecurity Controls - Question #74Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative r...
Risk ManagementRisk RegisterQualitative Risk AnalysisQuantitative Risk Analysis - Question #75Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation...
Risk ManagementProject ManagementRisk IdentificationProject Plans - Question #76Security and Privacy Governance, Risk Management, and Compliance Program
Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and...
Risk ManagementRisk Response StrategiesContingency Planning - Question #77Assessment/Audit of Security and Privacy Controls
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
TCSECSecurity evaluation standardsControl assessmentSystem security - Question #78Security and Privacy Governance, Risk Management, and Compliance Program
Your project uses a piece of equipment that if the temperature of the machine goes above 450 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. Shou...
Risk managementRisk terminologyRisk triggerRisk response planning - Question #79Selection and Approval of Framework, Security, and Privacy Controls
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the fo...
DoD 8500.2Information Assurance AreasSecurity ControlsGovernment Frameworks - Question #80Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authenticatio...
Information AssuranceIA Five PillarsSecurity PrinciplesConfidentiality Integrity Availability - Question #81Implementation of Security and Privacy Controls
You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update...
Risk ResponseProject Management TechniquesCrashingHuman Resource Planning - Question #82Implementation of Security and Privacy Controls
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF...
FITSAFSecurity Assessment FrameworksControl ImplementationMaturity Models - Question #83Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the proj...
Risk ManagementRisk RegisterMitigation ResponseProject Management - Question #84Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency,...
Contingency PlanningRecovery PlansBusiness ContinuityDisaster Recovery - Question #85Assessment/Audit of Security and Privacy Controls
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process...
DITSCAPC&A processVerification phaseCertification analysis - Question #86Selection and Approval of Framework, Security, and Privacy Controls
ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an aud...
ISO 17799Information Security StandardsControl DomainsCompliance - Question #87Security and Privacy Governance, Risk Management, and Compliance Program
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing s...
CertificationAccreditationC&A processAuthorization to Operate (ATO) - Question #88Security and Privacy Governance, Risk Management, and Compliance Program
Amy is the project manager for her company. In her current project the organization has a very low tolerance for risk events that will affect the project schedule. Management has a...
Risk ManagementRisk PrioritizationOrganizational Risk ToleranceProject Risk Management - Question #89Security and Privacy Governance, Risk Management, and Compliance Program
Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project document...
Risk IdentificationDocument ReviewInconsistenciesRisk Management - Question #90Security and Privacy Governance, Risk Management, and Compliance Program
You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a lon...
Risk IdentificationRisk Management ProcessIterative ProcessProject Lifecycle - Question #91Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that appl...
NIST Special PublicationsCertification & Accreditation (C&A)Risk Management Framework (RMF)Information Security Standards - Question #92Security and Privacy Governance, Risk Management, and Compliance Program
John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he...
Communications ManagementStakeholder CommunicationRisk CommunicationProject Planning - Question #93Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs?
IS Program Manager RolesA&A ProcessSecurity RequirementsSystem Lifecycle Management - Question #94Security and Privacy Governance, Risk Management, and Compliance Program
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk even...
Risk ManagementQuantitative Risk AnalysisContingency ReserveFinancial Impact - Question #95Security and Privacy Governance, Risk Management, and Compliance Program
Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis proc...
Quantitative Risk AnalysisRisk Management ProcessRisk Assessment - Question #96Implementation of Security and Privacy Controls
You are the project manager of the NNH Project. In this project you have created a contingency response that the schedule performance index should be less than 0.93. The NHH Projec...
Project ManagementEarned Value Management (EVM)Schedule Performance Index (SPI)Project Monitoring and Control - Question #97Selection and Approval of Framework, Security, and Privacy Controls
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?
Security ControlsCorrective ControlsIncident ResponseControl Types - Question #98Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following is NOT an objective of the security program?
Security program objectivesSecurity program managementInformation security governanceSecurity planning - Question #99Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following is NOT a responsibility of a data owner?
Data ownerRoles and responsibilitiesInformation governanceData protection - Question #100Security and Privacy Governance, Risk Management, and Compliance Program
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts...
Project Risk ManagementProject Management PlanRisk RegisterRisk Response Planning