CAP Practice Questions

Jenny is the project manager for the NBT projects. She is working with the project team and several subject matter experts to perform the quantitative risk analysis process. During...

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptiti...

Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the con...

You are the project manager of the BlueStar project in your company. Your company is structured as a functional organization and you report to the functional manager that you are r...

Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in th...

Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used? Each correct answer repre...

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the...

You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activ...

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

You are the project manager of the NHQ project for your company. Management has told you that you must implement an agreed upon contingency response if the Cost Performance Index i...

Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a h...

In what portion of a project are risk and opportunities greatest and require intense planning and anticipation of risk events?

You work as a project manager for BlueWell Inc. You with your team are using a method or a (technical) process that conceives the risks even if all theoretically possible safety me...

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative...

Fred is the project manager of the CPS project. He is working with his project team to prioritize the identified risks within the CPS project. He and the team are prioritizing risk...

Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should...

Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project w...

Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply.

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following c...

You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of lack of space, casting it is highly dangerous. H...

Which of the following statements about the authentication concept of information security management is true?

You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and h...

NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc i...

What are the responsibilities of a system owner? Each correct answer represents a complete solution. Choose all that apply.

During which of the following processes, probability and impact matrix is prepared?

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing s...

You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update...

Which of the following groups represents the most likely source of an asset loss through the inappropriate use of computers?

You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team ha...

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk r...

Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative r...

The Project Risk Management knowledge area focuses on which of the following processes? Each correct answer represents a complete solution. Choose all that apply.

Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment?

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?

Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information as...

You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk...

Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

Which of the following NIST C&A documents is the guideline for identifying an information system as a National Security System?

Which of the following system security policies is used to address specific issues of concern to the organization?

Which of the following individuals is responsible for ensuring the security posture of the organization's information system?

In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?

In which of the following DITSCAP phases is the SSAA developed?

Which of the following recovery plans includes a monitoring process and triggers for initiating planned actions?

What does RTM stand for?

Which of the following parts of BS 7799 covers risk analysis and management?

Which of the following NIST documents includes components for penetration testing?

According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?

Which of the following individuals is responsible for the final accreditation decision?