CAP Practice Questions
404 real CAP exam questions with expert-verified answers and explanations. Page 7 of 9.
- Question #301Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following is not a part of Identify Risks process?
Risk ManagementRisk IdentificationRisk ToolsDecision Analysis - Question #302Compliance Maintenance
In which of the following phases does the SSAA maintenance take place?
RMFSSAAContinuous MonitoringAuthorization Maintenance - Question #303Compliance Maintenance
In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?
Continuous MonitoringSystem Security Plan (SSP)Plan of Action and Milestones (POAM)Risk Management Framework (RMF) - Question #304Selection and Approval of Framework, Security, and Privacy Controls
Which of the following refers to the ability to ensure that the data is not modified or tampered with?
Data integrityInformation security principlesCIA Triad - Question #305Implementation of Security and Privacy Controls
Management wants you to create a visual diagram of what resources will be utilized in the project deliverables. What type of a chart is management asking you to create?
Resource breakdown structureProject managementResource planningDeliverables - Question #306Assessment/Audit of Security and Privacy Controls
Which of the following documents is used to provide a standard approach to the assessment of NIST SP 800-53 security controls?
NIST SP 800-53ASecurity Control AssessmentNIST RMFCompliance Assessment - Question #307Security and Privacy Governance, Risk Management, and Compliance Program
What is the objective of the Security Accreditation Decision task?
Accreditation DecisionRisk AcceptanceRisk Management Framework (RMF)Authorization to Operate (ATO) - Question #308Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager for your organization. You are working with your key stakeholders in the qualitative risk analysis process. You understand that there is certain bias to...
Qualitative Risk AnalysisRisk Bias MitigationProject Risk ManagementRisk Assessment Criteria - Question #309Selection and Approval of Framework, Security, and Privacy Controls
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security cont...
International StandardsISO 27001Information Security ControlsRisk Management - Question #310Security and Privacy Governance, Risk Management, and Compliance Program
Beth is the project manager of the BFG Project for her company. In this project Beth has decided to create a contingency response based on the performance of the project schedule....
Schedule Variance (SV)Earned Value Management (EVM)Project ScheduleContingency Planning - Question #311Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should...
Risk ManagementRisk RegisterProject DocumentationRisk Response Planning - Question #312Selection and Approval of Framework, Security, and Privacy Controls
Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants...
RFIProcurementInformation GatheringVendor Management - Question #313Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States?
FISMAInformation Security LegislationFederal Information SecurityNational Security - Question #314Security and Privacy Governance, Risk Management, and Compliance Program
What approach can a project manager use to improve the project's performance during qualitative risk analysis?
Project Risk ManagementQualitative Risk AnalysisRisk PrioritizationProject Performance Improvement - Question #315Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following is used in the practice of Information Assurance (IA) to define assurance requirements?
Information AssuranceAssurance requirementsClassic security modelCIA triad - Question #316Security and Privacy Governance, Risk Management, and Compliance Program
Joan is the project manager of the BTT project for her company. She has worked with her project to create risk responses for both positive and negative risk events within the proje...
Risk ManagementRisk Response PlanningProject DocumentationOutputs (Project Management) - Question #317Selection and Approval of Framework, Security, and Privacy Controls
Which of the following access control models uses a predefined set of access privileges for an object of a system?
Access Control ModelsMandatory Access Control (MAC)Security Controls - Question #318Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following describes residual risk as the risk remaining after risk mitigation has occurred?
Residual RiskRisk MitigationDIACAPCertification and Accreditation - Question #319Security and Privacy Governance, Risk Management, and Compliance Program
You work as the project manager for Bluewell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decide, with your stakeholders'...
Project Risk ManagementSchedule CompressionFast Tracking - Question #320Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following components ensures that risks are examined for all new proposed change requests in the change control system?
Integrated Change ControlChange ManagementRisk ManagementSystem Lifecycle - Question #321Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following classification levels defines the information that, if disclosed to the unauthorized parties, could be reasonably expected to cause exceptionally grave damag...
Information ClassificationNational Security InformationGovernment Classification LevelsTop Secret - Question #322Security and Privacy Governance, Risk Management, and Compliance Program
Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and...
Risk ManagementRisk Response StrategiesContingency Planning - Question #323Compliance Maintenance
Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accred...
System Owner responsibilitiesAccreditation maintenanceContinuous monitoring - Question #324Security and Privacy Governance, Risk Management, and Compliance Program
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts...
Risk ManagementProject Management PlanRisk ResponsesContinuous Monitoring - Question #325Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?
IATOAuthorization to OperateRMFTemporary Approval - Question #327Security and Privacy Governance, Risk Management, and Compliance Program
Nancy is the project manager of the NHH project. She and the project team have identified a significant risk in the project during the qualitative risk analysis process. Bob is fam...
Risk Management ProcessQualitative Risk AnalysisQuantitative Risk AnalysisRisk Response Planning - Question #328Assessment/Audit of Security and Privacy Controls
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
TCSECSecurity StandardsSystem EvaluationControl Assessment - Question #329Compliance Maintenance
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase? Each co...
DITSCAPAccreditation LifecyclePost-Accreditation ActivitiesSecurity Operations - Question #330Security and Privacy Governance, Risk Management, and Compliance Program
The only output of the perform qualitative risk analysis are risk register updates. When the project manager updates the risk register he will need to include several pieces of inf...
Risk ManagementQualitative Risk AnalysisRisk RegisterRisk Analysis Outputs - Question #331Security and Privacy Governance, Risk Management, and Compliance Program
Billy is the project manager of the HAR Project and is in month six of the project. The project is scheduled to last for 18 months. Management asks Billy how often the project team...
Project Risk ManagementRisk ReassessmentRisk MonitoringBest Practices - Question #332Security and Privacy Governance, Risk Management, and Compliance Program
Rob is the project manager of the IDLK Project for his company. This project has a budget of $5,600,000 and is expected to last 18 months. Rob has learned that a new law may affect...
Risk Response StrategyLegislative RiskAcceptance (Risk Response)Project Risk Management - Question #333Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the ide...
Risk ManagementQualitative Risk AnalysisData Quality - Question #334Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of a large construction project. Part of the project involves the wiring of the electricity in the building your project is creating. You and the projec...
Risk ManagementRisk ResponseRisk TransferenceOutsourcing - Question #335Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the GHY project for your organization. You are about to start the qualitative risk analysis process for the project and you need to determine the rol...
Risk Management PlanRoles and ResponsibilitiesProject Risk ManagementQualitative Risk Analysis - Question #336Security and Privacy Governance, Risk Management, and Compliance Program
The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create a...
DITSCAPCertification and Accreditation (C&A)Definition PhaseProcess Activities - Question #337Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the GGH Project in your company. Your company is structured as a functional organization and you report to the functional manager that you are ready...
Quantitative Risk AnalysisRisk Management InputsProject ManagementFunctional Organization - Question #338Compliance Maintenance
Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?
Common Control ProviderRoles and ResponsibilitiesConfiguration ManagementMonitoring - Question #339Compliance Maintenance
In which of the following DIACAP phases is residual risk analyzed?
DIACAPResidual RiskCertification and Accreditation (C&A)Continuous Monitoring - Question #340Security and Privacy Governance, Risk Management, and Compliance Program
You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What...
ConfidentialityCIA TriadInformation Security PrinciplesData Protection - Question #341Security and Privacy Governance, Risk Management, and Compliance Program
Mark is the project manager of the BFL project for his organization. He and the project team are creating a probability and impact matrix using RAG rating. There is some confusion...
Risk ManagementRisk PrioritizationProbability and Impact MatrixRAG rating - Question #342Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.
Security risksRisk analysisRisk mitigationThreats and vulnerabilities - Question #343Assessment/Audit of Security and Privacy Controls
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF...
FITSAFSecurity AssessmentControl TestingMaturity Models - Question #344Security and Privacy Governance, Risk Management, and Compliance Program
A high-profile, high-priority project within your organization is being created. Management wants you to pay special attention to the project risks and do all that you can to ensur...
Risk aversionUtility functionRisk management conceptsOrganizational risk - Question #345Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following governance bodies directs and coordinates implementations of the information security program?
CISO rolesInformation security program managementGovernanceSecurity leadership - Question #346Implementation of Security and Privacy Controls
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process? Each correct answer represents a complete solution. Choose all that ap...
DIACAPControl ImplementationControl ValidationIA Controls - Question #347Implementation of Security and Privacy Controls
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?
DITSCAPCertification and Accreditation (C&A)SSAASecurity Authorization Phases - Question #348Security and Privacy Governance, Risk Management, and Compliance Program
The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0? Each correct answer represent...
Risk Management Framework (RMF)RMF Phase 0 (Prepare)Strategic Risk Assessment PlanningData Classification Criteria - Question #349Implementation of Security and Privacy Controls
Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes wi...
Configuration ManagementSystem LifecycleConsistencySystem Attributes - Question #350Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agre...
Roles and ResponsibilitiesIT Security ManagementConfidentiality, Integrity, Availability (CIA)Service Level Agreement (SLA) - Question #351Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
Risk ManagementQuantitative Risk AnalysisAnnualized Rate of OccurrenceThreat Frequency