CAP Practice Questions
404 real CAP exam questions with expert-verified answers and explanations. Page 8 of 9.
- Question #352Security and Privacy Governance, Risk Management, and Compliance Program
Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement informa...
Security Program ObjectivesSecurity GovernanceInformation ClassificationSecurity Awareness - Question #353Selection and Approval of Framework, Security, and Privacy Controls
Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.
Access ControlSecurity ControlsAdministrative ControlsTechnical Controls - Question #354Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the NNQ Project for your company and are working you're your project team to define contingency plans for the risks within your project. Mary, one of...
Contingency planningRisk responseRisk managementProject management - Question #355Security and Privacy Governance, Risk Management, and Compliance Program
Who is responsible for the stakeholder expectations management in a high-profile, high-risk project?
Project Management RolesStakeholder ManagementProject Manager ResponsibilitiesCommunication Management - Question #356Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into productio...
FISMAOMBSecurity AuthorizationFederal Compliance - Question #357Selection and Approval of Framework, Security, and Privacy Controls
Which of the following refers to a process that is used for implementing information security?
Certification and Accreditation (C&A)Information Security ProcessesAuthorization to Operate (ATO)Risk Management Framework (RMF) - Question #358Security and Privacy Governance, Risk Management, and Compliance Program
What project management plan is most likely to direct the quantitative risk analysis process for a project in a matrix environment?
Risk ManagementProject ManagementQuantitative Risk AnalysisProject Planning - Question #359Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs?
RMF Roles and ResponsibilitiesIS Program ManagerSecurity CommunicationSystem Lifecycle - Question #360Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative r...
Risk RegisterRisk ManagementQualitative Risk AnalysisQuantitative Risk Analysis - Question #361Security and Privacy Governance, Risk Management, and Compliance Program
Joan is a project management consultant and she has been hired by a firm to help them identify risk events within the project. Joan would first like to examine the project document...
Risk IdentificationProject DocumentationInconsistency AnalysisRisk Management - Question #362Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following statements about the availability concept of Information security management is true?
AvailabilityInformation Security ConceptsCIA TriadSecurity Management - Question #363System Compliance
Which of the following are the objectives of the security certification documentation task? Each correct answer represents a complete solution. Choose all that apply.
Security CertificationRMF DocumentationPOAMAccreditation Package - Question #364Assessment/Audit of Security and Privacy Controls
Which of the following statements about System Access Control List (SACL) is true?
SACLAuditingAccess Control ListsSecurity Auditing - Question #365Security and Privacy Governance, Risk Management, and Compliance Program
Kelly is the project manager of the BHH project for her organization. She is completing the risk identification process for this portion of her project. Which one of the following...
Risk identificationRisk registerProject managementRisk management process - Question #366Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager for your organization. You are working with your project team to complete the qualitative risk analysis process. The first tool and technique you are us...
Risk ManagementQualitative Risk AnalysisProbability and ImpactRisk Assessment - Question #367Security and Privacy Governance, Risk Management, and Compliance Program
You are preparing to complete the quantitative risk analysis process with your project team and several subject matter experts. You gather the necessary inputs including the projec...
Quantitative Risk AnalysisCost Management PlanProject Risk ManagementRisk Analysis Inputs - Question #368Assessment/Audit of Security and Privacy Controls
What NIACAP certification levels are recommended by the certifier? Each correct answer represents a complete solution. Choose all that apply.
NIACAPCertification and Accreditation (C&A)Security Assessment LevelsRisk Management Framework (RMF) - Question #369Security and Privacy Governance, Risk Management, and Compliance Program
You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' a...
Project ManagementFast TrackingProject Risk Management - Question #370Security and Privacy Governance, Risk Management, and Compliance Program
Information Security management is a process of defining the security controls in order to protect information assets. What are the security management responsibilities? Each corre...
Security Management ResponsibilitiesSecurity Program DesignSecurity GovernanceRisk Management Principles - Question #371Implementation of Security and Privacy Controls
Which of the following are included in Technical Controls? Each correct answer represents a complete solution. Choose all that apply.
Technical ControlsSecurity ControlsAccess ControlAuthentication - Question #372Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agr...
Risk ManagementRisk Response StrategiesRisk SharingTeaming Agreements - Question #373Assessment/Audit of Security and Privacy Controls
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing?...
Penetration testingWhite box testingBlack box testingGray box testing - Question #374Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register?...
Risk Management ProcessRisk Register ContentsRisk IdentificationRisk Responses - Question #375Implementation of Security and Privacy Controls
The Software Configuration Management (SCM) process defines the need to trace changes, and the ability to verify that the final delivered software has all of the planned enhancemen...
Software Configuration Management (SCM)Configuration ControlConfiguration AuditsSystem Development Life Cycle (SDLC) - Question #376System Compliance
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
DoD AccreditationSSAASystem Security DocumentationCompliance - Question #377Security and Privacy Governance, Risk Management, and Compliance Program
Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis proc...
Risk ManagementQuantitative Risk AnalysisRisk Assessment - Question #378System Compliance
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media?
Software Release ManagementSDLC PhasesQuality ControlProduct Delivery - Question #379Security and Privacy Governance, Risk Management, and Compliance Program
Amy is the project manager for her company. In her current project the organization has a very low tolerance for risk events that will affect the project schedule. Management has a...
Risk ManagementRisk PrioritizationOrganizational Risk ToleranceRisk Assessment - Question #380Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?
Change ManagementOrganizational ChangeProcess Management - Question #381Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the proj...
Risk ManagementRisk RegisterMitigation PlanningProject Documentation - Question #382Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following RMF phases is known as risk analysis?
RMF PhasesRisk AnalysisNIST SP 800-37Categorize Phase - Question #383Security and Privacy Governance, Risk Management, and Compliance Program
Jenny is the project manager of the NHJ Project for her company. She has identified several positive risk events within the project and she thinks these events can save the project...
Positive Risk ResponseRisk ManagementProject Management - Question #384Security and Privacy Governance, Risk Management, and Compliance Program
Wendy is about to perform qualitative risk analysis on the identified risks within her project. Which one of the following will NOT help Wendy to perform this project management ac...
Qualitative Risk AnalysisRisk Management ProcessProject Management DocumentsRisk Register - Question #385Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?
Supplier managementContract reviewRisk analysisRoles and responsibilities - Question #386Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager for the NHH project. You are working with your project team to examine the project from four different defined perspectives to increase the breadth of i...
Risk IdentificationSWOT AnalysisProject Risk Management - Question #387Selection and Approval of Framework, Security, and Privacy Controls
Which of the following are included in Physical Controls? Each correct answer represents a complete solution. Choose all that apply.
Physical SecurityPhysical ControlsEnvironmental SecurityAccess Control - Question #388Assessment/Audit of Security and Privacy Controls
Which of the following NIST Special Publication documents provides a guideline on network security testing?
NIST SP 800-42Network Security TestingNIST Guidelines - Question #389Security and Privacy Governance, Risk Management, and Compliance Program
Which one of the following is the only output for the qualitative risk analysis process?
Qualitative Risk AnalysisRisk RegisterRisk Management Processes - Question #390Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the q...
Organizational Process Assets (OPAs)Quantitative Risk AnalysisRisk Management Process - Question #391Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following objectives are defined by integrity in the C.I.A triad of information security systems? Each correct answer represents a part of the solution. Choose three.
CIA triadIntegrityInformation security principlesData consistency - Question #392Security and Privacy Governance, Risk Management, and Compliance Program
You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a lon...
Risk Management ProcessRisk IdentificationIterative ProcessProject Management - Question #393Security and Privacy Governance, Risk Management, and Compliance Program
Eric is the project manager of the MTC project for his company. In this project a vendor has offered Eric a sizeable discount on all hardware if his order total for the project is...
Risk ManagementPositive Risk ResponseOpportunity ManagementSharing Strategy - Question #394Security and Privacy Governance, Risk Management, and Compliance Program
You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative...
Risk ManagementRisk Response PlanningNegative RisksThreats - Question #395Security and Privacy Governance, Risk Management, and Compliance Program
Sam is the project manager of a construction project in south Florida. This area of the United States is prone to hurricanes during certain parts of the year. As part of the projec...
Risk managementRisk response strategiesPassive acceptance - Question #396Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following is NOT an objective of the security program?
Security ProgramSecurity GovernanceProgram ObjectivesInformation Security Management - Question #397Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following RMF phases identifies key threats and vulnerabilities that could compromise the confidentiality, integrity, and availability of the institutional critical as...
RMF phasesPrepare phaseThreat identificationVulnerability identification - Question #398Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of QSL project for your organization. You are working you're your project team and several key stakeholders to create a diagram that shows how various e...
Risk IdentificationSystem FlowchartsRisk Management Process - Question #399Implementation of Security and Privacy Controls
Which of the following statements about role-based access control (RBAC) model is true?
Role-Based Access Control (RBAC)Access Control ModelsPermissionsRoles - Question #400Security and Privacy Governance, Risk Management, and Compliance Program
Which of the following processes is used to protect the data based on its secrecy, sensitivity, or confidentiality?
Data ClassificationData ProtectionInformation SecurityConfidentiality - Question #401Assessment/Audit of Security and Privacy Controls
Which of the following assessment methods is used to review, inspect, and analyze assessment objects?
Assessment methodsSecurity assessmentExaminationControl assessment