Youd better use a test prior to buying the CAP products. This specific step can make you aware of your weak as well as strong features of the CAP exam preparation. Invest more occasion on the weak points. We provide free downloadable Pdf files as well as Test Powerplant software. You can download these on your PC as well as make full preparation for the ISC2 CAP real exam.
2021 Sep CAP practice exam
Q191. NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?
A. Substantial
B. Significant
C. Abbreviated
D. Comprehensive
Answer: C
Q192. In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?
A. Continuous Monitoring Phase
B. Accreditation Phase
C. Preparation Phase
D. DITSCAP Phase
Answer: A
Q193. You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?
A. Information on prior, similar projects
B. Review of vendor contracts to examine risks in past projects
C. Risk databases that may be available from industry sources
D. Studies of similar projects by risk specialists
Answer: B
Q194. Which of the following individuals informs all C&A participants about life cycle actions, security requirements, and documented user needs?
A. IS program manager
B. Certification Agent
C. User representative
D. DAA
Answer: A
Q195. Which of the following individuals is responsible for configuration management and control task?
A. Authorizing official
B. Information system owner
C. Chief information officer
D. Common control provider
Answer: B
Up to the immediate present CAP test preparation:
Q196. Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
A. TCSEC
B. FIPS
C. SSAA
D. FITSAF
Answer: A
Q197. Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?
Each correct answer represents a complete solution. Choose all that apply.
A. Race conditions
B. Social engineering
C. Information system architectures
D. Buffer overflows
E. Kernel flaws
F. Trojan horses
G. File and directory permissions
Answer: ABDEFG
Q198. You are the project manager of the GHQ project for your company. You are working you’re your project team to prepare for the qualitative risk analysis process. Mary, a project team member, does not understand why you need to complete qualitative risks analysis. You explain to Mary that qualitative risks analysis helps you determine which risks needs additional analysis. There are also some other benefits that qualitative risks analysis can do for the project. Which one of the following is NOT an accomplishment of the qualitative risk analysis process?
A. Cost of the risk impact if the risk event occurs
B. Corresponding impact on project objectives
C. Time frame for a risk response
D. Prioritization of identified risk events based on probability and impact
Answer: A
Q199. Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?
A. Risk response plan
B. Quantitative analysis
C. Risk response
D. Contingency reserve
Answer: D
Q200. Which of the following statements about role-based access control (RBAC) model is true?
A. In this model, the permissions are uniquely assigned to each user account.
B. In this model, a user can access resources according to his role in the organization.
C. In this model, the same permission is assigned to each user account.
D. In this model, the users canaccess resources according to their seniority.
Answer: B