Exambible.com supplies you free dumps for ISC2 ISC2 exam. All of us are the simply one web site that items with every one of the ISC2 CAP exam products. Because the same with the actual ISC2 exam, our ISC2 ISC2 exam braindumps are in multiple-choice. Free downloadable ISC2 CAP exam questions using verified answers that reflect the real exam.

2021 Oct CAP practice test

Q181. Certification and Accreditation (C&A or CnA) is a process for implementing information security.

Which of the following is the correct order of C&A phases in a DITSCAP assessment?

A. Definition, Validation, Verification, and Post Accreditation

B. Verification, Definition, Validation, and Post Accreditation

C. Verification, Validation, Definition, and Post Accreditation

D. Definition, Verification, Validation, and Post Accreditation

Answer: D


Q182. Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

A. Access control entry (ACE)

B. Discretionary access control entry (DACE)

C. Access control list (ACL)

D. Security Identifier (SID)

Answer: A


Q183. Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

A. Mandatory Access Control

B. Role-Based Access Control

C. Discretionary Access Control

D. Policy Access Control

Answer: B


Q184. For which of the following reporting requirements are continuous monitoring documentation reports used?

A. FISMA

B. NIST

C. HIPAA

D. FBI

Answer: A


Q185. During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?

A. Risk rating

B. Warning signs

C. Cost of the project

D. Symptoms

Answer: C


Renovate CAP exam price:

Q186. Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards?

Each correct answer represents a complete solution. Choose all that apply.

A. SA System and Services Acquisition

B. CA Certification, Accreditation, and Security Assessments

C. IR Incident Response

D. Information systems acquisition, development, and maintenance

Answer: ABC


Q187. Which of the following classification levels defines the information that, if disclosed to the unauthorized parties, could be reasonably expected to cause exceptionally grave damage to the national security?

A. Secret information

B. Top Secret information

C. Confidential information

D. Unclassified information

Answer: B


Q188. You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

A. You will use organizational process assets for studies of similar projects by risk specialists.

B. You will use organizational process assets to determine costs of all risks events within the current project.

C. You will use organizational process assets for information from prior similar projects.

D. You will use organizational process assets for risk databases that may be available from industry sources.

Answer: B


Q189. Which of the following acts promote a risk-based policy for cost effective security?

Each correct answer represents a part of the solution. Choose all that apply.

A. Clinger-Cohen Act

B. Lanham Act

C. Computer Misuse Act

D. Paperwork Reduction Act (PRA)

Answer: AD


Q190. Neil works as a project manager for SoftTech Inc. He is working with Tom, the COO of his company, on several risks within the project. Tom understands that through qualitative analysis Neil has identified many risks in the project. Tom's concern, however, is that the priority list of these risk events are sorted in "high-risk," "moderate-risk," and "low-risk" as conditions apply within the project. Tom wants to know that is there any other objective on which Neil can make the priority list for project risks. What will be Neil's reply to Tom?

A. Risk may be listed by the responses inthe near-term

B. Risks may be listed by categories

C. Risks may be listed by the additional analysis and response

D. Risks may be listed by priority separately for schedule, cost, and performance

Answer: D