Download of CAP test materials and software for ISC2 certification for IT candidates, Real Success Guaranteed with Updated CAP pdf dumps vce Materials. 100% PASS ISC2 CAP Certified Authorization Professional exam Today!

2021 Oct CAP exam prep

Q211. You work as a project manager for BlueWell Inc. You are working with Nancy, the COO of your company, on several risks within the project. Nancy understands that through qualitative analysis you have identified 80 risks that have a low probability and low impact as the project is currently planned. Nancy's concern, however, is that the impact and probability of these risk events may change as conditions within the project may change. She would like to know where will you document and record these 80 risks that have low probability and low impact for future reference.

What should you tell Nancy?

A. Risk identification is an iterative process so any changes to the low probability and low impact risks will be reassessed throughout the project life cycle.

B. Risks with low probability and low impact are recorded in a watchlist for future monitoring.

C. All risks, regardless of their assessed impact and probability, are recorded in the risk log.

D. All risks are recorded in the risk management plan

Answer: B


Q212. Which of the following individuals is responsible for ensuring the security posture of the organization's information system?

A. Authorizing Official

B. Chief Information Officer

C. Security Control Assessor

D. Common Control Provider

Answer: A


Q213. To help review or design security controls, they can be classified by several criteria. One of these criteria is based on nature. According to this criteria, which of the following controls consists of incident response processes, management oversight, security awareness, and training?

A. Technical control

B. Physical control

C. Procedural control

D. Compliance control

Answer: C


Q214. You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

A. These risks can be accepted.

B. These risks can be added to a low priority risk watch list.

C. All risks must have a valid, documented risk response.

D. These risks can be dismissed.

Answer: B


Q215. Tracy is the project manager of the NLT Project for her company. The NLT Project is scheduled to last 14 months and has a budget at completion of $4,555,000. Tracy's organization will receive a bonus of $80,000 per day that the project is completed early up to $800,000. Tracy realizes that there are several opportunities within the project to save on time by crashing the project work.

Crashing the project is what type of risk response?

A. Mitigation

B. Exploit

C. Enhance

D. Transference

Answer: C


Renovate CAP free exam:

Q216. Mark works as a project manager for TechSoft Inc. Mark, the project team, and the key project stakeholders have completed a round of qualitative risk analysis. He needs to update the risk register with his findings so that he can communicate the risk results to the project stakeholders - including management. Mark will need to update all of the following information except for which one?

A. Watchlist of low-priority risks

B. Prioritized list of quantified risks

C. Risks grouped by categories

D. Trends in qualitative risk analysis

Answer: B


Q217. Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

A. Avoidance

B. Acceptance

C. Transference

D. Mitigation

Answer: A


Q218. You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is. Which of the following risk processes is repeated after the plan risk responses to determine if the overall project risk has been satisfactorily decreased?

A. Risk identification

B. Qualitative risk analysis

C. Risk response implementation

D. Quantitative risk analysis

Answer: D


Q219. The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase?

Each correct answer represents a complete solution. Choose all that apply.

A. Perform certification evaluation of the integrated system

B. System development

C. Certification and accreditation decision

D. Develop recommendation to the DAA

E. Continue to review and refine the SSAA

Answer: ACDE


Q220. In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199.

What levels of potential impact are defined by FIPS 199?

Each correct answer represents a complete solution. Choose all that apply.

A. Low

B. Moderate

C. High

D. Medium

Answer: ACD