CAP : Certified Authorization Professional : Part 09

CAP : Certified Authorization Professional : Part 09

  1. Which of the following RMF phases identifies key threats and vulnerabilities that could compromise the confidentiality, integrity, and availability of the institutional critical assets?

    • Phase 2
    • Phase 1
    • Phase 3
    • Phase 0

  2. You are the project manager of the NHQ project for your company. Management has told you that you must implement an agreed upon contingency response if the Cost Performance Index in your project is less than 0.90. Consider that your project has a budget at completion of $250,000 and is 60 percent complete. You are scheduled to be however, 75 percent complete, and you have spent $165,000 to date. What is the Cost Performance Index for this project to determine if the contingency response should happen?

    • 0.88
    • 0.80
    • -$37,500
    • 0.91

  3. Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

    • Avoidance
    • Acceptance
    • Transference
    • Mitigation

  4. Which of the following are the goals of risk management?

    Each correct answer represents a complete solution. Choose three.

    • Finding an economic balance between the impact of the risk and the cost of the counterme asure
    • Identifying the risk
    • Assessing the impact of potential threats
    • Identifying the accused

  5. Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the project will risk management become easier. What answer best resolves the difficulty of risk management practices and the effort required?

    • Risk management only becomes easier the more often it is practiced.
    • Risk management is an iterative process and never becomes easier.
    • Risk management only becomes easier when the project moves into project execution.
    • Risk management only becomes easier when the project is closed.

  6. Which of the following is NOT an objective of the security program?

    • Security organization
    • Security plan
    • Security education
    • Information classification

  7. Fred is the project manager of the CPS project. He is working with his project team to prioritize the identified risks within the CPS project. He and the team are prioritizing risks for further analysis or action by assessing and combining the risks probability of occurrence and impact.

    What process is Fred completing?

    • Risk identification
    • Perform qualitative analysis
    • Perform quantitative analysis
    • Risk Breakdown Structure creation

  8. Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response?

    • Diane
    • Risk owner
    • Subject matter expert
    • Project sponsor

  9. Ned is the project manager of the HNN project for your company. Ned has asked you to help him complete some probability distributions for his project. What portion of the project will you most likely use for probability distributions?

    • Uncertainty in values such as duration of schedule activities
    • Bias towards risk in new resources
    • Risk probability and impact matrixes
    • Risk identification

  10. In what portion of a project are risk and opportunities greatest and require intense planning and anticipation of risk events?

    • Planning
    • Executing
    • Closing
    • Initiating

  11. You work as a project manager for BlueWell Inc. You with your team are using a method or a (technical) process that conceives the risks even if all theoretically possible safety measures would be applied. One of your team member wants to know that what is a residual risk. What will you reply to your team member?

    • It is a risk that remains because no risk response is taken.
    • It is a risk that remains after planned risk responses are taken.
    • It is a risk that can not be addressed by a risk response.
    • It is a risk that will remain no matter what type of risk response is offered.

  12. You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

    • Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.
    • Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
    • Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
    • Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

  13. You are the project manager of QSL project for your organization. You are working you’re your project team and several key stakeholders to create a diagram that shows how various elements of a system interrelate and the mechanism of causation within the system. What diagramming technique are you using as a part of the risk identification process?

    • Cause and effect diagrams
    • System or process flowcharts
    • Predecessor and successor diagramming
    • Influence diagrams

  14. Which of the following parts of BS 7799 covers risk analysis and management?

    • Part 1
    • Part 3
    • Part 2
    • Part 4

  15. Which of the following NIST documents includes components for penetration testing?

    • NIST SP 800-53
    • NIST SP 800-26
    • NIST SP 800-37
    • NIST SP 800-30

  16. According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?

    • Confidential, Secret, and High
    • Minimum, Moderate, and High
    • Low, Normal, and High
    • Low, Moderate, and High

  17. In which of the following DITSCAP phases is the SSAA developed?

    • Phase 4
    • Phase 2
    • Phase 1
    • Phase 3

  18. Which of the following recovery plans includes a monitoring process and triggers for initiating planned actions?

    • Contingency plan
    • Business continuity plan
    • Disaster recovery plan
    • Continuity of Operations Plan

  19. What does RTM stand for?

    • Resource Testing Method
    • Replaced Traceability Matrix
    • Requirements Traceability Matrix
    • Resource Tracking Matrix

  20. Which of the following is not a part of Identify Risks process?

    • Decision tree diagram
    • Cause and effect diagram
    • Influence diagram
    • System or process flow chart
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments