CAP : Certified Authorization Professional : Part 12

Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology?
- Computer Misuse Act
- Lanham Act
- Clinger-Cohen Act
- Paperwork Reduction Act
Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis process when Mary, the project sponsor, wants to know what quantitative risk analysis will review. Which of the following statements best defines what quantitative risk analysis will review?
- The quantitative risk analysis seeks to determine the true cost of each identified risk event and the probability of each risk event to determine the risk exposure.
- The quantitative risk analysis process will review risk events for their probability and impact on the project objectives.
- The quantitative risk analysis reviews the results of risk identification and prepares the project for risk response management.
- The quantitative risk analysis process will analyze the effect of risk events that may substantially impact the project’s competing demands.
Eric is the project manager of the MTC project for his company. In this project a vendor has offered Eric a sizeable discount on all hardware if his order total for the project is more than $125,000. Right now, Eric is likely to spend $118,000 with vendor. If Eric spends $7,000 his cost savings for the project will be $12,500, but he cannot purchase hardware if he cannot implement the hardware immediately due to organizational policies. Eric consults with Amy and Allen, other project managers in the organization, and asks if she needs any hardware for their projects. Both Amy and Allen need hardware and they agree to purchase the hardware through Eric’s relationship with the vendor. What positive risk response has happened in this instance?
- Transference
- Exploiting
- Sharing
- Enhancing
A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it’ll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?
- Add the identified risk to a quality control management control chart.
- Add the identified risk to the risk register.
- Add the identified risk to the issues log.
- Add the identified risk to the low-level risk watchlist.
Which of the following concepts represent the three fundamental principles of information security?

Each correct answer represents a complete solution. Choose three.
- Privacy
- Integrity
- Availability
- Confidentiality
Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?
- Chief Information Security Officer
- Senior Management
- Information Security Steering Committee
- Business Unit Manager
Jeff, a key stakeholder in your project, wants to know how the risk exposure for the risk events is calculated during quantitative risk analysis. He is worried about the risk exposure which is too low for the events surrounding his project requirements. How is the risk exposure calculated?
- The probability of a risk event plus the impact of a risk event determines the true risk expo sure.
- The risk exposure of a risk event is determined by historical information.
- The probability of a risk event times the impact of a risk event determines the true risk exposure.
- The probability and impact of a risk event are gauged based on research and in-depth analysis.
You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. You will need all of the following as inputs to the qualitative risk analysis process except for which one?
- Risk management plan
- Risk register
- Stakeholder register
- Project scope statement
What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?
- Configuration Management System
- Project Management Information System
- Scope Verification
- Integrated Change Control
During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?
- Risk rating
- Warning signs
- Cost of the project
- Symptoms
You are the project manager of the NKQ project for your organization. You have completed the quantitative risk analysis process for this portion of the project. What is the only output of the quantitative risk analysis process?
- Probability of reaching project objectives
- Risk contingency reserve
- Risk response
- Risk register updates
You work as the project manager for Bluewell Inc. You are working on NGQQ Projectyou’re your company. You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?
- Risk acceptance
- Risk avoidance
- Risk transference
- Risk mitigation
Your organization has a project that is expected to last 20 months but the customer would really like the project completed in 18 months. You have worked on similar projects in the past and believe that you could fast track the project and reach the 18 month deadline. What increases when you fast track a project?
- Risks
- Costs
- Resources
- Communication
The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations issued by the DAA?

Each correct answer represents a complete solution. Choose all that apply.
- IATO
- ATO
- IATT
- ATT
- DATO
Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost and schedule baselines. Why would the risk response planning cause Tom the need to update the cost and schedule baselines?
- New or omitted work as part of a risk response can cause changes to the cost and/or schedule baseline.
- Risk responses protect the time and investment of the project.
- Baselines should not be updated, but refined through versions.
- Risk responses may take time and money to implement.
You are the project manager for a construction project. The project includes a work that involves very high financial risks. You decide to insure processes so that any ill happening can be compensated. Which type of strategies have you used to deal with the risks involved with that particular work?
- Transfer
- Mitigate
- Accept
- Avoid
Which of the following are included in Administrative Controls?

Each correct answer represents a complete solution. Choose all that apply.
- Conducting security-awareness training
- Screening of personnel
- Monitoring for intrusion
- Implementing change control procedures
- Developing policy
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase?

Each correct answer represents a complete solution. Choose all that apply.
- Configuring refinement of the SSAA
- Assessment of the Analysis Results
- System development
- Certification analysis
- Registration
You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?
- Seven
- Three
- Four
- One
Sam is the project manager of a construction project in south Florida. This area of the United

States is prone to hurricanes during certain parts of the year. As part of the project plan Sam and the project team acknowledge the possibility of hurricanes and the damage the hurricane could have on the project’s deliverables, the schedule of the project, and the overall cost of the project.

Once Sam and the project stakeholders acknowledge the risk of the hurricane they go on planning the project as if the risk is not likely to happen. What type of risk response is Sam using?
- Mitigation
- Avoidance
- Passive acceptance
- Active acceptance

CAP : Certified Authorization Professional : All Parts
CAP Part 01	CAP Part 06	CAP Part 11	CAP Part 16
CAP Part 02	CAP Part 07	CAP Part 12	CAP Part 17
CAP Part 03	CAP Part 08	CAP Part 13	CAP Part 18
CAP Part 04	CAP Part 09	CAP Part 14	CAP Part 19
CAP Part 05	CAP Part 10	CAP Part 15	CAP Part 20

CAP : Certified Authorization Professional : All Parts
CAP Part 01	CAP Part 06	CAP Part 11	CAP Part 16
CAP Part 02	CAP Part 07	CAP Part 12	CAP Part 17
CAP Part 03	CAP Part 08	CAP Part 13	CAP Part 18
CAP Part 04	CAP Part 09	CAP Part 14	CAP Part 19
CAP Part 05	CAP Part 10	CAP Part 15	CAP Part 20

CAP : Certified Authorization Professional : Part 12

Which of the following is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology?

Which of the following concepts represent the three fundamental principles of information security?

Each correct answer represents a complete solution. Choose three.

Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

Jeff, a key stakeholder in your project, wants to know how the risk exposure for the risk events is calculated during quantitative risk analysis. He is worried about the risk exposure which is too low for the events surrounding his project requirements. How is the risk exposure calculated?

You work as a project manager for SoftTech Inc. You are working with the project stakeholders to begin the qualitative risk analysis process. You will need all of the following as inputs to the qualitative risk analysis process except for which one?

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

During qualitative risk analysis you want to define the risk urgency assessment. All of the following are indicators of risk priority except for which one?

You are the project manager of the NKQ project for your organization. You have completed the quantitative risk analysis process for this portion of the project. What is the only output of the quantitative risk analysis process?

The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations issued by the DAA?

Each correct answer represents a complete solution. Choose all that apply.

You are the project manager for a construction project. The project includes a work that involves very high financial risks. You decide to insure processes so that any ill happening can be compensated. Which type of strategies have you used to deal with the risks involved with that particular work?

Which of the following are included in Administrative Controls?

Each correct answer represents a complete solution. Choose all that apply.

The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase?

Each correct answer represents a complete solution. Choose all that apply.

You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?

Sam is the project manager of a construction project in south Florida. This area of the United

States is prone to hurricanes during certain parts of the year. As part of the project plan Sam and the project team acknowledge the possibility of hurricanes and the damage the hurricane could have on the project’s deliverables, the schedule of the project, and the overall cost of the project.

Once Sam and the project stakeholders acknowledge the risk of the hurricane they go on planning the project as if the risk is not likely to happen. What type of risk response is Sam using?