CAP : Certified Authorization Professional : Part 16
-
Which of the following formulas was developed by FIPS 199 for categorization of an information type?
- SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}
- SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}
- SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}
- SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}
-
Which of the following is NOT considered an environmental threat source?
- Pollution
- Hurricane
- Chemical
- Water
-
Which of the following is NOT a type of penetration test?
- Cursory test
- Partial-knowledge test
- Zero-knowledge test
- Full knowledge test
-
In which of the following phases does the SSAA maintenance take place?
- Phase 3
- Phase 2
- Phase 1
- Phase 4
-
In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?
- Continuous Monitoring Phase
- Accreditation Phase
- Preparation Phase
- DITSCAP Phase
-
Which of the following processes is used to protect the data based on its secrecy, sensitivity, or confidentiality?
- Change Control
- Data Hiding
- Configuration Management
- Data Classification
-
Which of the following is NOT a phase of the security certification and accreditation process?
- Initiation
- Security certification
- Operation
- Maintenance
-
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?
- Change control management
- Security management
- Configuration management
- Risk management
-
Which of the following is not a part of Identify Risks process?
- System or process flow chart
- Influence diagram
- Decision tree diagram
- Cause and effect diagram
-
Which of the following is NOT a responsibility of a data owner?
- Maintaining and protecting data
- Ensuring that the necessary security controls are in place
- Delegating responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian
- Approving access requests
-
Walter is the project manager of a large construction project. He’ll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?
- Project communications plan
- Project management plan
- Project contractual relationship with the vendor
- Project scope statement
-
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?
Each correct answer represents a complete solution. Choose all that apply.
- Race conditions
- Social engineering
- Information system architectures
- Buffer overflows
- Kernel flaws
- Trojan horses
- File and directory permissions
-
You are the project manager of the NNH Project. In this project you have created a contingency response that the schedule performance index should be less than 0.93. The NHH Project has a budget at completion of $945,000 and is 45 percent complete though the project should be 49 percent complete. The project has spent $455,897 to reach the 45 percent complete milestone.
What is the project’s schedule performance index?
- 1.06
- 0.93
- -$37,800
- 0.92
-
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?
- Safeguards
- Preventive controls
- Detective controls
- Corrective controls
-
Which of the following is NOT an objective of the security program?
- Security plan
- Security education
- Security organization
- Information classification
-
Which of the following administrative policy controls requires individuals or organizations to be engaged in good business practices relative to the organization’s industry?
- Segregation of duties
- Separation of duties
- Need to Know
- Due care
-
Which of the following is a security policy implemented by an organization due to compliance, regulation, or other legal requirements?
- Advisory policy
- Informative policy
- System Security policy
- Regulatory policy
-
Which of the following phases begins with a review of the SSAA in the DITSCAP accreditation?
- Phase 1
- Phase 4
- Phase 3
- Phase 2
-
Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project’s deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement?
- Mitigation
- Acceptance
- Transference
- Avoidance
-
Which of the following methods of authentication uses finger prints to identify users?
- PKI
- Mutual authentication
- Biometrics
- Kerberos
Subscribe
0 Comments
Newest