CAP : Certified Authorization Professional : Part 20

CAP : Certified Authorization Professional : Part 20

  1. You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a long list of risks that need to be analyzed. How often should you and the project team do risk identification?

    • At least once per month
    • Several times until the project moves into execution
    • It depends on how many risks are initially identified.
    • Identify risks is an iterative process.

  2. Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)?

    Each correct answer represents a complete solution. Choose all that apply.

    • NIST Special Publication 800-53A
    • NIST Special Publication 800-37A
    • NIST Special Publication 800-59
    • NIST Special Publication 800-53
    • NIST Special Publication 800-37
    • NIST Special Publication 800-60

  3. John is the project manager of the NHQ Project for his company. His project has 75 stakeholders, some of which are external to the organization. John needs to make certain that he communicates about risk in the most appropriate method for the external stakeholders. Which project management plan will be the best guide for John to communicate to the external stakeholders?

    • Communications Management Plan
    • Risk Management Plan
    • Project Management Plan
    • Risk Response Plan

  4. You are the project manager of the GHY project for your organization. You are working with your project team to begin identifying risks for the project. As part of your preparation for identifying the risks within the project you will need eleven inputs for the process. Which one of the following is NOT an input to the risk identification process?

    • Cost management plan
    • Quality management plan
    • Procurement management plan
    • Stakeholder register

  5. Mary is the project manager of the HGH Project for her company. She and her project team have agreed that if the vendor is late by more than ten days they will cancel the order and hire the NBG Company to fulfill the order. The NBG Company can guarantee orders within three days, but the costs of their products are significantly more expensive than the current vendor. What type of a response strategy is this?

    • External risk response
    • Internal risk management strategy
    • Contingent response strategy
    • Expert judgment

  6. Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

    • FITSAF
    • TCSEC
    • FIPS
    • SSAA

  7. Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

    • Acceptance
    • Mitigation
    • Avoidance
    • Transference

  8. Which of the following statements is true about residual risks?

    • It is a weakness or lack of safeguard that can be exploited by a threat.
    • It can be considered as an indicator of threats coupled with vulnerability.
    • It is the probabilistic risk after implementing all security measures.
    • It is the probabilistic risk before implementing all security measures.

  9. Which of the following documents is described in the statement below?

    “It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning.”

    • Risk register
    • Risk management plan
    • Project charter
    • Quality management plan

  10. You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan?

    • Teaming agreements
    • Crashing the project
    • Transference
    • Fast tracking the project

  11. FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

    • Level 2
    • Level 3
    • Level 5
    • Level 4
    • Level 1

  12. You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?

    • Risk register
    • Risk log
    • Risk management plan
    • Project management plan

  13. Your project uses a piece of equipment that if the temperature of the machine goes above 450 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. Should this machine overheat even once it will delay the project’s end date. You work with your project to create a response that should the temperature of the machine reach 430, the machine will be paused for at least an hour to cool it down. The temperature of 430 is called what?

    • Risk identification
    • Risk response
    • Risk trigger
    • Risk event

  14. According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information

    Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD?

    Each correct answer represents a complete solution. Choose all that apply.

    • DC Security Design & Configuration
    • VI Vulnerability and Incident Management
    • EC Enclave and Computing Environment
    • Information systems acquisition, development, and maintenance

  15. Which of the following is an Information Assurance (IA) model that protects and defends information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation?

    • Parkerian Hexad
    • Capability Maturity Model (CMM)
    • Classic information security model
    • Five Pillars model
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments