ISC CAP Real 2022 Braindumps Mock Exam Dumps
CAP Exam Questions | Real CAP Practice Dumps
NEW QUESTION 237
ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799. What are the ISO
17799 domains?
Each correct answer represents a complete solution. Choose all that apply.
- A. System development and maintenance
- B. Business continuity management
- C. Personnel security
- D. Information security policy for the organization
- E. System architecture management
Answer: A,B,C,D
Explanation:
Section: Volume C
NEW QUESTION 238
Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the information from the past project to help him and the project team to identify the risks that may be present in the project. Management agrees that this checklist approach is ideal and will save time in the project. Which of the following statement is most accurate about the limitations of the checklist analysis approach for Gary?
- A. The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
- B. The checklist is also known as top down risk assessment
- C. The checklist analysis approach only uses qualitative analysis.
- D. The checklist analysis approach saves time, but can cost more.
Answer: A
NEW QUESTION 239
Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?
- A. Circumstantial
- B. Direct
- C. Corroborating
- D. Incontrovertible
Answer: A
NEW QUESTION 240
Which of the following assessment methodologies defines a six-step technical security evaluation?
- A. OCTAVE
- B. FIPS 102
- C. DITSCAP
- D. FITSAF
Answer: B
NEW QUESTION 241
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?
- A. Corrective controls
- B. Detective controls
- C. Preventive controls
- D. Adaptive controls
Answer: C
NEW QUESTION 242
Which of the following approaches can be used to build a security program?
Each correct answer represents a complete solution. Choose all that apply.
- A. Left-Up Approach
- B. Right-Up Approach
- C. Bottom-Up Approach
- D. Top-Down Approach
Answer: C,D
NEW QUESTION 243
Which of the following NIST documents defines impact?
- A. NIST SP 800-53A
- B. NIST SP 800-53
- C. NIST SP 800-30
- D. NIST SP 800-26
Answer: C
Explanation:
Section: Volume D
NEW QUESTION 244
The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.
- A. System development
- B. Perform certification evaluation of the integrated system
- C. Certification and accreditation decision
- D. Continue to review and refine the SSAA
- E. Develop recommendation to the DAA
Answer: B,C,D,E
Explanation:
Section: Volume C
Explanation/Reference:
NEW QUESTION 245
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?
- A. Phase 1
- B. Phase 2
- C. Phase 4
- D. Phase 3
Answer: B
NEW QUESTION 246
Which of the following statements correctly describes DIACAP residual risk?
- A. It is the remaining risk to the information system after risk palliation has occurred.
- B. It is the technical implementation of the security design.
- C. It is used to validate the information system.
- D. It is a process of security authorization.
Answer: A
Explanation:
Section: Volume D
Explanation/Reference:
NEW QUESTION 247
Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production?
Each correct answer represents a part of the solution. Choose all that apply.
- A. FIPS
- B. NIST
- C. Office of Management and Budget (OMB)
- D. FISMA
Answer: C,D
Explanation:
Section: Volume A
NEW QUESTION 248
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?
- A. Level 4
- B. Level 3
- C. Level 1
- D. Level 2
- E. Level 5
Answer: A
NEW QUESTION 249
Which of the following refers to the ability to ensure that the data is not modified or
tampered with?
- A. Integrity
- B. Confidentiality
- C. Non-repudiation
- D. Availability
Answer: A
NEW QUESTION 250
Which of the following RMF phases is known as risk analysis?
- A. Phase 1
- B. Phase 2
- C. Phase 0
- D. Phase 3
Answer: B
NEW QUESTION 251
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?
- A. Preventive controls
- B. Safeguards
- C. Detective controls
- D. Corrective controls
Answer: D
Explanation:
Section: Volume B
NEW QUESTION 252
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?
- A. Mandatory Access Control
- B. Policy Access Control
- C. Role-Based Access Control
- D. Discretionary Access Control
Answer: C
Explanation:
Section: Volume A
NEW QUESTION 253
Which of the following phases begins with a review of the SSAA in the DITSCAP accreditation?
- A. Phase 2
- B. Phase 1
- C. Phase 3
- D. Phase 4
Answer: C
Explanation:
Section: Volume B
Explanation/Reference:
NEW QUESTION 254
You are the project manager of the GHY project for your organization. You are about to start the qualitative risk analysis process for the project and you need to determine the roles and responsibilities for conducting risk management. Where can you find this information?
- A. Risk register
- B. Staffing management plan
- C. Risk management plan
- D. Enterprise environmental factors
Answer: C
NEW QUESTION 255
Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?
- A. NIST SP 800-59
- B. NIST SP 800-53A
- C. NIST SP 800-53
- D. NIST SP 800-60
- E. NIST SP 800-26
- F. NIST SP 800-37
Answer: E
Explanation:
Section: Volume C
NEW QUESTION 256
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.
- A. Security operations
- B. Maintenance of the SSAA
- C. Continue to review and refine the SSAA
- D. System operations
- E. Change management
- F. Compliance validation
Answer: A,B,D,E,F
NEW QUESTION 257
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
- A. Risk audits
- B. Qualitative risk analysis
- C. Requested changes
- D. Quantitative risk analysis
Answer: C
NEW QUESTION 258
......
Verified CAP Exam Dumps Q&As - Provide CAP with Correct Answers: https://questionsfree.prep4pass.com/CAP_exam-braindumps.html
