Testking CAP Questions are updated and all CAP answers are verified by experts. Once you have completely prepared with our CAP exam prep kits you will be ready for the real CAP exam without a problem. We have Renewal ISC2 CAP dumps study guide. PASSED CAP First attempt! Here What I Did.
Q209. Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?
A. Sammy is correct, because organizations can create risk scores for each objective of the project.
B. Harry is correct, because the risk probability and impact considers all objectives of the project.
C. Harry is correct, the risk probability and impact matrix is the only approach to risk assessment.
D. Sammy is correct, because she is the project manager.
Answer: A
Q210. James work as an IT systems personnel in SoftTech Inc. He performs the following tasks: Runs regular backups and routine tests of the validity of the backup data.
Performs data restoration from the backups whenever required.
Maintains the retained records in accordance with the established information classification policy.
What is the role played by James in the organization?
A. Manager
B. User
C. Owner
D. Custodian
Answer: D
Q211. Which of the following are the types of access controls?
Each correct answer represents a complete solution. Choose three.
A. Administrative
B. Automatic
C. Technical
D. Physical
Answer: ACD
Q212. An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?
A. Anonymous
B. Multi-factor
C. Biometrics
D. Mutual
Answer: B
Q213. Which of the following are the objectives of the security certification documentation task?
Each correct answer represents a complete solution. Choose all that apply.
A. To prepare the Plan of Action and Milestones (POAM) based on the security assessment
B. To provide the certification findings and recommendations to the information system owner
C. To assemble the final security accreditation package and then submit it to the authorizing o fficial
D. To update the system security plan based on the results of the security assessment
Answer: ABCD
Q214. Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?
A. Harry is correct, because the risk probability and impact considers all objectives of the proj ect.
B. Harry is correct, the risk probability and impact matrix is the only approach to risk assessm ent.
C. Sammy is correct, because sheis the project manager.
D. Sammy is correct, because organizations can create risk scores for each objective of the pr oject.
Answer: D
Q215. Which of the following NIST C&A documents is the guideline for identifying an information system as a National Security System?
A. NIST SP800-53
B. NIST SP 800-59
C. NIST SP 800-37
D. NIST SP 800-53A
Answer: B
Q216. Which of the following are the tasks performed by the owner in the information classification schemes?
Each correct answer represents a part of the solution. Choose three.
A. To make original determination to decide what level of classification the information requires, which is based on the business requirements for the safety of the data.
B. To perform data restoration from the backups whenever required.
C. To review the classification assignments from time to time and make alterations as the business requirements alter.
D. To delegate the responsibility of the data safeguard duties to the custodian.
Answer: ACD