We offer that you will certainly also certainly pass the genuine exam without just about any difficulties. 100% passing promise is not hollow words and phrases. However, in the event you really dont find through the ISC2 genuine certification exam, no matter what? purpose, we offer full funds back from the paying fees. No questions asked!

2021 Oct CAP free question

Q201. Which of the following NIST documents defines impact?

A. NIST SP 800-26

B. NIST SP 800-53A

C. NIST SP 800-53

D. NIST SP 800-30

Answer: D


Q202. The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase?

Each correct answer represents a complete solution. Choose all that apply.

A. Perform certification evaluation of the integrated system

B. System development

C. Certification and accreditation decision

D. Develop recommendation to the DAA

E. Continue to review and refine the SSAA

Answer: ACDE


Q203. Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)?

Each correct answer represents a complete solution. Choose all that apply.

A. NIST Special Publication 800-53A

B. NIST Special Publication 800-37A

C. NIST Special Publication 800-59

D. NIST Special Publication 800-53

E. NIST Special Publication 800-37

F. NIST Special Publication 800-60

Answer: ACDEF


Q204. You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

A. Risk management plan

B. Stakeholder management strategy

C. Risk register

D. Lessons learned documentation

Answer: C


Q205. Which of the following acts promote a risk-based policy for cost effective security?

Each correct answer represents a part of the solution. Choose all that apply.

A. Clinger-Cohen Act

B. Lanham Act

C. Computer Misuse Act

D. Paperwork Reduction Act (PRA)

Answer: AD


CAP exam topics

Improve CAP test questions:

Q206. Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards?

Each correct answer represents a complete solution. Choose all that apply.

A. SA System and Services Acquisition

B. CA Certification, Accreditation, and Security Assessments

C. IR Incident Response

D. Information systems acquisition, development, and maintenance

Answer: ABC


Q207. Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

A. Safeguards

B. Preventive controls

C. Detective controls

D. Corrective controls

Answer: D


Q208. You work as a project manager for BlueWell Inc. You are working with Nancy, the COO of your company, on several risks within the project. Nancy understands that through qualitative analysis you have identified 80 risks that have a low probability and low impact as the project is currently planned. Nancy's concern, however, is that the impact and probability of these risk events may change as conditions within the project may change. She would like to know where will you document and record these 80 risks that have low probability and low impact for future reference.

What should you tell Nancy?

A. Risk identification is an iterative process so any changes to the low probability and low impact risks will be reassessed throughout the project life cycle.

B. Risks with low probability and low impact are recorded in a watchlist for future monitoring.

C. All risks, regardless of their assessed impact and probability, are recorded in the risk log.

D. All risks are recorded in the risk management plan

Answer: B


Q209. You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?

A. Information on prior, similar projects

B. Review of vendor contracts to examine risks in past projects

C. Risk databases that may be available from industry sources

D. Studies of similar projects by risk specialists

Answer: B


Q210. Ben is the project manager of the YHT Project for his company. Alice, one of his team members, is confused about when project risks will happen in the project. Which one of the following statements is the most accurate about when project risk happens?

A. Project risk can happen at any moment.

B. Project risk is uncertain, so no one can predict when the event will happen.

C. Project risk happens throughout the project execution.

D. Project riskis always in the future.

Answer: D