web analytics

[May 2018] Easily Pass CAP Exam With Lead2pass Updated (ISC)2 CAP Dumps 405q

Easily Pass (ISC)2 CAP Exam With Lead2pass Latest (ISC)2 CAP Brain Dumps:


In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

A.    Full operational test
B.    Walk-through test
C.    Penetration test
D.    Paper test Continue reading →

[April 2018] 2018 Latest Updated CAP Dumps Free Download In Lead2pass 405q

2018 (ISC)2 CAP Dumps Free Download 100% Pass Promised By Lead2pass:


Which of the following is an entry in an object’s discretionary access control list (DACL) that grants permissions to a user or group?

A.    Access control entry (ACE)
B.    Discretionary access control entry (DACE)
C.    Access control list (ACL)
D.    Security Identifier (SID)

Answer: A

You are the project manager for your organization. You have identified a risk event you’re your organization could manage internally or externally. If you manage the event internally it will cost your project $578,000 and an additional $12,000 per month the solution is in use. A vendor can manage the risk event for you. The vendor will charge $550,000 and $14,500 per month that the solution is in use. How many months will you need to use the solution to pay for the internal solution in comparison to the vendor’s solution?

A.    Approximately 13 months
B.    Approximately 11 months
C.    Approximately 15 months
D.    Approximately 8 months

Answer: B

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

A.    Confidentiality
B.    Availability
C.    Integrity
D.    Non-repudiation

Answer: C

Management wants you to create a visual diagram of what resources will be utilized in the project deliverables. What type of a chart is management asking you to create?

A.    Work breakdown structure
B.    Resource breakdown structure
C.    RACI chart
D.    Roles and responsibility matrix

Answer: B

You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?

A.    Information on prior, similar projects
B.    Review of vendor contracts to examine risks in past projects
C.    Risk databases that may be available from industry sources
D.    Studies of similar projects by risk specialists

Answer: B

System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan?
Each correct answer represents a part of the solution. Choose all that apply.

A.    Pre-certification
B.    Certification
C.    Post-certification
D.    Authorization
E.    Post-Authorization

Answer: ABDE

A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

A.    Avoidance
B.    Mitigation
C.    Exploit
D.    Transference

Answer: D

Risks with low ratings of probability and impact are included on a ____ for future monitoring.

A.    Watchlist
B.    Risk alarm
C.    Observation list
D.    Risk register

Answer: A

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

A.    Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.
B.    Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
C.    Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
D.    Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

Answer: D

Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document is Frank and the NHH Project team creating in this scenario?

A.    Project management plan
B.    Resource management plan
C.    Risk management plan
D.    Project plan

Answer: C

CAP dumps full version (PDF&VCE): https://www.lead2pass.com/cap.html

Large amount of free CAP exam questions on Google Drive: https://drive.google.com/open?id=1-r0YSwCbXcNQ-OMWyTTqOvJ9XWNIRbjP

[March 2018] Free Lead2pass CAP PDF Download 100% Pass Exam CAP 405q

Free Lead2pass CAP PDF Guarantee 100% Get CAP Certification:


The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning.
Which of the following processes take place in phase 3?
Each correct answer represents a complete solution. Choose all that apply.

A.    Identify threats, vulnerabilities, and controls that will be evaluated.
B.    Document and implement a mitigation plan.
C.    Agree on a strategy to mitigate risks.
D.    Evaluate mitigation progress and plan next assessment.

Answer: BCD

Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the information from the past project to help him and the project team to identify the risks that may be present in the project. Management agrees that this checklist approach is ideal and will save time in the project.
Which of the following statement is most accurate about the limitations of the checklist analysis approach for Gary?

A.    The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
B.    The checklist analysis approach only uses qualitative analysis.
C.    The checklist analysis approach saves time, but can cost more.
D.    The checklist is also known as top down risk assessment

Answer: A

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process?
Each correct answer represents a complete solution. Choose all that apply.

A.    Develop DIACAP strategy.
B.    Assign IA controls.
C.    Assemble DIACAP team.
D.    Initiate IA implementation plan.
E.    Register system with DoD Component IA Program.
F.    Conduct validation activity.

Answer: ABCDE

Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk?
Each correct answer represents a complete solution. Choose all that apply.

A.    System interaction
B.    Human interaction
C.    Equipment malfunction
D.    Inside and outside attacks
E.    Social status
F.    Physical damage

Answer: BCDEF

Neil works as a project manager for SoftTech Inc. He is working with Tom, the COO of his company, on several risks within the project. Tom understands that through qualitative analysis Neil has identified many risks in the project. Tom’s concern, however, is that the priority list of these risk events are sorted in “high-risk,” “moderate-risk,” and “low-risk” as conditions apply within the project. Tom wants to know that is there any other objective on which Neil can make the priority list for project risks. What will be Neil’s reply to Tom?

A.    Risk may be listed by the responses inthe near-term
B.    Risks may be listed by categories
C.    Risks may be listed by the additional analysis and response
D.    Risks may be listed by priority separately for schedule, cost, and performance

Answer: D

In which type of access control do user ID and password system come under?

A.    Administrative
B.    Technical
C.    Power
D.    Physical

Answer: B

You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won’t affect your project much if they happen. What should you do with these identified risk events?

A.    These risks can be accepted.
B.    These risks can be added to a low priority risk watch list.
C.    All risks must have a valid, documented risk response.
D.    These risks can be dismissed.

Answer: B

Your project uses a piece of equipment that if the temperature of the machine goes above 450 degree Fahrenheit the machine will overheat and have to be shut down for 48 hours. Should this machine overheat even once it will delay the project’s end date. You work with your project to create a response that should the temperature of the machine reach 430, the machine will be paused for at least an hour to cool it down. The temperature of 430 is called what?

A.    Risk identification
B.    Risk response
C.    Risk trigger
D.    Risk event

Answer: C

Adrian is the project manager of the NHP Project. In her project there are several work packages that deal with electrical wiring. Rather than to manage the risk internally she has decided to hire a vendor to complete all work packages that deal with the electrical wiring. By removing the risk internally to a licensed electrician Adrian feels more comfortable with project team being safe.
What type of risk response has Adrian used in this example?

A.    Mitigation
B.    Transference
C.    Avoidance
D.    Acceptance

Answer: B

James work as an IT systems personnel in SoftTech Inc. He performs the following tasks:

– Runs regular backups and routine tests of the validity of the backup data.
– Performs data restoration from the backups whenever required.
– Maintains the retained records in accordance with the established information classification policy.

What is the role played by James in the organization?

A.    Manager
B.    User
C.    Owner
D.    Custodian

Answer: D

CAP dumps full version (PDF&VCE): https://www.lead2pass.com/cap.html

Large amount of free CAP exam questions on Google Drive: https://drive.google.com/open?id=1-r0YSwCbXcNQ-OMWyTTqOvJ9XWNIRbjP