Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISC CAP

ISC CAP Exam Practice Questions (P. 3)

  • Full Access (395 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
Where can a project manager find risk-rating rules?
  1. A
    Risk probability and impact matrix
  2. B
    Organizational process assets
  3. C
    Enterprise environmental factors
  4. D
    Risk management plan

Correct Answer:
B

Question #22
There are five inputs to the quantitative risk analysis process. Which one of the following is NOT an input to the perform quantitative risk analysis process?
  1. A
    Risk register
  2. B
    Cost management plan
  3. C
    Risk management plan
  4. D
    Enterprise environmental factors

Correct Answer:
D

Question #23
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?
  1. A
    Risk response plan
  2. B
    Quantitative analysis
  3. C
    Risk response
  4. D
    Contingency reserve

Correct Answer:
D

Question #24
Which of the following professionals is responsible for starting the Certification & Accreditation
(C&A) process?
  1. A
    Authorizing Official
  2. B
    Chief Risk Officer (CRO)
  3. C
    Chief Information Officer (CIO)
  4. D
    Information system owner

Correct Answer:
D

Question #25
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
  1. A
    Quantitative risk analysis
  2. B
    Qualitative risk analysis
  3. C
    Requested changes
  4. D
    Risk audits

Correct Answer:
C

Question #26
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?
  1. A
    DoDD 8000.1
  2. B
    DoD 7950.1-M
  3. C
    DoD 5200.22-M
  4. D
    DoD 8910.1
  5. E
    DoD 5200.1-R

Correct Answer:
B

Question #27
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning.
Which of the following processes take place in phase 3?
Each correct answer represents a complete solution. Choose all that apply.
  1. A
    Identify threats, vulnerabilities, and controls that will be evaluated.
  2. B
    Document and implement a mitigation plan.
  3. C
    Agree on a strategy to mitigate risks.
  4. D
    Evaluate mitigation progress and plan next assessment.

Correct Answer:
BCD

Question #28
Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the information from the past project to help him and the project team to identify the risks that may be present in the project. Management agrees that this checklist approach is ideal and will save time in the project. Which of the following statement is most accurate about the limitations of the checklist analysis approach for Gary?
  1. A
    The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
  2. B
    The checklist analysis approach only uses qualitative analysis.
  3. C
    The checklist analysis approach saves time, but can cost more.
  4. D
    The checklist is also known as top down risk assessment

Correct Answer:
A

Question #29
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process?
Each correct answer represents a complete solution. Choose all that apply.
  1. A
    Develop DIACAP strategy.
  2. B
    Assign IA controls.
  3. C
    Assemble DIACAP team.
  4. D
    Initiate IA implementation plan.
  5. E
    Register system with DoD Component IA Program.
  6. F
    Conduct validation activity.

Correct Answer:
ABCDE

Question #30
Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. What are the different categories of risk?
Each correct answer represents a complete solution. Choose all that apply.
  1. A
    System interaction
  2. B
    Human interaction
  3. C
    Equipment malfunction
  4. D
    Inside and outside attacks
  5. E
    Social status
  6. F
    Physical damage

Correct Answer:
BCDEF

Previous Questions Next Questions

All Pages