Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISC CAP

ISC CAP Exam Practice Questions (P. 5)

  • Full Access (395 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process.
Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis?
  1. A
    Information on prior, similar projects
  2. B
    Review of vendor contracts to examine risks in past projects
  3. C
    Risk databases that may be available from industry sources
  4. D
    Studies of similar projects by risk specialists

Correct Answer:
B

Question #42
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization
Process. What are the different phases of System Authorization Plan?
Each correct answer represents a part of the solution. Choose all that apply.
  1. A
    Pre-certification
  2. B
    Certification
  3. C
    Post-certification
  4. D
    Authorization
  5. E
    Post-Authorization

Correct Answer:
ABDE

Question #43
A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?
  1. A
    Avoidance
  2. B
    Mitigation
  3. C
    Exploit
  4. D
    Transference

Correct Answer:
D

Question #44
Risks with low ratings of probability and impact are included on a ____ for future monitoring.
  1. A
    Watchlist
  2. B
    Risk alarm
  3. C
    Observation list
  4. D
    Risk register

Correct Answer:
A

Question #45
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?
Each correct answer represents a complete solution. Choose all that apply.
  1. A
    Social engineering
  2. B
    File and directory permissions
  3. C
    Buffer overflows
  4. D
    Kernel flaws
  5. E
    Race conditions
  6. F
    Information system architectures
  7. G
    Trojan horses

Correct Answer:
ABCDEG

Question #46
Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team.
What document is Frank and the NHH Project team creating in this scenario?
  1. A
    Project management plan
  2. B
    Resource management plan
  3. C
    Risk management plan
  4. D
    Project plan

Correct Answer:
C

Question #47
In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?
  1. A
    Full operational test
  2. B
    Walk-through test
  3. C
    Penetration test
  4. D
    Paper test

Correct Answer:
C

Question #48
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?
  1. A
    Phase 4
  2. B
    Phase 3
  3. C
    Phase 2
  4. D
    Phase 1

Correct Answer:
B

Question #49
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?
  1. A
    Safeguards
  2. B
    Preventive controls
  3. C
    Detective controls
  4. D
    Corrective controls

Correct Answer:
D

Question #50
Which of the following roles is also known as the accreditor?
  1. A
    Chief Risk Officer
  2. B
    Data owner
  3. C
    Designated Approving Authority
  4. D
    Chief Information Officer

Correct Answer:
C

Previous Questions Next Questions

All Pages