• Home
  • Articles
  • Pass CAP Exam in First Attempt Guaranteed 2021 Dumps! [Q80-Q100]

Pass CAP Exam in First Attempt Guaranteed 2021 Dumps! [Q80-Q100]

Share

Pass CAP Exam in First Attempt Guaranteed 2021 Dumps!

CAP Dumps Full Questions - Exam Study Guide

NEW QUESTION 80
In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?

  • A. Continuous Monitoring Phase
  • B. Accreditation Phase
  • C. Preparation Phase
  • D. DITSCAP Phase

Answer: A

Explanation:
Section: Volume D

 

NEW QUESTION 81
In which of the following phases does the change management process start?

  • A. Phase 4
  • B. Phase 3
  • C. Phase 2
  • D. Phase 1

Answer: A

 

NEW QUESTION 82
Which of the following NIST documents includes components for penetration testing?

  • A. NIST SP 800-30
  • B. NIST SP 800-26
  • C. NIST SP 800-53
  • D. NIST SP 800-37

Answer: A

 

NEW QUESTION 83
In which of the following phases does the change management process start?

  • A. Phase 4
  • B. Phase 3
  • C. Phase 2
  • D. Phase 1

Answer: A

 

NEW QUESTION 84
You work as a project manager for BlueWell Inc. You are working with Nancy, the COO of your company, on several risks within the project. Nancy understands that through qualitative analysis you have identified 80 risks that have a low probability and low impact as the project is currently planned. Nancy's concern, however, is that the impact and probability of these risk events may change as conditions within the project may change. She would like to know where will you document and record these 80 risks that have low probability and low impact for future reference.
What should you tell Nancy?

  • A. Risk identification is an iterative process so any changes to the low probability and low impact risks will be reassessed throughout the project life cycle.
  • B. All risks are recorded in the risk management plan
  • C. All risks, regardless of their assessed impact and probability, are recorded in the risk log.
  • D. Risks with low probability and low impact are recorded in a watchlist for future monitoring.

Answer: D

Explanation:
Section: Volume B

 

NEW QUESTION 85
Which of the following are included in Physical Controls?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Monitoring for intrusion
  • B. Environmental controls
  • C. Identification and authentication methods
  • D. Password and resource management
  • E. Controlling individual access into the facility and different departments
  • F. Locking systems and removing unnecessary floppy or CD-ROM drives

Answer: A,B,E,F

Explanation:
Section: Volume A

 

NEW QUESTION 86
Which of the following individuals is responsible for ensuring the security posture of the organization's information system?

  • A. Chief Information Officer
  • B. Security Control Assessor
  • C. Authorizing Official
  • D. Common Control Provider

Answer: C

Explanation:
Section: Volume D

 

NEW QUESTION 87
Diana is the project manager of the QPS project for her company. In this project Diana and the project team have identified a pure risk. Diana and the project team decided, along with the key stakeholders, to remove the pure risk from the project by changing the project plan altogether.
What is a pure risk?

  • A. It is a risk event that is created by a risk response.
  • B. It is a risk event that is generated due to errors or omission in the project work.
  • C. It is a risk event that cannot be avoided because of the order of the work.
  • D. It is a risk event that only has a negative side, such as loss of life or limb.

Answer: D

Explanation:
Section: Volume C

 

NEW QUESTION 88
Which of the following classification levels defines the information that, if disclosed to the unauthorized parties, could be reasonably expected to cause exceptionally grave damage to the national security?

  • A. Confidential information
  • B. Secret information
  • C. Top Secret information
  • D. Unclassified information

Answer: C

Explanation:
Section: Volume B

 

NEW QUESTION 89
Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response?

  • A. Risk owner
  • B. Diane
  • C. Subject matter expert
  • D. Project sponsor

Answer: A

 

NEW QUESTION 90
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Social engineering
  • B. Kernel flaws
  • C. Race conditions
  • D. File and directory permissions
  • E. Trojan horses
  • F. Buffer overflows
  • G. Information system architectures

Answer: A,B,C,D,E,F

 

NEW QUESTION 91
There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?

  • A. Share
  • B. Enhance
  • C. Exploit
  • D. Acceptance

Answer: D

 

NEW QUESTION 92
Which of the following documents is described in the statement below?
"It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

  • A. Quality management plan
  • B. Risk management plan
  • C. Project charter
  • D. Risk register

Answer: D

Explanation:
Section: Volume B

 

NEW QUESTION 93
Which of the following individuals is responsible for the final accreditation decision?

  • A. Certification Agent
  • B. Information System Owner
  • C. User Representative
  • D. Risk Executive

Answer: B

Explanation:
Section: Volume D

 

NEW QUESTION 94
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?

  • A. Adaptive controls
  • B. Preventive controls
  • C. Corrective controls
  • D. Detective controls

Answer: B

 

NEW QUESTION 95
You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

  • A. All risks must have a valid, documented risk response.
  • B. These risks can be added to a low priority risk watch list.
  • C. These risks can be dismissed.
  • D. These risks can be accepted.

Answer: B

Explanation:
Section: Volume A

 

NEW QUESTION 96
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

  • A. The Service Level Manager
  • B. The Configuration Manager
  • C. The Change Manager
  • D. The IT Security Manager

Answer: D

 

NEW QUESTION 97
Which of the following statements about System Access Control List (SACL) is true?

  • A. It exists for each and every permission entry assigned to any object.
  • B. It contains a list of both users and groups and whatever permissions they have.
  • C. It is a mechanism for reducing the need for globally unique IP addresses.
  • D. It contains a list of any events that are set to audit for that particular object.

Answer: D

 

NEW QUESTION 98
James work as an IT systems personnel in SoftTech Inc. He performs the following tasks:
Runs regular backups and routine tests of the validity of the backup data.
Performs data restoration from the backups whenever required.
Maintains the retained records in accordance with the established information classification policy.
What is the role played by James in the organization?

  • A. User
  • B. Custodian
  • C. Manager
  • D. Owner

Answer: B

Explanation:
Section: Volume A

 

NEW QUESTION 99
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the different phases of System Authorization Plan?
Each correct answer represents a part of the solution. Choose all that apply.

  • A. Authorization
  • B. Pre-certification
  • C. Post-Authorization
  • D. Post-certification
  • E. Certification

Answer: A,B,C,E

Explanation:
Section: Volume A
Explanation/Reference:

 

NEW QUESTION 100
......

ISC Certification  Free Certification Exam Material from Prep4pass with 395 Questions: https://www.prep4pass.com/CAP_exam-braindumps.html

Use Real CAP - 100% Cover Real Exam Questions: https://drive.google.com/open?id=1Q-o-xQE_Ze1SLDG-h9Zd0-p7Td3HmtVz

Related Articles

more
The SecOps Group CAP Certification Practice Exam

Prep4pass is experienced IT certification exam prep provider with high passing rate, our accurate and valid exam preparation help candidates pass exam 100%.

Latest Exam Prep

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Prep4pass NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy