Certified Authorization Professional v1.0 (CAP)

Page:    1 / 27   
Total 401 questions

Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?

  • A. Procurement management
  • B. Change management
  • C. Risk management
  • D. Configuration management


Answer : B

You are the project manager for your company and a new change request has been approved for your project. This change request, however, has introduced several new risks to the project. You have communicated these risk events and the project stakeholders understand the possible effects these risks could have on your project. You elect to create a mitigation response for the identified risk events. Where will you record the mitigation response?

  • A. Project management plan
  • B. Risk management plan
  • C. Risk log
  • D. Risk register


Answer : D

Which of the following RMF phases is known as risk analysis?

  • A. Phase 2
  • B. Phase 1
  • C. Phase 0
  • D. Phase 3


Answer : A

Jenny is the project manager of the NHJ Project for her company. She has identified several positive risk events within the project and she thinks these events can save the project time and money. You, a new team member wants to know that how many risk responses are available for a positive risk event. What will Jenny reply to you?

  • A. Four
  • B. Seven
  • C. Acceptance is the only risk response for positive risk events.
  • D. Three


Answer : A

Wendy is about to perform qualitative risk analysis on the identified risks within her project. Which one of the following will NOT help Wendy to perform this project management activity?

  • A. Stakeholder register
  • B. Risk register
  • C. Project scope statement
  • D. Risk management plan


Answer : A

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

  • A. The Supplier Manager
  • B. The IT Service Continuity Manager
  • C. The Service Catalogue Manager
  • D. The Configuration Manager


Answer : A

You are the project manager for the NHH project. You are working with your project team to examine the project from four different defined perspectives to increase the breadth of identified risks by including internally generated risks. What risk identification approach are you using in this example?

  • A. SWOT analysis
  • B. Root cause analysis
  • C. Assumptions analysis
  • D. Influence diagramming techniques


Answer : A

Which of the following are included in Physical Controls?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Locking systems and removing unnecessary floppy or CD-ROM drives
  • B. Environmental controls
  • C. Password and resource management
  • D. Identification and authentication methods
  • E. Monitoring for intrusion
  • F. Controlling individual access into the facility and different departments


Answer : ABEF

Which of the following NIST Special Publication documents provides a guideline on network security testing?

  • A. NIST SP 800-60
  • B. NIST SP 800-53A
  • C. NIST SP 800-37
  • D. NIST SP 800-42
  • E. NIST SP 800-59
  • F. NIST SP 800-53


Answer : D

Which one of the following is the only output for the qualitative risk analysis process?

  • A. Project management plan
  • B. Risk register updates
  • C. Enterprise environmental factors
  • D. Organizational process assets


Answer : B

You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

  • A. You will use organizational process assets for risk databases that may be available from industry sources.
  • B. You will use organizational process assets for studies of similar projects by risk specialists.
  • C. You will use organizational process assets to determine costs of all risks events within the current project.
  • D. You will use organizational process assets for information from prior similar projects.


Answer : C

Which of the following objectives are defined by integrity in the C.I.A triad of information security systems?
Each correct answer represents a part of the solution. Choose three.

  • A. It preserves the internal and external consistency of information.
  • B. It prevents the unauthorized or unintentional modification of information by the authorized users.
  • C. It prevents the modification of information by the unauthorized users.
  • D. It prevents the intentional or unintentional unauthorized disclosure of a message's contents .


Answer : ABC

You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a long list of risks that need to be analyzed. How often should you and the project team do risk identification?

  • A. At least once per month
  • B. Identify risks is an iterative process.
  • C. It depends on how many risks are initially identified.
  • D. Several times until the project moves into execution


Answer : B

Eric is the project manager of the MTC project for his company. In this project a vendor has offered Eric a sizeable discount on all hardware if his order total for the project is more than $125,000. Right now, Eric is likely to spend $118,000 with vendor. If Eric spends $7,000 his cost savings for the project will be $12,500, but he cannot purchase hardware if he cannot implement the hardware immediately due to organizational policies. Eric consults with Amy and Allen, other project managers in the organization, and asks if she needs any hardware for their projects. Both Amy and Allen need hardware and they agree to purchase the hardware through Eric's relationship with the vendor. What positive risk response has happened in this instance?

  • A. Transference
  • B. Exploiting
  • C. Sharing
  • D. Enhancing


Answer : C

You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?

  • A. Seven
  • B. Three
  • C. Four
  • D. One


Answer : C

Page:    1 / 27   
Total 401 questions