CAP Online Practice Questions and Answers

Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

A. FITSAF

B. FIPS

C. TCSEC

D. SSAA

Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?

A. NIST SP 800-53

B. NIST SP 800-59

C. NIST SP 800-53A

D. NIST SP 800-37

E. NIST SP 800-60

You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

A. You will use organizational process assets for studies of similar projects by risk specialists.

B. You will use organizational process assets to determine costs of all risks events within the current project.

C. You will use organizational process assets for information from prior similar projects.

D. You will use organizational process assets for risk databases that may be available from industry sources.

Which of the following is NOT an objective of the security program?

A. Security plan

B. Security education

C. Security organization

D. Information classification

You are the project manager of the GHY project for your organization. You are about to start the qualitative risk analysis process for the project and you need to determine the roles and responsibilities for conducting risk management. Where can you find this information?

A. Risk management plan

B. Enterprise environmental factors

C. Staffing management plan

D. Risk register

You are the project manager of the NNQ Project for your company and are working you're your project team to define contingency plans for the risks within your project. Mary, one of your project team members, asks what a contingency plan is. Which of the following statements best defines what a contingency response is?

A. Some responses are designed for use only if certain events occur.

B. Some responses have a cost and a time factor to consider for each risk event.

C. Some responses must counteract pending risk events.

D. Quantified risks should always have contingency responses.

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer? Each correct answer represents a complete solution. Choose all that apply.

A. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

B. Preserving high-level communications and working group relationships in an organization

C. Establishing effective continuous monitoring program for the organization

D. Facilitating the sharing of security risk-related information among authorizing officials

What does OCTAVE stand for?

A. Operationally Computer Threat, Asset, and Vulnerability Evaluation

B. Operationally Critical Threat, Asset, and Vulnerability Evaluation

C. Operationally Computer Threat, Asset, and Vulnerability Elimination

D. Operationally Critical Threat, Asset, and Vulnerability Elimination

Which of the following is NOT an objective of the security program?

A. Security organization

B. Security plan

C. Security education

D. Information classification

Fill in the blank with an appropriate word.

________ ensures that the information is not disclosed to unauthorized persons or processes.