Attend this ISC CAP Certified Authorization Professional Practice Exam will get a Good Score 80% on Main Exam
Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?
Project contractual relationship with the vendor
Project communications plan
Project management plan
Project scope statement
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
Confidential, Secret, and High
Minimum, Moderate, and High
Low, Normal, and High
Low, Moderate, and High
You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?
Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.
Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.
Which of the following are the types of assessment tests addressed in NIST SP 800-53A?
Functional, penetration, validation
Validation, evaluation, penetration
Validation, penetration, evaluation
Functional, structural, penetration
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?
Change control management