VIEWS: 6 PAGES: 11 CATEGORY: Tutorials and Guides POSTED ON: 1/9/2012
Tests expert CAP pdf free download with updated ISC2 CAP questions and CAP answers sample. Buy CAP ISC2 by visiting web page mentioned in the document.
CAP Certified Authorization Professional ↘ http://www.testsexpert.com/CAP.html Question: 1 Examine the figure given below. What will be the expected monetary value of Risk C? A. -$113,750 B. -$27,000 C. -$175,000 D. $175,000 if the risk event actually happens Answer: B Explanation: The expected monetary value is found by multiplying the probability times the impact. In this example it would be 0.30 times -$90,000 for -$27,000. Answer option C is incorrect. This is not a valid calculation for the expected monetary value. Answer option A is incorrect. This is not a valid calculation for the expected monetary value. Answer option D is incorrect. The expected monetary value is based on the current probability and impact. Reference: "Project Management Body of Knowledge (PMBOK Guide), Fourth Edition" Question: 2 Eric is the project manager of the MTC project for his company. In this project a vendor has offered Eric a sizeable discount on all hardware if his order total for the project is more than $125,000. Right now, Eric is likely to spend $118,000 with vendor. If Eric spends $7,000 his cost savings for the project will be $12,500, but he cannot purchase hardware if he cannot implement the hardware immediately due to organizational policies. Eric consults with Amy and Allen, other project managers in the organization, and asks if she needs any hardware for their projects. Both Amy and Allen need www.testsexpert.com 2 hardware and they agree to purchase the hardware through Eric's relationship with the vendor. What positive risk response has happened in this instance? A. Exploiting B. Transference C. Sharing D. Enhancing Answer: C Explanation: This is an example of sharing the positive risks so that all parties involved in the decision can benefit from the purchase and discount of the hardware. Sharing response is where two or more entities share a positive risk. Risk sharing deals with sharing of responsibility and accountability with others to facilitate the team with the best chance of seizing the opportunity. Teaming agreements are good example of sharing the reward that comes from the risk of the opportunity. Answer option D is incorrect. Enhancing is a tempting choice as Eric is enhancing the probability of receiving the discount from the vendor, but he is sharing the opportunity to receive the discount - something he would not receive on his own. Answer option A is incorrect. Exploiting happens when the project manager wants to ensure that an opportunity is realized. Eric is certain that Amy and Allen will be purchasing the hardware. Answer option B is incorrect. Transference is a negative risk response that transfers ownership of a risk event to a third party, such as a vendor. Reference: "Project Management Body of Knowledge (PMBOK Guide), Fourth Edition" Question: 3 Donna is the project manager of the QSD Project and she believes Risk Event D in the following figure is likely to happen. If this event does happen, how much will Donna have left in the risk contingency reserve if none of the risk events have happened? www.testsexpert.com 3 A. $41,700 B. $6,700 C. $35,000 D. $14,000 Answer: B Explanation: To answer this question, you'll first need to calculate the contingency reserve. Contingency reserves are estimated costs to be used at the discretion of the project manager to deal with anticipated, but not certain, events. These events are "known unknowns" and are part of the project scope and cost baselines. The contingency reserve is calculated by multiplying the probability and the impact for the risk event value for each risk event. The sum of the risk events equals the contingency reserve for the project. The sum of the risk events equals the contingency reserve for the project. In this question, the value is $41,700. If Risk D happens, it'll cost the project $35,000. The difference of $35,000 and $41,700 is $6,700. Answer option C is incorrect. This is the impact of Risk Event D. Answer option D is incorrect. $14,000 is the risk event value of Risk Event D. Answer option A is incorrect. $41,700 is the amount of the contingency reserve. Reference: Chapter 11. A Guide to the Project Management Body of Knowledge, (PMBOK Guide), Fourth Edition, ISBN:9781933890517, Section 22.214.171.124. Question: 4 Harry is the project manager of the MMQ Construction Project. In this project Harry has identified a supplier who can create stained glass windows for 1,000 window units in the construction project. The supplier is an artist who works by himself, but creates windows for several companies throughout the United States. Management reviews the proposal to use this supplier and while they agree that the supplier is talented, they do not think the artist can fulfill the 1,000 window units in time for the project's deadline. Management asked Harry to find a supplier who will guarantee the completion of the windows by the needed date in the schedule. What risk response has management asked Harry to implement? A. Acceptance B. Mitigation C. Transference D. Avoidance Answer: B www.testsexpert.com 4 Explanation: This is an example of mitigation. By changing to a more reliable supplier Harry is reducing the probability the supplier will be late. It's still possible that the vendor may not be able to deliver the stained glass windows, but the more reputable supplier reduces the probability of the lateness. Mitigation is a risk response planning technique associated with threats that seeks to reduce the probability of occurrence or impact of a risk to below an acceptable threshold. Risk mitigation involves taking early action to reduce the probability and impact of a risk occurring on the project. Adopting less complex processes, conducting more tests, or choosing a more stable supplier are examples of mitigation actions. Answer option C is incorrect. Transference is when the risk is transferred to a third party, usually for a fee. While this question does include a contractual relationship, the risk is the lateness of the windows. Transference focuses on transferring the risk to a third party to manage the risk event. In this instance the management of the risk is owned by a third party; the third party actually creates the risk event because of the possibility of the lateness of the windows. Answer option D is incorrect. Avoidance changes the project plan to avoid the risk. If the project manager and management changed the window-type to a standard window in the project requirements then this would be avoidance. Answer option A is incorrect. Acceptance accepts the risk that the windows could be late and offers no response. Reference: "Project Management Body of Knowledge (PMBOK Guide), Fourth Edition" Question: 5 There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event? A. Share B. Acceptance C. Exploit D. Enhance Answer: B Explanation: Among the given choices only acceptance response can be used for a negative risk event. Acceptance response is a part of Risk Response planning process. Acceptance response delineates that the project plan will not be changed to deal with the risk. Management may develop a contingency plan if the risk does occur. Acceptance response to a risk event is a strategy that can be used for risks that pose either threats or opportunities. Acceptance response can be of two types: Passive acceptance: It is a strategy in which no plans are made to try or avoid or mitigate the risk. Active acceptance: Such responses include developing contingency reserves to deal with risks, in case they occur. Acceptance is the only response for both threats and opportunities. www.testsexpert.com 5 Answer options C, D, and A are incorrect. Exploit, enhance, and share risk responses are used to deal with opportunities or positive risks. Reference: Chapter 11. A Guide to the Project Management Body of Knowledge, (PMBOK Guide), Fourth Edition, ISBN:9781933890517, Section 11.5.2. Question: 6 Which of the following acts promote a risk-based policy for cost effective security? Each correct answer represents a part of the solution. Choose all that apply. A. Lanham Act B. Computer Misuse Act C. Paperwork Reduction Act (PRA) D. Clinger-Cohen Act Answer: C, D Explanation: The Paperwork Reduction Act (PRA) and the Clinger-Cohen Act promote a risk-based policy for cost effective security. Answer option A is incorrect. The Lanham Act is a piece of legislation that contains the federal statutes of trademark law in the United States. The Act prohibits a number of activities, including trademark infringement, trademark dilution, and false advertising. It is also called Lanham Trademark Act. Answer option B is incorrect. The Computer Misuse Act 1990 is an Act of the UK Parliament, which states the following statements: Unauthorized access to the computer material is punishable by 6 months imprisonment or a fine "not exceeding level 5 on the standard scale" (currently 5000). Unauthorized access with the intent to commit or facilitate commission of further offences is punishable by 6 months/maximum fine on summary conviction or 5 years/fine on indictment. Unauthorized modification of computer material is subject to the same sentences as section 2 offences. What is the Clinger-Cohen Act? Hide The Clinger-Cohen Act (CCA), formerly the Information Technology Management Reform Act of 1996 (ITMRA), is a 1996 United States federal law, designed to improve the way the federal government acquires, uses, and disposes information technology. The Clinger-Cohen Act supplements the information resources management policies by establishing a comprehensive approach for executive agencies to improve the acquisition and management of their information resources in the following ways: Focusing information resource planning to support their strategic missions Implementing a capital planning and investment control process that links to budget formulation and execution Rethinking and restructuring the way they do their work before investing in information systems What is the Paperwork Reduction Act? Hide www.testsexpert.com 6 The Paperwork Reduction Act (PRA) of 1980 as amended by the Paperwork Reduction Act of 1995 is a United States federal law enacted in 1980 that gave authority over the collection of certain information to the Office of Management and Budget (OMB). Within the OMB, the Office of Information and Regulatory Affairs (OIRA) was established with specific authority to regulate matters regarding federal information and to establish information policies. These information policies were intended to reduce the total amount of paperwork handled by the United States government and the general public. The PRA mandates that all federal government agencies must obtain a Control Number from OMB before promulgating a form that will impose an information collection burden on the general public. Once obtained, approval must be renewed every three years. In order to obtain or renew such approval, an agency must fill out OMB Form 83-I, attach the proposed form, and file it with OIRA. On Form 83-I, the agency must explain the reason why the form is needed and estimate the burden in terms of time and money that the form will impose upon the persons required to fill it out. Question: 7 Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems? A. SSAA B. TCSEC C. FIPS D. FITSAF Answer: A Explanation: System Security Authorization Agreement (SSAA) is an information security document used in the United States Department of Defense (DoD) to describe and accredit networks and systems. The SSAA is part of the Department of Defense Information Technology Security Certification and Accreditation Process, or DITSCAP. The DoD instruction (issues in December 1997, that describes DITSCAP and provides an outline for the SSAA document is DODI 5200.40. The DITSCAP application manual (DoD 8510.1-M), published in July 2000, provides additional details. Answer option D is incorrect. FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. It provides an approach for federal agencies. It determines how federal agencies are meeting existing policy and establish goals. The main advantage of FITSAF is that it addresses the requirements of Office of Management and Budget (OMB). It also addresses the guidelines provided by the National Institute of Standards and Technology (NIsT). Answer option B is incorrect. Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information. It was replaced with the development of the Common www.testsexpert.com 7 Criteria international standard originally published in 2005. The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. Answer option C is incorrect. The Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use by all non-military government agencies and by government contractors. Many FIPS standards are modified versions of standards used in the wider community (ANSI, IEEE, ISO, etc.). Some FIPS standards were originally developed by the U.S. government. For instance, standards for encoding data (e.g., country codes), but more significantly some encryption standards, such as the Data Encryption Standard (FIPS 46-3) and the Advanced Encryption Standard (FIPS 197) . In 1994, NOAA (Noaa) began broadcasting coded signals called FIPS (Federal Information Processing System) codes along with their standard weather broadcasts from local stations. These codes identify the type of emergency and the specific geographic area (such as a county) affected by the emergency. Reference: http://en.wikipedia.org/wiki/System_Security_Authorization_Agreement Question: 8 You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control? A. Quantitative risk analysis B. Requested changes C. Risk audits D. Qualitative risk analysis Answer: B Explanation: Of all the choices presented, only requested changes is an output of the monitor and control risks process. You might also have risk register updates, recommended corrective and preventive actions, organizational process assets, and updates to the project management plan. Answer options D and A are incorrect. These are the plan risk management processes. Answer option C is incorrect. Risk audit is a risk monitoring and control technique. Reference: Chapter 11. A Guide to the Project Management Body of Knowledge, (PMBOK Guide), Fourth Edition, ISBN:9781933890517, Section 11.6.3. www.testsexpert.com 8 Question: 9 Which of the following governance bodies directs and coordinates implementations of the information security program? A. Chief Information Security Officer B. Information Security Steering Committee C. Senior Management D. Business Unit Manager Answer: A Explanation: Chief Information Security Officer directs and coordinates implementations of the information security program. The governance roles and responsibilities are mentioned below in the table: Question: 10 You work as a project manager for BlueWell Inc. There has been a delay in your project work that is adversely affecting the project schedule. You decided, with your stakeholders' approval, to fast track the project work to get the project done faster. When you fast track the project which of the following is likely to increase? A. Quality control concerns B. Risks C. Costs D. Human resource needs www.testsexpert.com 9 Answer: B Explanation: Fast tracking allows entire phases of the project to overlap with each other and generally increases risks within the project. Project risk is concerned with the expected value of one or more results of one or more future events in a project. It is an uncertain condition that, if it occurs, has an effect on at least one project objective. Objectives can be scope, schedule, cost, and quality. Project risk is always in the future. Answer option A is incorrect. Quality control concerns are not usually affected by fast tracking decisions. Answer option C is incorrect. Costs do not generally increase due to fast tracking decisions. Answer option D is incorrect. Human resource needs are not affected by fast tracking in most scenarios. Reference: "Project Management Body of Knowledge (PMBOK Guide), Fourth Edition" www.testsexpert.com 10 You will not find better practice material than testsexpert PDf questions with answers on the web because it provides real exams preparation environment. Our practice tests and PDF question, answers are developed by industry leading experts according to the real exam scenario. At the moment we provides only question with detailed answers at affordable cost. You will not find comparative material elsewhere on the web at this price. We offer Cisco, Microsoft, HP, IBM, Adobe, Comptia, Oracle exams training material and many more. We also provide PDF Training Material for: Cisco Microsoft HP IBM Adobe Comptia Oracle CCNA MCTS AIS Lotus CS4 A+ 11g DBA CCNP MCSE APC WebSphere CS3 Security+ 10g DBA CCIP MCITP APS Mastery ACE Server+ OSA 10g CCIE MBS ASE SOA CS5 Network+ OCA 9i CCVP MCPD CSA Storage CS2 Linux+ 11i CCSP MCAD MASE Rational Captivate iNet+ 9i Forms CXFF MCAS APP Tivoli Flex Project+ Weblogic CCENT MCSA CSD IBM DB2 CSM RFID+ Oracle 8i CCDE MCDBA CSE IBM XML MX7 HTI+ PTADCE We provide latest exams preparation material only. Contact US at: firstname.lastname@example.org Join Us at Twitter: www.twitter.com/testsexpert FaceBook: www.facebook.com/testsexpert www.testsexpert.com 11
Pages to are hidden for
"Tests Expert CAP Free PDF Sample"Please download to view full document