Certified Authorization Professional – CAP – Question395

Which of the following statements correctly describes DIACAP residual risk?

A.
It is the remaining risk to the information system after risk palliation has occurred.
B. It is a process of security authorization.
C. It is the technical implementation of the security design.
D. It is used to validate the information system.

Correct Answer: A

Certified Authorization Professional – CAP – Question393

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies? Each correct answer represents a complete solution. Choose all that apply.

A.
Systematic
B. Regulatory
C. Advisory
D. Informative

Correct Answer: BCD

Certified Authorization Professional – CAP – Question390

Which of the following statements about Discretionary Access Control List (DACL) is true?

A.
It is a rule list containing access control entries.
B. It specifies whether an audit activity should be performed when an object attempts to access a resource.
C. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.
D. It is a unique number that identifies a user, group, and computer account

Correct Answer: C

Certified Authorization Professional – CAP – Question387

Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition. Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

A.
Project contractual relationship with the vendor
B. Project communications plan
C. Project management plan
D. Project scope statement

Correct Answer: C