Certified Authorization Professional – CAP – Question074

Eric is the project manager of the MTC project for his company. In this project a vendor has offered Eric a sizeable discount on all hardware if his order total for the project is more than $125,000. Right now, Eric is likely to spend $118,000 with vendor. If Eric spends $7,000 his cost savings for the project will be $12,500, but he cannot purchase hardware if he cannot implement the hardware immediately due to organizational policies. Eric consults with Amy and Allen, other project managers in the organization, and asks if she needs any hardware for their projects. Both Amy and Allen need hardware and they agree to purchase the hardware through Eric's relationship with the vendor. What positive risk response has happened in this instance?

A.
Transference
B. Exploiting
C. Sharing
D. Enhancing

Correct Answer: C

Certified Authorization Professional – CAP – Question073

You and your project team are just starting the risk identification activities for a project that is scheduled to last for 18 months. Your project team has already identified a long list of risks that need to be analyzed. How often should you and the project team do risk identification?

A.
At least once per month
B. Identify risks is an iterative process.
C. It depends on how many risks are initially identified.
D. Several times until the project moves into execution

Correct Answer: B

Certified Authorization Professional – CAP – Question072

Which of the following objectives are defined by integrity in the C.I.A triad of information security systems? Each correct answer represents a part of the solution. Choose three.

A.
It preserves the internal and external consistency of information.
B. It prevents the unauthorized or unintentional modification of information by the authorized users.
C. It prevents the modification of information by the unauthorized users.
D. It prevents the intentional or unintentional unauthorized disclosure of a message's contents .

Correct Answer: ABC

Certified Authorization Professional – CAP – Question071

You are the project manager of the GHG project. You are preparing for the quantitative risk analysis process. You are using organizational process assets to help you complete the quantitative risk analysis process. Which one of the following is NOT a valid reason to utilize organizational process assets as a part of the quantitative risk analysis process?

A.
You will use organizational process assets for risk databases that may be available from industry sources.
B. You will use organizational process assets for studies of similar projects by risk specialists.
C. You will use organizational process assets to determine costs of all risks events within the current project.
D. You will use organizational process assets for information from prior similar projects.

Correct Answer: C

Certified Authorization Professional – CAP – Question068

Which of the following are included in Physical Controls? Each correct answer represents a complete solution. Choose all that apply.

A.
Locking systems and removing unnecessary floppy or CD-ROM drives
B. Environmental controls
C. Password and resource management
D. Identification and authentication methods
E. Monitoring for intrusion
F. Controlling individual access into the facility and different departments

Correct Answer: ABEF

Certified Authorization Professional – CAP – Question067

You are the project manager for the NHH project. You are working with your project team to examine the project from four different defined perspectives to increase the breadth of identified risks by including internally generated risks. What risk identification approach are you using in this example?

A.
SWOT analysis
B. Root cause analysis
C. Assumptions analysis
D. Influence diagramming techniques

Correct Answer: A