CAP : Certified Authorization Professional : Part 06

CAP : Certified Authorization Professional : Part 06

  1. Which of the following individuals makes the final accreditation decision?

    • DAA
    • ISSO
    • CIO
    • CISO

  2. A ________ points to a statement in a policy or procedure that helps determine a course of action.

    • Comment
    • Guideline
    • Procedure
    • Baseline

  3. Which of the following NIST documents defines impact?

    • NIST SP 800-26
    • NIST SP 800-53A
    • NIST SP 800-53
    • NIST SP 800-30

  4. Which of the following formulas was developed by FIPS 199 for categorization of an information system?

    • SCinformation system = {(confidentiality, impact), (integrity, controls), (availability, risk)}
    • SCinformation system = {(confidentiality, risk), (integrity, impact), (availability, controls)}
    • SCinformation system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
    • SCinformation system = {(confidentiality, controls), (integrity, controls), (availability, controls )}

  5. Which of the following relations correctly describes total risk?

    • Total Risk = Threats x Vulnerability x Asset Value
    • Total Risk = Viruses x Vulnerability x Asset Value
    • Total Risk = Threats x Exploit x Asset Value
    • Total Risk = Viruses x Exploit x Asset Value

  6. Which of the following documents is used to provide a standard approach to the assessment of NIST SP 800-53 security controls?

    • NIST SP 800-53A
    • NIST SP 800-66
    • NIST SP 800-41
    • NIST SP 800-37

  7. Which of the following guidance documents is useful in determining the impact level of a particular threat on agency systems?

    • NIST SP 800-41
    • NIST SP 800-37
    • FIPS 199
    • NIST SP 800-14

  8. Tom is the project manager for his organization. In his project he has recently finished the risk response planning. He tells his manager that he will now need to update the cost and schedule baselines. Why would the risk response planning cause Tom the need to update the cost and schedule baselines?

    • New or omitted work as part of a risk response can cause changes to the cost and/or schedule baseline.
    • Risk responses protect the time and investment of the project.
    • Risk responses may take time and money to implement.
    • Baselines should not be updated, but refined through versions.

  9. For which of the following reporting requirements are continuous monitoring documentation reports used?

    • FISMA
    • NIST
    • HIPAA
    • FBI

  10. Which of the following are the types of assessment tests addressed in NIST SP 800-53A?

    • Functional, penetration, validation
    • Validation, evaluation, penetration
    • Validation, penetration, evaluation
    • Functional, structural, penetration

  11. Which of the following individuals is responsible for configuration management and control task?

    • Common control provider
    • Information system owner
    • Authorizing official
    • Chief information officer

  12. Which of the following individuals is responsible for configuration management and control task?

    • Authorizing official
    • Information system owner
    • Chief information officer
    • Common control provider

  13. Which of the following individuals is responsible for preparing and submitting security status reports to the organizations?

    • Chief Information Officer
    • Senior Agency Information Security Officer
    • Common Control Provider
    • Authorizing Official

  14. In which of the following DITSCAP phases is the SSAA developed?

    • Phase 2
    • Phase 4
    • Phase 1
    • Phase 3

  15. In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?

    • Continuous Monitoring Phase
    • Accreditation Phase
    • Preparation Phase
    • DITSCAP Phase

  16. In which of the following phases does the change management process start?

    • Phase 2
    • Phase 1
    • Phase 4
    • Phase 3

  17. Which of the following assessment methods involves observing or conducting the operation of physical devices?

    • Interview
    • Deviation
    • Examination
    • Testing

  18. In which of the following elements of security does the object retain its veracity and is intentionally modified by the authorized subjects?

    • Integrity
    • Nonrepudiation
    • Availability
    • Confidentiality

  19. Which of the following recovery plans includes a monitoring process and triggers for initiating planned actions?

    • Business continuity plan
    • Contingency plan
    • Continuity of Operations Plan
    • Disaster recovery plan

  20. Which of the following NIST publications defines impact?

    • NIST SP 800-41
    • NIST SP 800-37
    • NIST SP 800-30
    • NIST SP 800-53
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments