CAP Certified Authorization Professional Practice Exam

Sample Questions

Q) Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?

a) Senior Agency Information Security Officer

b) Authorizing Official

c) Common Control Provider

d) Chief Information Officer

Q) The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer? Each correct answer represents a complete solution. Choose all that apply.

a) Preserving high-level communications and working group relationships in an organization

b) Facilitating the sharing of security risk-related information among authorizing officials

c) Establishing effective continuous monitoring program for the organization

d) Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

Q) The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE? Each correct answer represents a complete solution. Choose all that apply.

a) An ISSE provides advice on the impacts of system changes.

b) An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).

c) An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

d) An ISSO takes part in the development activities that are required to implement system changes.

e) An ISSE provides advice on the continuous monitoring of the information system.

Q) Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

a) Information system owner

b) Authorizing Official

c) Chief Risk Officer (CRO)

d) Chief Information Officer (CIO)

Q) Which of the following assessment methodologies defines a six-step technical security evaluation?

a) FITSAF

b) FIPS 102

c) OCTAVE

d) DITSCAP