← Back to exam page

CAP Certified Authorization Professional

Loading demo links...

Showing 1–3 of 15 questions

Question 1 (Volume C)

The phase 0 of Risk Management Framework (RMF) is known as strategic risk assessment planning. Which of the following processes take place in phase 0?

Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • Review documentation and technical data.

  • Apply classification criteria to rank data assets and related IT resources.

  • Establish criteria that will be used to classify and rank data assets.

  • Identify threats, vulnerabilities, and controls that will be evaluated.

  • Establish criteria that will be used to evaluate threats, vulnerabilities, and controls.
Question 2 (Volume C)

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?

Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

  • An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).

  • An ISSE provides advice on the continuous monitoring of the information system.

  • An ISSO takes part in the development activities that are required to implement system ch anges.

  • An ISSE provides advice on the impacts of system changes.
Question 3 (Volume C)

What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • Conduct activities related to the disposition of the system data and objects.

  • Execute and update IA implementation plan.

  • Conduct validation activities.

  • Combine validation results in DIACAP scorecard.