Home > CISSP > Quizzes > Certified Authorization Professional (CAP)
Certified Authorization Professional (CAP)
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 62% Most missed: “Which of the following is not one of the designated responsibilities of the DHS?”
Certified Authorization Professional (CAP)
Time left 00:00
25 Questions

1. A standard to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels

2. The assessment methods have a set of associated attributes, which help define the level of effort for the assessment. These attributes are hierarchical in nature, providing the means to define the rigor and scope of the assessment for the increased assurances that may be needed for some information systems. Which attribute addresses the rigor of and level of detail in examination, interview and testing processes?

3. Which law provides for the optional use and acceptance of electronic documents and signatures, and electronic record keeping where practicable?

4. Which OMB memo clarified cybersecurity responsibilities and activities of the executive office of the president and the department of homeland security?

5. This standard specifies minimum security requirements for federal information and information systems in seventeen security related areas.

6. Which minimum security requirement, defined in FIPS 200, requires Organizations to limit physical access to information systems, equipment and the respective operating environments to authorized individuals?

7. The following legislation requires federal agencies to prepare Privacy Impact Assessments (PIAs) when developing or procuring new information technology.

8. How often will the security controls be reviewed by NIST and if necessary revised and extended?

9. Which NIST Special Publication provides guidance for protecting PII.

10. What type of system requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application?

11. Security assessments are typically carried at out during which of the following stages of the system development lifecycle?

12. This act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

13. This document provides a policy framework for information resources management across the Federal government.

14. Defined as a system of interconnected information resources under the same direct management control which shares common functionality.

15. 44 United States Code Section 3542(b)(2) defines

16. What defines the scope of the information system?

17. What kind of controls are security controls that are inheritable by one or more organization information systems?

18. This contingency planning variable represents the total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations:

19. What is one of the key words associated with high impact levels?

20. Name the working Group with representatives from the Civil, Defense, and Intelligence Communities, engaged in an ongoing effort to produce a unified information security framework for the federal government including a consistent process for selecting and specifying safeguards and countermeasures (i.e. security controls) for federal information systems.

21. Name the set of specifications used to standardize the communication of software flaws and security configurations.

22. What is an Open information security community effort to standardize how to assess and report upon the machine state, such as vulnerabilities, of computer systems?

23. What is the name of the U.S. government repository of standards-based vulnerability management data represented using the SCAP specifications?

24. Name the 3 tasks of the RMF Categorization step.

25. Which assessment method is the process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior?