[PDF] ISC2 CAP Exam Questions

Views:
 
Category: Education
     
 

Presentation Description

Get complete detail on CAP exam guide to crack ISC2 Authorization Professional. You can collect all information on CAP tutorial, practice test, books, study material, exam questions, and syllabus. Firm your knowledge on ISC2 Authorization Professional and get ready to crack CAP certification. Explore all information on CAP exam with number of questions, passing percentage and time duration to complete test.

Comments

Presentation Transcript

slide 1:

ISC2 CAP EXAM QUESTIONS CAP Practice Test and Preparation Guide EDUSUM.COM Get complete detail on CAP exam guide to crack ISC2 Authorization Professional. You can collect all information on CAP tutorial practice test books study material exam questions and syllabus. Firm your knowledge on ISC2 Authorization Professional and get ready to crack CAP certification. Explore all information on CAP exam with number of questions passing percentage and time duration to complete test.

slide 2:

Introduction to ISC2 Certified Authorization Professional CAP Exam The ISC2 CAP Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the CAP certification exam. It contains a detailed list of the topics covered on the Professional exam as well as a detailed list of preparation resources. These study guide for the ISC2 Authorization Professional will help guide you through the study process for your certification. CAP ISC2 Authorization Professional Exam Summary ● Exam Name: ISC2 Authorization Professional ● Exam Code: CAP ● Exam Price: 550 USD ● Duration: 180 mins

slide 3:

● Number of Questions: 125 ● Passing Score: 700/1000 ● Schedule Exam: Pearson VUE ● Sample Questions: ISC2 CAP Sample Questions ● Recommended Practice: ISC2 CAP Certification Practice Exam Exam Syllabus: CAP ISC2 Certified Authorization Professional CAP 1. Information Security Risk Management Program 15 ● Understand the Foundation of an Organization-Wide Information Security Risk Management Program ● Understand Risk Management Program Processes ● Understand Regulatory and Legal Requirements 2. Categorization of Information Systems IS 13 ● Define the Information System IS ● Determine Categorization of the Information System IS 3. Selection of Security Controls 13 ● Identify and Document Baseline and Inherited Controls ● Select and Tailor Security Controls ● Develop Security Control Monitoring Strategy ● Review and Approve Security Plan SP 4. Implementation of Security Controls 15 ● Implement Selected Security Controls ● Document Security Control Implementation 5. Assessment of Security Controls 14 ● Prepare for Security Control Assessment SCA ● Conduct Security Control Assessment SCA ● Prepare Initial Security Assessment Report SAR ● Review Interim Security Assessment Report SAR and Perform Initial Remediation Actions ● Develop Final Security Assessment Report SAR and Optional Addendum 6. Authorization of Information Systems IS 14 ● Develop Plan of Action and Milestones POAM

slide 4:

● Assemble Security Authorization Package ● Determine Information System IS Risk ● Make Security Authorization Decision 7. Continuous Monitoring 16 ● Determine Security Impact of Changes to Information Systems IS and Environment ● Perform Ongoing Security Control Assessments SCA ● Conduct Ongoing Remediation Actions e.g. resulting from incidents vulnerability scans audits vendor updates ● Update Documentation ● Perform Periodic Security Status Reporting ● Perform Ongoing Information System IS Risk Acceptance ● Decommission Information System IS ISC2 CAP Certification Sample Questions and Answers To make you familiar with ISC2 Authorization Professional CAP certification exam structure we have prepared this sample question set. We suggest you to try our Sample Questions for CAP CAP Certification to test your understanding of ISC2 CAP process with real ISC2 certification exam environment. CAP ISC2 Authorization Professional Sample Questions:- 01. What key information is used by the authorizing official AO to assist with the risk determination of an information system IS a Security authorization package SAP b Plan of action and milestones POAM c Security plan SP d Interconnection security agreement ISA 02. According to the Risk Management Framework RMF which role has a primary responsibility to report the security status of the information system to the authorizing official AO and other appropriate organizational officials on an ongoing basis in accordance with the monitoring strategy a Information system security officer ISSO b Common control provider c Independent assessor d Senior information assurance officer SIAO

slide 5:

03. Who determines the required level of independence for security control assessors a Information system owner ISO b Information system security manager ISSM c Authorizing official AO d Information system security officer ISSO 04. Which authorization approach considers time elapsed since the authorization results were produced the environment of operation the criticality/sensitivity of the information and the risk tolerance of the other organization a Leveraged b Single c Joint d Site specific 05. When an authorizing official AO submits the security authorization decision what responses should the information system owner ISO expect to receive a Authorized to operate ATO or denial authorization to operate DATO the conditions for the authorization placed on the information system and owner and the authorization termination date b Authorized to Operate ATO or Denial Authorization to Operate DATO the list of security controls accessed and an system contingency plan c Authorized to operate ATO or denial authorization to operate DATO and the conditions for the authorization placed on the information system and owner d A plan of action and milestones POAM the conditions for the authorization placed on the information system and owner and the authorization termination date 06. When should the information system owner document the information system and authorization boundary description in the security plan a After security controls are implemented b While assembling the authorization package c After security categorization d When reviewing the security control assessment plan 07. Documenting the description of the system in the system security plan is the primary responsibility of which Risk Management Framework RMF role a Authorizing official AO b Information owner c Information system security officer ISSO d Information system owner 08. Information developed from Federal Information Processing Standard FIPS 199 may be used as an input to which authorization package document a Security assessment report SAR

slide 6:

b System security plan SSP c Plan of actions and milestones POAM d Authorization decision document 09. System authorization is now used to refer to which of the following terms a System security declaration b Certification and accreditation c Security test and evaluation d Continuous monitoring 10. Why is security control volatility an important consideration in the development of a security control monitoring strategy a It identifies needed security control monitoring exceptions. b It indicates a need for compensating controls. c It establishes priority for security control monitoring. d It provides justification for revisions to the configuration management and control plan Answers:- Answer 1:- a Answer 2:- b Answer 3:- c Answer 4:- a Answer 5:- a Answer 6:- c Answer 7:- d Answer 8:- d Answer 9:- b Answer 10:- c

authorStream Live Help