CAP Dumps

CAP Free Practice Test

ISC2 CAP: ISC2 CAP Certified Authorization Professional

QUESTION 1

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

Correct Answer: AD

QUESTION 2

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

Correct Answer: B

QUESTION 3

Which of the following assessment methodologies defines a six-step technical security evaluation?

Correct Answer: B

QUESTION 4

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

Correct Answer: B

QUESTION 5

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

Correct Answer: D