CAP Free Practice Test

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

1. A. Configuration Management System
2. B. Project Management InformationSystem
3. C. Scope Verification
4. D. Integrated Change Control

Correct Answer: A

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

1. A. DITSCAP
2. B. NIACAP
3. C. NSA-IAM
4. D. ASSET

Correct Answer: B

Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?
Each correct answer represents a complete solution. Choose all that apply.

1. A. Race conditions
2. B. Social engineering
3. C. Information system architectures
4. D. Buffer overflows
5. E. Kernel flaws
6. F. Trojan horses
7. G. File and directory permissions

Correct Answer: ABDEFG

DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP?
Each correct answer represents a complete solution. Choose all that apply.

1. A. Validation
2. B. Re-Accreditation
3. C. Verification
4. D. System Definition
5. E. Identification
6. F. Accreditation

Correct Answer: ABCD

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

1. A. FITSAF
2. B. TCSEC
3. C. FIPS
4. D. SSAA

Correct Answer: B