CAP Free Practice Test

Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation?

1. A. Chief Risk Officer
2. B. Chief Information Security Officer
3. C. Information System Owner
4. D. Chief Information Officer

Correct Answer: C

Which of the following RMF phases is known as risk analysis?

1. A. Phase 2
2. B. Phase 1
3. C. Phase 0
4. D. Phase 3

Correct Answer: A

Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

1. A. Safeguards
2. B. Preventive controls
3. C. Detective controls
4. D. Corrective controls

Correct Answer: D

You are the project manager for TTP project. You are in the Identify Risks process. You have to create the risk register. Which of the following are included in the risk register?
Each correct answer represents a complete solution. Choose two.

1. A. List of potential responses
2. B. List of identified risks
3. C. List ofmitigation techniques
4. D. List of key stakeholders

Correct Answer: AB

Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?

1. A. NIST SP 800-53
2. B. NIST SP 800-59
3. C. NIST SP 800-53A
4. D. NIST SP 800-37
5. E. NIST SP 800-60

Correct Answer: B