CAP Free Practice Test

Which of the following phases of the DITSCAP C&A process is used to define the C&A level of effort, to identify the main C&A roles and responsibilities, and to create an agreement on the method for implementing the security requirements?

1. A. Phase 3
2. B. Phase 2
3. C. Phase 4
4. D. Phase 1

Correct Answer: D

Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

1. A. Phase 3
2. B. Phase 2
3. C. Phase 4
4. D. Phase 1

Correct Answer: A

Which of the following assessment methods is used to review, inspect, and analyze assessment objects?

1. A. Testing
2. B. Examination
3. C. Interview
4. D. Debugging

Correct Answer: B

Which of the following individuals makes the final accreditation decision?

1. A. ISSE
2. B. DAA
3. C. CRO
4. D. ISSO

Correct Answer: B

Adrian is a project manager for a new project using a technology that has recently been released and there's relatively little information about the technology. Initial testing of the technology makes the use of it look promising, but there's still uncertainty as to the longevity and reliability of the technology. Adrian wants to consider the technology factors a risk for her project. Where should she document the risks associated with this technology so she can track the risk status and responses?

1. A. Project charter
2. B. Risk register
3. C. Project scope statement
4. D. Risk low-level watch list

Correct Answer: B