CAP Free Practice Test

An Authorizing Official plays the role of an approver. What are the responsibilities of an Authorizing Official?
Each correct answer represents a complete solution. Choose all that apply.

1. A. Establishing and implementing the organization's continuous monitoring program
2. B. Determining the requirement of reauthorization and reauthorizing information systems when required
3. C. Reviewing security status reports and critical security documents
4. D. Ascertaining the security posture of the organization's information system

Correct Answer: BCD

Which of the following is the acronym of RTM?

1. A. Resource tracking method
2. B. Requirements Traceability Matrix
3. C. Resource timing method
4. D. Requirements Testing Matrix

Correct Answer: B

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

1. A. Registration
2. B. Document mission need
3. C. Negotiation
4. D. Initial Certification Analysis

Correct Answer: ABC

What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process?
Each correct answer represents a complete solution. Choose all that apply.

1. A. Conduct activities related to the disposition of the system data and objects.
2. B. Execute and update IA implementation plan.
3. C. Conduct validation activities.
4. D. Combine validation results in DIACAP scorecard.

Correct Answer: BCD

Which of the following is an entry in an object's discretionary access control list (DACL) that grants permissions to a user or group?

1. A. Access control entry (ACE)
2. B. Discretionary access control entry (DACE)
3. C. Access control list (ACL)
4. D. Security Identifier (SID)

Correct Answer: A