Electronic boost during present-day instances offers overtook most variety of anticipations. More recent and items having greater quality of technological know-how are the telephone through the day. Application firms tend to be exiting absolutely no stone unchecked so that you can entice the top on the market means to control the technological know-how. Skilled effort is actually needed by the Information technology firms to place ahead these studies and also enhancement. ISC2 CAP Certified Authorization Professional on CAP recognition exam is an like exam which in turn tests the technological realize. Becoming performed by way of ISC2, the following recognition happens to be generally known as CAP recognition. The rewards this tends to bring around your corporation sector for those who care for ISC2 trained in will likely be that you?¡¥ll these days bear the self-confidence your staff element the ability they should conquer business enterprise aspires, gain by way of maximised efficiency and also overall performance.
2021 Sep CAP book
Q231. Which of the following are the types of assessment tests addressed in NIST SP 800-53A?
A. Functional, penetration, validation
B. Validation, evaluation, penetration
C. Validation, penetration, evaluation
D. Functional, structural, penetration
Answer: D
Q232. Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?
A. The Change Manager
B. The IT Security Manager
C. The Service Level Manager
D. The Configuration Manager
Answer: B
Q233. Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
A. SSAA
B. FIPS
C. FITSAF
D. TCSEC
Answer: A
Renew CAP free download:
Q234. Sammy is the project manager for her organization. She would like to rate each risk based on its probability and affect on time, cost, and scope. Harry, a project team member, has never done this before and thinks Sammy is wrong to attempt this approach. Harry says that an accumulative risk score should be created, not three separate risk scores. Who is correct in this scenario?
A. Harry is correct, because the risk probability and impact considers all objectives of the proj ect.
B. Harry is correct, the risk probability and impact matrix is the only approach to risk assessm ent.
C. Sammy is correct, because sheis the project manager.
D. Sammy is correct, because organizations can create risk scores for each objective of the pr oject.
Answer: D
Q235. Which of the following is NOT a phase of the security certification and accreditation process?
A. Initiation
B. Security certification
C. Operation
D. Maintenance
Answer: C
Q236. Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.
A. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
C. Certification is the official management decision given by a senior agency official to authorize operation of an information system.
D. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
Answer: AD
Q237. You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What is this called?
A. Confidentiality
B. Encryption
C. Integrity
D. Availability
Answer: A