ISC CAP - Certified Authorization Professional Exam

Page:    1 / 79   
Total 395 questions

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?

  • A. Senior Agency Information Security Officer
  • B. Authorizing Official
  • C. Common Control Provider
  • D. Chief Information Officer


Answer : C

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Preserving high-level communications and working group relationships in an organization
  • B. Facilitating the sharing of security risk-related information among authorizing officials
  • C. Establishing effective continuous monitoring program for the organization
  • D. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan


Answer : ACD

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?
Each correct answer represents a complete solution. Choose all that apply.

  • A. An ISSE provides advice on the impacts of system changes.
  • B. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
  • C. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
  • D. An ISSO takes part in the development activities that are required to implement system changes.
  • E. An ISSE provides advice on the continuous monitoring of the information system.


Answer : ACE

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

  • A. Information system owner
  • B. Authorizing Official
  • C. Chief Risk Officer (CRO)
  • D. Chief Information Officer (CIO)


Answer : A

Which of the following assessment methodologies defines a six-step technical security evaluation?

  • A. FITSAF
  • B. FIPS 102
  • C. OCTAVE
  • D. DITSCAP


Answer : B

Page:    1 / 79   
Total 395 questions