Which of the following NIST documents defines impact?
A. NIST SP 800-53
B. NIST SP 800-26
C. NIST SP 800-30
D. NIST SP 800-53A
A. NIST SP 800-53
B. NIST SP 800-26
C. NIST SP 800-30
D. NIST SP 800-53A
Tag: Certified Authorization Professional – CAP
Certified Authorization Professional – CAP – Question164
Which of the following formulas was developed by FIPS 199 for categorization of an information system?
A. SC information system = {(confidentiality, impact), (integrity, controls), (availability, risk)}
B. SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
C. SC information system = {(confidentiality, controls), (integrity, controls), (availability, controls )}
D. SC information system = {(confidentiality, risk), (integrity, impact), (availability, controls)}
A. SC information system = {(confidentiality, impact), (integrity, controls), (availability, risk)}
B. SC information system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
C. SC information system = {(confidentiality, controls), (integrity, controls), (availability, controls )}
D. SC information system = {(confidentiality, risk), (integrity, impact), (availability, controls)}
Certified Authorization Professional – CAP – Question163
Which of the following is NOT a type of penetration test?
A. Cursory test
B. Partial-knowledge test
C. Zero-knowledge test
D. Full knowledge test
A. Cursory test
B. Partial-knowledge test
C. Zero-knowledge test
D. Full knowledge test
Certified Authorization Professional – CAP – Question162
Which of the following is NOT considered an environmental threat source?
A. Pollution
B. Hurricane
C. Chemical
D. Water
A. Pollution
B. Hurricane
C. Chemical
D. Water
Certified Authorization Professional – CAP – Question161
Which of the following formulas was developed by FIPS 199 for categorization of an information type?
A. SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}
B. SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}
C. SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}
D. SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}
A. SC information type = {(confidentiality, controls), (integrity, controls), (authentication, controls)}
B. SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}
C. SC information type = {(confidentiality, risk), (integrity, risk), (availability, risk)}
D. SC information type = {(Authentication, impact), (integrity, impact), (availability, impact)}
Certified Authorization Professional – CAP – Question160
Which of the following phases begins with a review of the SSAA in the DITSCAP accreditation?
A. Phase 1
B. Phase 4
C. Phase 3
D. Phase 2
A. Phase 1
B. Phase 4
C. Phase 3
D. Phase 2
Certified Authorization Professional – CAP – Question159
Which of the following is a security policy implemented by an organization due to compliance, regulation, or other legal requirements?
A. Advisory policy
B. Informative policy
C. System Security policy
D. Regulatory policy
A. Advisory policy
B. Informative policy
C. System Security policy
D. Regulatory policy
Certified Authorization Professional – CAP – Question158
Which of the following administrative policy controls requires individuals or organizations to be engaged in good business practices relative to the organization's industry?
A. Segregation of duties
B. Separation of duties
C. Need to Know
D. Due care
A. Segregation of duties
B. Separation of duties
C. Need to Know
D. Due care
Certified Authorization Professional – CAP – Question157
In which of the following Risk Management Framework (RMF) phases is strategic risk assessment planning performed?
A. Phase 0
B. Phase 1
C. Phase 2
D. Phase 3
A. Phase 0
B. Phase 1
C. Phase 2
D. Phase 3
Certified Authorization Professional – CAP – Question156
Which of the following methods of authentication uses finger prints to identify users?
A. PKI
B. Mutual authentication
C. Biometrics
D. Kerberos
A. PKI
B. Mutual authentication
C. Biometrics
D. Kerberos