For which of the following reporting requirements are continuous monitoring documentation reports used?
A. FISMA
B. NIST
C. HIPAA
D. FBI
A. FISMA
B. NIST
C. HIPAA
D. FBI
Tag: Certified Authorization Professional – CAP
Certified Authorization Professional – CAP – Question364
A ________ points to a statement in a policy or procedure that helps determine a course of action.
A. Comment
B. Guideline
C. Procedure
D. Baseline
A. Comment
B. Guideline
C. Procedure
D. Baseline
Certified Authorization Professional – CAP – Question363
Which of the following individuals makes the final accreditation decision?
A. DAA
B. ISSO
C. CIO
D. CISO
A. DAA
B. ISSO
C. CIO
D. CISO
Certified Authorization Professional – CAP – Question362
Which of the following individuals is responsible for the final accreditation decision?
A. Certification Agent
B. User Representative
C. Information System Owner
D. Risk Executive
A. Certification Agent
B. User Representative
C. Information System Owner
D. Risk Executive
Certified Authorization Professional – CAP – Question361
Which of the following relations correctly describes total risk?
A. Total Risk = Threats x Vulnerability x Asset Value
B. Total Risk = Viruses x Vulnerability x Asset Value
C. Total Risk = Threats x Exploit x Asset Value
D. Total Risk = Viruses x Exploit x Asset Value
A. Total Risk = Threats x Vulnerability x Asset Value
B. Total Risk = Viruses x Vulnerability x Asset Value
C. Total Risk = Threats x Exploit x Asset Value
D. Total Risk = Viruses x Exploit x Asset Value
Certified Authorization Professional – CAP – Question360
Which of the following formulas was developed by FIPS 199 for categorization of an information system?
A. SCinformation system = {(confidentiality, impact), (integrity, controls), (availability, risk)}
B. SCinformation system = {(confidentiality, risk), (integrity, impact), (availability, controls)}
C. SCinformation system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
D. SCinformation system = {(confidentiality, controls), (integrity, controls), (availability, controls )}
A. SCinformation system = {(confidentiality, impact), (integrity, controls), (availability, risk)}
B. SCinformation system = {(confidentiality, risk), (integrity, impact), (availability, controls)}
C. SCinformation system = {(confidentiality, impact), (integrity, impact), (availability, impact)}
D. SCinformation system = {(confidentiality, controls), (integrity, controls), (availability, controls )}
Certified Authorization Professional – CAP – Question359
Which of the following NIST documents defines impact?
A. NIST SP 800-26
B. NIST SP 800-53A
C. NIST SP 800-53
D. NIST SP 800-30
A. NIST SP 800-26
B. NIST SP 800-53A
C. NIST SP 800-53
D. NIST SP 800-30
Certified Authorization Professional – CAP – Question358
Which of the following NIST publications defines impact?
A. NIST SP 800-41
B. NIST SP 800-37
C. NIST SP 800-30
D. NIST SP 800-53
A. NIST SP 800-41
B. NIST SP 800-37
C. NIST SP 800-30
D. NIST SP 800-53
Certified Authorization Professional – CAP – Question357
Which of the following recovery plans includes a monitoring process and triggers for initiating planned actions?
A. Business continuity plan
B. Contingency plan
C. Continuity of Operations Plan
D. Disaster recovery plan
A. Business continuity plan
B. Contingency plan
C. Continuity of Operations Plan
D. Disaster recovery plan
Certified Authorization Professional – CAP – Question356
In which of the following elements of security does the object retain its veracity and is intentionally modified by the authorized subjects?
A. Integrity
B. Nonrepudiation
C. Availability
D. Confidentiality
A. Integrity
B. Nonrepudiation
C. Availability
D. Confidentiality