In which of the following phases does the SSAA maintenance take place?
A. Phase 4
B. Phase 2
C. Phase 1
D. Phase 3
A. Phase 4
B. Phase 2
C. Phase 1
D. Phase 3
Tag: Certified Authorization Professional – CAP
Certified Authorization Professional – CAP – Question344
Which of the following is not a part of Identify Risks process?
A. Decision tree diagram
B. Cause and effect diagram
C. Influence diagram
D. System or process flow chart
A. Decision tree diagram
B. Cause and effect diagram
C. Influence diagram
D. System or process flow chart
Certified Authorization Professional – CAP – Question343
Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?
A. Risk management
B. Security management
C. Configuration management
D. Change control management
A. Risk management
B. Security management
C. Configuration management
D. Change control management
Certified Authorization Professional – CAP – Question342
Which of the following is a risk that is created by the response to another risk?
A. Secondary risk
B. Residual risk
C. Positive risk
D. Negative risk
A. Secondary risk
B. Residual risk
C. Positive risk
D. Negative risk
Certified Authorization Professional – CAP – Question341
Which of the following individuals is responsible for the final accreditation decision?
A. Information System Owner
B. Certification Agent
C. User Representative
D. Risk Executive
A. Information System Owner
B. Certification Agent
C. User Representative
D. Risk Executive
Certified Authorization Professional – CAP – Question340
According to FIPS Publication 199, what are the three levels of potential impact on organizations in the event of a compromise on confidentiality, integrity, and availability?
A. Confidential, Secret, and High
B. Minimum, Moderate, and High
C. Low, Normal, and High
D. Low, Moderate, and High
A. Confidential, Secret, and High
B. Minimum, Moderate, and High
C. Low, Normal, and High
D. Low, Moderate, and High
Certified Authorization Professional – CAP – Question339
Which of the following NIST documents includes components for penetration testing?
A. NIST SP 800-53
B. NIST SP 800-26
C. NIST SP 800-37
D. NIST SP 800-30
A. NIST SP 800-53
B. NIST SP 800-26
C. NIST SP 800-37
D. NIST SP 800-30
Certified Authorization Professional – CAP – Question338
Which of the following parts of BS 7799 covers risk analysis and management?
A. Part 1
B. Part 3
C. Part 2
D. Part 4
A. Part 1
B. Part 3
C. Part 2
D. Part 4
Certified Authorization Professional – CAP – Question337
What does RTM stand for?
A. Resource Testing Method
B. Replaced Traceability Matrix
C. Requirements Traceability Matrix
D. Resource Tracking Matrix
A. Resource Testing Method
B. Replaced Traceability Matrix
C. Requirements Traceability Matrix
D. Resource Tracking Matrix
Certified Authorization Professional – CAP – Question336
Which of the following recovery plans includes a monitoring process and triggers for initiating planned actions?
A. Contingency plan
B. Business continuity plan
C. Disaster recovery plan
D. Continuity of Operations Plan
A. Contingency plan
B. Business continuity plan
C. Disaster recovery plan
D. Continuity of Operations Plan