CAP Practice Test

CAP Practice Test Change management is initiated under which phase? A. Select security controls B. Categorize information system C. Authorize information system D. Monitor security controls - Monitor security controls FIPS 200 provides how many minimum security requirements for federal information and information systems? The requirements represent a broad based, balanced information security program that addresses the management, operational, and technical aspects of protecting the CIA of federal information and information systems. A. 5 B. 17 C. 21 D. 10 - 17 Why would the authorization decision issue a determination of Not Authorized? A. If the system is not authorized (NA) to process classified information. B. If it is deemed that the agency level risk is unacceptably high. C. If the system is mission critical and requires an interim authority to operate. D. The information system is always accredited without any restrictions or limitations on its operation. - If it is deemed that the agency level risk is unacceptably high. What assessment procedure is designed to work with and complement the assessment procedures to contribute to the grounds for confidence in the effectiveness of the security controls employed in the information system? A. Extended B. Subordinate C. Based D. Cross control - Extended During the security impact analysis vulnerabilities were uncovered in the information system. Which of the following documents should address the outstanding items? A. Plan of action and milestones B. System security plan C. System discrepancy plan D. System deficiency plan - Plan of action and milestones The guidelines in this publication apply to the security controls defined in NIST Special Publication 800 53 in an effort to enable more consistent, comparable, and repeatable assessments of security controls. A. SP 800 53 B. SP 800 53A C. SP 800 37 D. FIPS 200 - SP 800 53A Which of the following classification levels defines the information that, if disclosed to the unauthorized parties, could be reasonably expected to cause exceptionally grave damage to the national security? A. Top Secret information B. Secret information C. Confidential information D. Unclassified information - Top Secret information An assessment procedure consists of a set of which things, each with an associated set of potential assessment methods and assessment objects? A. Assessment objectives B. Security controls C. Operational requirements D. Assessment objects - Assessment objectives