1
CAP Test A Questions with Answers (100% Correct
Answers)
Which of the following phases are defined in the system authorization
plan (SAP)? Answer: •Phase 1 - Pre-certification
•Phase 2 - Certification
•Phase 3 - Authorization
•Phase 4 - Post-Authorization
Which of the following enables organizations to accomplish their
missions by securing the IT systems that store, process, or transmit
organizational information? Answer: Risk management
The Risk Management Framework (RMF) provides a disciplined and
structured process that integrates information security and risk
management activities into the system development life cycle. What
are the characteristics of RMF? Answer: • Promotes the concept of
near real-time risk management and ongoing information system
authorization through the implementation of robust continuous
monitoring processes.
© 2025 All rights reserved
,2
• Encourages the use of automation to provide senior leaders the
necessary information to make cost-effective, risk-based decisions with
regard to the organizational information systems, supporting their
core missions and business functions.
•Integrates information security into the enterprise architecture and
system development life cycle.
•Provides emphasis on the selection, implementation, assessment, and
monitoring of security controls, and authorization of information
systems.
•Links risk management processes at the information system level to
risk management processes at the organization level through a risk
executive.
•Establishes responsibility and accountability for security controls
deployed within organizational information systems and inherited by
those systems.
Which of the following statements reflect the 'Code of Ethics Canons'
in the '(ISC)2 Code of Ethics'? Answer: •Protect society, the
commonwealth, and the infrastructure
© 2025 All rights reserved
,3
•Act honorably, honestly, justly, responsibly, and legally
•Provide diligent and competent service to principals
•Advance and protect the profession
Risk Management is used to identify, assess, and control risks. What
are the objectives of risk management? Answer: •Enable organizations
to accomplish their missions by securing the IT systems that store,
process, or transmit organizational information.
•Enable management to make well-informed risk management
decisions to justify expenses that are part of the IT budget.
•Assist management in authorizing (or accrediting) the IT systems.
Which of the following tasks includes developing, reviewing, and
approving a plan to assess the security controls in the step 4 known as
assess security controls of the RMF? Answer: Task 1 includes
developing, reviewing, and approving a plan to assess the security
controls.
RMF step 4 is known as Assess Security Controls. What are the
different tasks of the RMF step 4? Answer: 1.The first task is to
develop, review, and approve a plan to assess the security controls.
© 2025 All rights reserved
, 4
2.The second task is to assess the security controls in accordance with
the assessment procedures defined in the security assessment plan.
3.The third task is to prepare a security assessment report,
documenting the issues, findings, and recommendations from security
control assessment.
4.The fourth task is to conduct initial remediation actions on the
security controls based on recommendations of the security assessment
report.
Risk management is a holistic activity and it is fully integrated in every
aspect of the organization. Which of the following are the risk related
concerns that are addressed by the three-tiered approach? Answer:
1.The organization level
2.The mission and business process level
3.The information system level
Which of the following individuals is responsible for establishing an
effective continuous monitoring program for the organization?
Answer: The chief information officer is responsible for establishing an
effective continuous monitoring program for the organization. He also
© 2025 All rights reserved
CAP Test A Questions with Answers (100% Correct
Answers)
Which of the following phases are defined in the system authorization
plan (SAP)? Answer: •Phase 1 - Pre-certification
•Phase 2 - Certification
•Phase 3 - Authorization
•Phase 4 - Post-Authorization
Which of the following enables organizations to accomplish their
missions by securing the IT systems that store, process, or transmit
organizational information? Answer: Risk management
The Risk Management Framework (RMF) provides a disciplined and
structured process that integrates information security and risk
management activities into the system development life cycle. What
are the characteristics of RMF? Answer: • Promotes the concept of
near real-time risk management and ongoing information system
authorization through the implementation of robust continuous
monitoring processes.
© 2025 All rights reserved
,2
• Encourages the use of automation to provide senior leaders the
necessary information to make cost-effective, risk-based decisions with
regard to the organizational information systems, supporting their
core missions and business functions.
•Integrates information security into the enterprise architecture and
system development life cycle.
•Provides emphasis on the selection, implementation, assessment, and
monitoring of security controls, and authorization of information
systems.
•Links risk management processes at the information system level to
risk management processes at the organization level through a risk
executive.
•Establishes responsibility and accountability for security controls
deployed within organizational information systems and inherited by
those systems.
Which of the following statements reflect the 'Code of Ethics Canons'
in the '(ISC)2 Code of Ethics'? Answer: •Protect society, the
commonwealth, and the infrastructure
© 2025 All rights reserved
,3
•Act honorably, honestly, justly, responsibly, and legally
•Provide diligent and competent service to principals
•Advance and protect the profession
Risk Management is used to identify, assess, and control risks. What
are the objectives of risk management? Answer: •Enable organizations
to accomplish their missions by securing the IT systems that store,
process, or transmit organizational information.
•Enable management to make well-informed risk management
decisions to justify expenses that are part of the IT budget.
•Assist management in authorizing (or accrediting) the IT systems.
Which of the following tasks includes developing, reviewing, and
approving a plan to assess the security controls in the step 4 known as
assess security controls of the RMF? Answer: Task 1 includes
developing, reviewing, and approving a plan to assess the security
controls.
RMF step 4 is known as Assess Security Controls. What are the
different tasks of the RMF step 4? Answer: 1.The first task is to
develop, review, and approve a plan to assess the security controls.
© 2025 All rights reserved
, 4
2.The second task is to assess the security controls in accordance with
the assessment procedures defined in the security assessment plan.
3.The third task is to prepare a security assessment report,
documenting the issues, findings, and recommendations from security
control assessment.
4.The fourth task is to conduct initial remediation actions on the
security controls based on recommendations of the security assessment
report.
Risk management is a holistic activity and it is fully integrated in every
aspect of the organization. Which of the following are the risk related
concerns that are addressed by the three-tiered approach? Answer:
1.The organization level
2.The mission and business process level
3.The information system level
Which of the following individuals is responsible for establishing an
effective continuous monitoring program for the organization?
Answer: The chief information officer is responsible for establishing an
effective continuous monitoring program for the organization. He also
© 2025 All rights reserved
