CAP Exam (Certified Authorization
Professional) Questions & Answers
Name the set of specifications used to standardize the communication of software and security
configurations - ANSWERSSCAP
Assessment findings are expressed as one of which two options - ANSWERSSatisfactory/Other
Which assessment objectives are specific hardware, software, or firmware safeguards/countermeasures
employed w/in an information system? - ANSWERSSpecifications
Which assessment method is the process of exercising one or more assessment objects (i.e., activities or
mechanisms) under specified conditions to compare actual with expected behavior? - ANSWERSTest
Security assessments are typically carried out during which of the following stages of the system
development lifecycle? - ANSWERSInitiation, Development/Acquisition, Implementation, Operations and
Maintenance
This standard specifies minimum security requirements for federal information and information systems
in seventeen security related areas. - ANSWERSFIPS 200
Security controls are organized by ____________ and ___________. - ANSWERSClass/Family
Which NIST Special Publication provides guidance for protecting PII. - ANSWERSSP 800-122
44 United States Code Section 3542(b)(2) defines - ANSWERSNational Security Systems
According to FIPS 199 a limited adverse effect means that the loss of confidentiality, integrity or
availability might: - ANSWERSCause degradation in mission capability to an extent and duration that the
, organization is able to perform its primary functions but the effectiveness of the functions is noticeably
reduced
The application of the security controls defined in NIST Special Publication 800-53 required by this
standard represents the current state-of-the-practice safeguards and countermeasures for information
systems.- - ANSWERSFIPS 200
How often will the security controls be reviewed by NIST and if necessary revised and extended? -
ANSWERSAfter a significant change
Which minimum security requirement, defined in FIPS 200, requires Organizations to limit physical
access to information systems, equipment and the respective operating environments to authorized
individuals? - ANSWERSPhysical and Environmental Protection
Which minimum security requirement, defined in FIPS 200, requires Organizations to ensure that
individuals occupying positions of responsibility within organizations (including third party service
providers) are trustworthy and meet established security criteria for those positions? -
ANSWERSPersonnel Security
Compliance schedules for NIST security standards and guidelines are established by what agency? -
ANSWERSOMB
Name the working Group with representatives from the Civil, Defense, and Intelligence Communities,
engaged in an ongoing effort to produce a unified information security framework for the federal
government including a consistent process for selecting and specifying safeguards and countermeasures
(i.e. security controls) for federal information systems. - ANSWERSJoint Task Force Transformation
Initiative
This document provides implementing guidance for NIST Special Publication 800-53 for national security
systems: - ANSWERSCNSS 1253
While the FIPS 199 security categorization associates the operation of the information system with the
potential adverse impact on organizational operations and assets, individuals, other organizations and
the Nation, the incorporation of refined threat and vulnerability information during the risk assessment
Professional) Questions & Answers
Name the set of specifications used to standardize the communication of software and security
configurations - ANSWERSSCAP
Assessment findings are expressed as one of which two options - ANSWERSSatisfactory/Other
Which assessment objectives are specific hardware, software, or firmware safeguards/countermeasures
employed w/in an information system? - ANSWERSSpecifications
Which assessment method is the process of exercising one or more assessment objects (i.e., activities or
mechanisms) under specified conditions to compare actual with expected behavior? - ANSWERSTest
Security assessments are typically carried out during which of the following stages of the system
development lifecycle? - ANSWERSInitiation, Development/Acquisition, Implementation, Operations and
Maintenance
This standard specifies minimum security requirements for federal information and information systems
in seventeen security related areas. - ANSWERSFIPS 200
Security controls are organized by ____________ and ___________. - ANSWERSClass/Family
Which NIST Special Publication provides guidance for protecting PII. - ANSWERSSP 800-122
44 United States Code Section 3542(b)(2) defines - ANSWERSNational Security Systems
According to FIPS 199 a limited adverse effect means that the loss of confidentiality, integrity or
availability might: - ANSWERSCause degradation in mission capability to an extent and duration that the
, organization is able to perform its primary functions but the effectiveness of the functions is noticeably
reduced
The application of the security controls defined in NIST Special Publication 800-53 required by this
standard represents the current state-of-the-practice safeguards and countermeasures for information
systems.- - ANSWERSFIPS 200
How often will the security controls be reviewed by NIST and if necessary revised and extended? -
ANSWERSAfter a significant change
Which minimum security requirement, defined in FIPS 200, requires Organizations to limit physical
access to information systems, equipment and the respective operating environments to authorized
individuals? - ANSWERSPhysical and Environmental Protection
Which minimum security requirement, defined in FIPS 200, requires Organizations to ensure that
individuals occupying positions of responsibility within organizations (including third party service
providers) are trustworthy and meet established security criteria for those positions? -
ANSWERSPersonnel Security
Compliance schedules for NIST security standards and guidelines are established by what agency? -
ANSWERSOMB
Name the working Group with representatives from the Civil, Defense, and Intelligence Communities,
engaged in an ongoing effort to produce a unified information security framework for the federal
government including a consistent process for selecting and specifying safeguards and countermeasures
(i.e. security controls) for federal information systems. - ANSWERSJoint Task Force Transformation
Initiative
This document provides implementing guidance for NIST Special Publication 800-53 for national security
systems: - ANSWERSCNSS 1253
While the FIPS 199 security categorization associates the operation of the information system with the
potential adverse impact on organizational operations and assets, individuals, other organizations and
the Nation, the incorporation of refined threat and vulnerability information during the risk assessment
