CAP Free Practice Test

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

1. A. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
2. B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
3. C. Certification isthe official management decision given by a senior agency official to authorize operation of an information system.
4. D. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

Correct Answer: AD

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

1. A. NIST SP 800-53A
2. B. NIST SP 800-26
3. C. NIST SP 800-53
4. D. NIST SP 800-59
5. E. NIST SP 800-60
6. F. NIST SP 800-37

Correct Answer: B

Which of the following assessment methodologies defines a six-step technical security evaluation?

1. A. FITSAF
2. B. FIPS 102
3. C. OCTAVE
4. D. DITSCAP

Correct Answer: B

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

1. A. FITSAF
2. B. TCSEC
3. C. FIPS
4. D. SSAA

Correct Answer: B

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

1. A. Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.
2. B. Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
3. C. Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
4. D. Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

Correct Answer: D