Online CAP Practice TestMore ISC2 Products >

Free ISC2 CAP Exam Dumps Questions

ISC2 CAP: ISC2 CAP Certified Authorization Professional

- Get instant access to CAP practice exam questions

- Get ready to pass the ISC2 CAP Certified Authorization Professional exam right now using our ISC2 CAP exam package, which includes ISC2 CAP practice test plus an ISC2 CAP Exam Simulator.

- The best online CAP exam study material and preparation tool is here.

4.5

(2835 ratings)

Question 1

Which of the following is a temporary approval to operate based on an assessment of the implementation status of the assigned IA Controls?

A. IATT

B. ATO

C. IATO

D. DATO

Correct Answer:C

Question 2

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

A. Authenticity

B. Integrity

C. Availability

D. Confidentiality

Correct Answer:D

Question 3

Wendy is about to perform qualitative risk analysis on the identified risks within her project. Which one of the following will NOT help Wendy to perform this project management activity?

A. Stakeholder register

B. Risk register

C. Project scope statement

D. Risk management plan

Correct Answer:A

Question 4

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD?
Each correct answer represents a complete solution. Choose all that apply.

A. VI Vulnerability and Incident Management

B. DC Security Design & Configuration

C. EC Enclave and Computing Environment

D. Information systems acquisition, development, and maintenance

Correct Answer:ABC

Question 5

Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

A. The custodian implements the information classification scheme after the initial assignment by the operations manager.

B. The datacustodian implements the information classification scheme after the initial assignment by the data owner.

C. The data owner implements the information classification scheme after the initial assignment by the custodian.

D. The custodian makes the initialinformation classification assignments, and the operations manager implements the scheme.

Correct Answer:B

Question 6

Which of the following processes has the goal to ensure that any change does not lead to reduced or compromised security?

A. Change control management

B. Security management

C. Configuration management

D. Risk management

Correct Answer:A

START CAP EXAM