ISC CAP CAP – Certified Authorization Professional Online Training
ISC CAP Online Training
The questions for CAP were last updated at Apr 22,2025.
- Exam Code: CAP
- Exam Name: CAP – Certified Authorization Professional
- Certification Provider: ISC
- Latest update: Apr 22,2025
Where can a project manager find risk-rating rules?
- A . Risk probability and impact matrix
- B . Organizational process assets
- C . Enterprise environmental factors
- D . Risk management plan
There are five inputs to the quantitative risk analysis process.
Which one of the following is NOT an input to the perform quantitative risk analysis process?
- A . Risk register
- B . Cost management plan
- C . Risk management plan
- D . Enterprise environmental factors
Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They’d like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event.
What is the likely outcome of creating this type of chart?
- A . Risk response plan
- B . Quantitative analysis
- C . Risk response
- D . Contingency reserve
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?
- A . Authorizing Official
- B . Chief Risk Officer (CRO)
- C . Chief Information Officer (CIO)
- D . Information system owner
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities.
For your project archives, which one of the following is an output of risk monitoring and control?
- A . Quantitative risk analysis
- B . Qualitative risk analysis
- C . Requested changes
- D . Risk audits
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?
- A . DoDD 8000.1
- B . DoD 7950.1-M
- C . DoD 5200.22-M
- D . DoD 8910.1
- E . DoD 5200.1-R
The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning.
Which of the following processes take place in phase 3? Each correct answer represents a complete solution. Choose all that apply.
- A . Identify threats, vulnerabilities, and controls that will be evaluated.
- B . Document and implement a mitigation plan.
- C . Agree on a strategy to mitigate risks.
- D . Evaluate mitigation progress and plan next assessment.
Gary is the project manager of his organization. He is managing a project that is similar to a project his organization completed recently. Gary has decided that he will use the information from the past project to help him and the project team to identify the risks that may be present in the project. Management agrees that this checklist approach is ideal and will save time in the project.
Which of the following statement is most accurate about the limitations of the checklist analysis approach for Gary?
- A . The checklist analysis approach is fast but it is impossible to build and exhaustive checklist.
- B . The checklist analysis approach only uses qualitative analysis.
- C . The checklist analysis approach saves time, but can cost more.
- D . The checklist is also known as top down risk assessment
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.
- A . Develop DIACAP strategy.
- B . Assign IA controls.
- C . Assemble DIACAP team.
- D . Initiate IA implementation plan.
- E . Register system with DoD Component IA Program.
- F . Conduct validation activity.
Information risk management (IRM) is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level.
What are the different categories of risk? Each correct answer represents a complete solution. Choose all that apply.
- A . System interaction
- B . Human interaction
- C . Equipment malfunction
- D . Inside and outside attacks
- E . Social status
- F . Physical damage
Latest CAP Dumps Valid Version with 395 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
