CAP test FedVTE 2022 with complete solution
The authorization decision document conveys the final security authorization
decision from the authorizing official to the information system owner. The
authorization decision document contains all of the following information except?
A. Authorization decision
B. Terms and conditions for the authorization
C. Approving revisions to the SSAA
D. Authorization termination date
C. Approving revisions to the SSAA
Security categorization of an National Security System must consider the security
categories of all information types resident on it.
A. True
B. False
A. True
NIST SP 800 53A defines three types of interview depending on the level of
assessment conducted. Which of the following NIST SP 800 53A interviews
consists of informal and ad hoc interviews?
A. Substantial
B. Abbreviated
C. Comprehensive
D. Significant
B. Abbreviated
How many steps are defined in the RMF process?
A. Three
B. Four
C. Six
D. Five
C. Six
In which type of access control do user ID and password system come under?
A. Physical
B. Administrative
C. Power
D. Technical
, D. Technical
Why would the authorization decision issue a determination of Not Authorized?
A. If the system is not authorized (NA) to process classified information.
B. If it is deemed that the agency level risk is unacceptably high.
C. If the system is mission critical and requires an interim authority to operate.
D. The information system is always accredited without any restrictions or
limitations on its operation.
B. If it is deemed that the agency level risk is unacceptably high.
What assessment procedure is designed to work with and complement the
assessment procedures to contribute to the grounds for confidence in the
effectiveness of the security controls employed in the information system?
A. Extended
B. Subordinate
C. Based
D. Cross control
A. Extended
When does monitoring security controls take place?
A. Before the initial system certification
B. After the initial system security authorization
C. Before and after the initial system security accreditation
D. During the system design phase
B. After the initial system security authorization
Which of the following professionals plays the role of a monitor and takes part in
the organizations configuration management process?
A. Senior Agency Information Security Officer
B. Authorizing Official
C. Common Control Provider
D. Chief Information Officer
C. Common Control Provider
What is the potential impact if the loss of confidentiality, integrity, or availability
could be expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, individuals, other organizations,
or the national security interests of the United States?
A. Low
The authorization decision document conveys the final security authorization
decision from the authorizing official to the information system owner. The
authorization decision document contains all of the following information except?
A. Authorization decision
B. Terms and conditions for the authorization
C. Approving revisions to the SSAA
D. Authorization termination date
C. Approving revisions to the SSAA
Security categorization of an National Security System must consider the security
categories of all information types resident on it.
A. True
B. False
A. True
NIST SP 800 53A defines three types of interview depending on the level of
assessment conducted. Which of the following NIST SP 800 53A interviews
consists of informal and ad hoc interviews?
A. Substantial
B. Abbreviated
C. Comprehensive
D. Significant
B. Abbreviated
How many steps are defined in the RMF process?
A. Three
B. Four
C. Six
D. Five
C. Six
In which type of access control do user ID and password system come under?
A. Physical
B. Administrative
C. Power
D. Technical
, D. Technical
Why would the authorization decision issue a determination of Not Authorized?
A. If the system is not authorized (NA) to process classified information.
B. If it is deemed that the agency level risk is unacceptably high.
C. If the system is mission critical and requires an interim authority to operate.
D. The information system is always accredited without any restrictions or
limitations on its operation.
B. If it is deemed that the agency level risk is unacceptably high.
What assessment procedure is designed to work with and complement the
assessment procedures to contribute to the grounds for confidence in the
effectiveness of the security controls employed in the information system?
A. Extended
B. Subordinate
C. Based
D. Cross control
A. Extended
When does monitoring security controls take place?
A. Before the initial system certification
B. After the initial system security authorization
C. Before and after the initial system security accreditation
D. During the system design phase
B. After the initial system security authorization
Which of the following professionals plays the role of a monitor and takes part in
the organizations configuration management process?
A. Senior Agency Information Security Officer
B. Authorizing Official
C. Common Control Provider
D. Chief Information Officer
C. Common Control Provider
What is the potential impact if the loss of confidentiality, integrity, or availability
could be expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, individuals, other organizations,
or the national security interests of the United States?
A. Low
