Certified Authorization Professional

Here you have the best ISC CAP practice exam questions

You have 395 total questions to study from
Each page has 5 questions, making a total of 79 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 13, 2025
This site is not affiliated with or endorsed by ISC.

Question 1 of 395

Which of the following professionals plays the role of a monitor and takes part in the organization's configuration management process?

Senior Agency Information Security Officer

Authorizing Official

Common Control Provider

Chief Information Officer

Correct Answer: C

Question 2 of 395

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer?
Each correct answer represents a complete solution. Choose all that apply.

Preserving high-level communications and working group relationships in an organization

Facilitating the sharing of security risk-related information among authorizing officials

Establishing effective continuous monitoring program for the organization

Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

Correct Answer: A, C, D

Question 3 of 395

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?
Each correct answer represents a complete solution. Choose all that apply.

An ISSE provides advice on the impacts of system changes.

An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).

An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

An ISSO takes part in the development activities that are required to implement system changes.

An ISSE provides advice on the continuous monitoring of the information system.

Correct Answer: A, C, E

Question 4 of 395

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process?

Information system owner

Authorizing Official

Chief Risk Officer (CRO)

Chief Information Officer (CIO)

Correct Answer: A

Question 5 of 395

Which of the following assessment methodologies defines a six-step technical security evaluation?

FITSAF

FIPS 102

OCTAVE

DITSCAP

Correct Answer: B