Certified Authorization Professional (CAP) Practice Exam
Certified Authorization Professional (CAP) Practice Exam
4.5(206 ratings)
894 Learners
What’s Included
No. of Questions259
AccessImmediate
Access DurationLife Long Access
Exam DeliveryOnline
Test ModesPractice, Exam
Certified Authorization Professional (CAP) Practice Exam
The Certified Authorization Professional (CAP), recently renamed to Certified in Governance, Risk and Compliance (CGRC), is a vendor-neutral certification that validates your knowledge and skills in managing information systems authorization processes. It's particularly relevant for individuals involved in information security, risk management, and governance within organizations.
Who should consider the CGRC (Formerly CAP) Certification?
This certification is ideal for:
Information security professionals: Security analysts, security administrators, and risk management professionals looking to specialize in authorization.
IT auditors: Individuals performing audits related to information security controls and authorization processes.
Compliance professionals: Those responsible for ensuring compliance with regulations and standards that require proper authorization of information systems.
Anyone seeking to advance their career in information security, risk management, or governance.
Key Roles and Responsibilities:
Individuals with the CGRC certification may be involved in various tasks, including:
Assessing and classifying information systems based on their security requirements and potential risks.
Implementing and maintaining the Risk Management Framework (RMF), the U.S. government's framework for managing information security risk.
Developing and reviewing security controls to mitigate identified risks.
Authorizing information systems for operation, ensuring they meet the required security standards.
Monitoring and auditing security controls to ensure their effectiveness.
Exam Details (for CGRC):
Exam Name: Certified in Governance, Risk and Compliance (CGRC)
Exam Provider: (ISC)²
Format: Multiple-choice questions
Number of Questions: 125
Duration: 180 minutes
Passing Score: 70%
Delivery: Testing center or online proctored
Course Outline
Domain 1. Information Security Risk Management Program 15%
1.1 Understand the Foundation of an Organization-Wide Information Security Risk Management Program
Principles of information security
National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
RMF and System Development Life Cycle (SDLC) integration
Information System (IS) boundary requirements
Approaches to security control allocation
Roles and responsibilities in the authorization process
1.2 Understand Risk Management Program Processes
Enterprise program management controls
Privacy requirements
Third-party hosted Information Systems (IS)
1.3 Understand Regulatory and Legal Requirements
Federal information security requirements
Relevant privacy legislation
Other applicable security-related mandates
Domain 2. Categorization of Information Systems (IS) 13%
2.1 Define the Information System (IS)
Identify the boundary of the Information System (IS)
Describe the architecture
Describe Information System (IS) purpose and functionality
2.2 Determine Categorization of the Information System (IS)
Identify the information types processed, stored, or transmitted by the Information System (IS)
Determine the impact level on confidentiality, integrity, and availability for each information type
Determine Information System (IS) categorization and document results
Domain 3. Selection of Security Controls 13%
3.1 Identify and Document Baseline and Inherited Controls
3.2 Select and Tailor Security Controls
Determine applicability of recommended baseline
Determine appropriate use of overlays
Document applicability of security controls
3.3 Develop Security Control Monitoring Strategy
3.4 Review and Approve Security Plan (SP)
Domain 4. Implementation of Security Controls 15%
4.1 Implement Selected Security Controls
Confirm that security controls are consistent with enterprise architecture
Coordinate inherited controls implementation with common control providers
Determine mandatory configuration settings and verify implementation (e.g., United States Government Configuration Baseline (USGCB), National Institute of Standards and Technology (NIST) checklists, Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIGs), Center for Internet Security (CIS) benchmarks)
Determine compensating security controls
4.2 Document Security Control Implementation
Capture planned inputs, expected behavior, and expected outputs of security controls
Verify documented details are in line with the purpose, scope, and impact of the Information System (IS)
Obtain implementation information from appropriate organization entities (e.g., physical security, personnel security)
Domain 5. Assessment of Security Controls 14%
5.1 Prepare for Security Control Assessment (SCA)
Determine Security Control Assessor (SCA) requirements
Establish objectives and scope » Determine methods and level of effort
Determine necessary resources and logistics
Collect and review artifacts (e.g., previous assessments, system documentation, policies)
Finalize Security Control Assessment (SCA) plan
5.2 Conduct Security Control Assessment (SCA)
Assess security control using standard assessment methods
Determine which documents require updates based on results of the continuous monitoring process
7.5 Perform Periodic Security Status Reporting
Determine reporting requirements
7.6 Perform Ongoing Information System (IS) Risk Acceptance
Determine ongoing Information System (IS)
7.7 Decommission Information System (IS)
Determine Information System (IS) decommissioning requirements
Communicate decommissioning of Information System (IS)
What We Offer?
Full-Length Mock Tests that include unique, exam-style questions to help you practice under real conditions.
Section-Wise Practice Questions for reviewing topic-based questions and instantly see where you stand in every section.
Detailed answers with a clear and thorough explanation to help you understand the concept, not just memorize answers.
Get a complete breakdown of your strengths, weaknesses, and progress after every attempt.
All question sets reflect the latest exam syllabus and format.
Unlimited Access to Practice anytime, as often as you want - no time limits or hidden restrictions.
100% Pass Guarantee
We have built the Practice Exams with a 100% unconditional Test Pass Guarantee!
If you are unable to clear the exam, you can request a full refund guaranteed.