CAP Cheat Sheet 2026
The 30 highest-yield CAP facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
125 questions
180 min time limit
70.00% to pass
- Which of the following helps protect data from loss or corruption? → Performing regular data backups
- What is the purpose of an access control list (ACL)? → To define and enforce access permissions
- What is the importance of staying current with trends in Network Security Fundamentals for Certified Authorization Professional? → It ensures practices remain effective and relevant
- What is the importance of staying current with trends in Cryptography & Encryption for Certified Authorization Professional? → It ensures practices remain effective and relevant
- Why is a security assessment critical in risk management? → To identify vulnerabilities before exploitation
- NIST SP 800-18 provides guidance on which RMF artifact? → System Security Plan development
- NIST SP 800-34 recommends that contingency plans be tested at what minimum frequency? → Annually
- Which approach best supports quality outcomes in Network Security Fundamentals for Certified Authorization Professional? → Systematic application of evidence-based methods
- In the context of CAP and the RMF, what does the principle of 'least privilege' require? → Users receive only the minimum access rights necessary to perform their job functions
- What is the importance of staying current with trends in Security Operations & Monitoring for Certified Authorization Professional? → It ensures practices remain effective and relevant
- Which access control principle ensures users only have the minimum necessary permissions? → Principle of Least Privilege (PoLP)
- Which security architecture concept describes using role assignments rather than individual user identities to determine access rights? → Role-Based Access Control (RBAC)
- Which element must be included in a POA&M entry to satisfy FISMA reporting requirements? → Source of the weakness, scheduled completion date, and responsible point of contact
- Which access control model evaluates multiple attributes (user, resource, environment) dynamically to make access decisions? → Attribute-Based Access Control (ABAC)
- Which skill is most important for success in Cloud Security Architecture within Certified Authorization Professional? → Continuous learning and adaptation
- What is a fundamental principle of Network Security Fundamentals in Certified Authorization Professional practice? → Following established standards and best practices
- What is the role of documentation in Security Operations & Monitoring for Certified Authorization Professional? → It provides an accurate record for accountability and reference
- Which NIST publication provides the catalog of security and privacy controls used to populate an SSP for federal systems? → NIST SP 800-53
- Which security architecture principle ensures that no single individual can complete a sensitive or critical process alone? → Separation of duties
- What is the primary purpose of a Plan of Action and Milestones (POA&M) in the RMF process? → To track and remediate identified security weaknesses and deficiencies
- What is the importance of staying current with trends in Incident Response & Recovery for Certified Authorization Professional? → It ensures practices remain effective and relevant
- How does multi-factor authentication (MFA) improve data security? → It adds multiple verification layers
- Which skill is most important for success in Security Operations & Monitoring within Certified Authorization Professional? → Continuous learning and adaptation
- What is the role of mentoring in Certified Authorization Professional professional development? → Guiding and supporting professional growth through experience sharing
- Which approach best supports quality outcomes in Cryptography & Encryption for Certified Authorization Professional? → Systematic application of evidence-based methods
- Who is responsible for signing and issuing an Authorization to Operate (ATO) for a federal information system? → Authorizing Official (AO)
- What is the purpose of a risk assessment in cybersecurity? → To evaluate threats and vulnerabilities
- An organization's contingency plan requires offsite storage of backup media. The primary security concern driving this requirement is which of the following? → Ensuring data survives a localized disaster that destroys the primary site
- Which authorization type allows a system to operate with identified weaknesses while remediation is in progress? → Interim Authorization to Operate (IATO)
- What is a fundamental principle of Cryptography & Encryption in Certified Authorization Professional practice? → Following established standards and best practices
Turn these facts into recall: