CAP Exam Review

erikav1523

What 8 week course did you take for CAP?

cicumag

I took the CAP last week and can say this information is still very accurate. I failed with a 692/700. Unfortunately I took a boot camp through work and focused on a lot of things that we not on the test. What others have been saying is accurate, follow the NIST guides and you should be good to go. I followed the boot camp info more than this and that is why I failed. Also, if you do fail you have to wait 30 days before a retake.

I will say, if you perform A&A or deal with RMF at all in your position this test and material is extremely helpful. The CISSP is a great HR boost but this test will directly help you with your position. It's good material.

talbert80

I took the exam on 1/13 and passed. In all fairness, I have the SSCP, HCISPP, CISSP, and worked in information security governance and program mgmt the past 7 years. I also teach the Certification Authorization Professional prep course this semester at Wayne County Community College. I concur with everyone's responses. I used the NIST Special Publications and FIPS 199/200/SP800-60/800-28, skimmed over the DOD 8500 series, OMB circular A-130, and the glanced over ISC2 study guide as a starting point. I hardened my focus on NIST RMF 800-37 (Risk Management Framework), Risk Management, an organizational view 800-39 (tiers of risk - organizational, business process, information system), and SDLC 800-64 (System Development Lifecycle). For each successive steps of the RMF, you will need to understand configuration mgmt 800-128, continuous monitoring 800-137, Business Continuity 800-35, NIST 800-53/53a control families/common/ inherited controls, "high water mark", appendices in 800-37/800-64 (tasks at each step, roles and responsibilities, definitions, how each SP aligns to each step, how each SDLC task correlates to the RMF, and acronyms). You will need to understand the governance, risk, and compliance process, assessment tasks per 800-53a (interview, examine, test), identify key deliverables at each step and phase, what an authorization package contains, sign off,
determine appropriate controls and related tailoring based on system categorization, and expected output of controls. Also know the difference between minimum baseline control, compensating control, and control engagements.

talbert80

That's control enhancements not engagements.....

Rinzler

Great information. I hope to take CAP in the near future.

Congrats on passing CAP, sir.

Flyslinger2

Can someone explain the CIB acronym? I'm new to this subject field.

Thanks

JayLQue

Candidate Information Bulletin

here is a link to download it

https://h20195.www2.hpe.com/v2/GetPDF.aspx/c04756323.pdf

roninkai

Anyone have updated (for 2021) study methods/resources/notes based on updated exam weights/objectives for this? I have 10 days to cram/pass. I do have extensive RMF experience and have read thru many of the publications in the past. But the information is not fresh in my head. I need to take the shortest path possible. I wish there was a decent audible course on this. There used to be in Cybrary, but its gone. The thought of reading all those NIST SPs over the next few days makes my head spin.