Certified Authorization Professional (CAP) — Question 28

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

Answer options

• A. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
• B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• C. Certification is the official management decision given by a senior agency official to authorize operation of an information system.
• D. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

Correct answer: A, D

Explanation

Option A is correct as it accurately defines accreditation as the official authorization by a senior official. Option D is also correct because it describes certification as a comprehensive assessment of security controls. Option B is incorrect because it describes accreditation instead of certification, and option C incorrectly defines certification as the official authorization, which is actually the role of accreditation.