The Certified Authorization Professional (CAP) certification exam is one of the most-demanded and industry-leading IT certifications. To qualify for this exam, the candidates must fulfill the eligibility requirements, including two years of cumulative, full-time paid work experience in one or more of the seven domains of the CAP CBK. In addition, the candidates should also be aware of some essential information before applying for the CAP exam.

In this article, we will examine which security practitioners who take the CAP exam, the process for applying for the CAP exam, CAP exam questions and passing score, CAP domains both before and after October 15th, 2018, and CAP exam preparation and training guidelines.

Who Should Take the CAP Exam?

According to (ISC)2, “taking a CAP exam is ideal for IT, information security, information assurance contractors and practitioners who use the Risk Management Framework (RMF) in local governments, the U.S. federal government (such as U.S. Department of Defense or Department of State), private sector organizations, the military, or civilian roles (such as federal contractors).”

As a matter of fact, IT risk is the key factor of uncertainty in any enterprise. Therefore, organizations want to identify, mitigate or eliminate risks before they become really big nightmares. Companies’ ability to manage risk will assist them to act more confidently and ensure business continuity.

According to CareersinAudit in 2013: “Risk management is essential in a company because, without it, a business cannot possibly define its objectives for the future.” CareersinAudit also adds that many organizations have developed separate teams for their risk management departments. These departments or companies have opened the floodgates of new jobs in the IT marketplace. The rewards of risk management jobs are also very high  in terms of salaries, because risk professionals play a pivotal role in enterprises. According to the CertMag Salary Survey 2018, the average salary of the CAP is the $131,100.

CAP Exam Details

How Do You Apply for the CAP Exam?

You can apply for the CAP exam at the Pearson VUE website. The Pearson VUE is (ISC)2’s global partner and administrator of all (ISC)2 exams. Pearson VUE conducts innovative computer-based testing solutions through a secure electronic test delivery. To schedule your exam:

Once you complete the registration at Pearson VUE, your registration details are automatically sent to the (ISC)2. After that, you will receive the confirmation email from Pearson VUE about your successful registration process. This email covers your appointment details, testing location and all other instructions related to your exam. Pearson VUE also allows candidates to register through the phone. If you want to find the phone number for your region, you can visit the Pearson VUE site.

In some cases, you may need to cancel or reschedule your exam. Doing so requires you to contact Pearson VUE either through phone or online. If you are canceling by phone, you must inform Pearson VUE at least 24 hours prior to your exam. If you cancel online, then the period is 48 hours before the exam. Pearson VUE charges you a cancellation fee of U.S. $100 and rescheduling fee of U.S. $50.

How Many Questions Are on the CAP Exam?

The CAP exam has 125 multiple-choice questions, and he candidates have to complete the exam within 3 hours. The exam is available only in the English language at present.

How Is the CAP Exam Scored?

You need to secure 700 points out of 1000 to pass your CAP certification exam. During and after the certification exam, the candidates must adhere to the (ISC)2 Code of Ethics; otherwise, your certification can be revoked even after passing the exam.

What Topics Are on the CAP Exam?

The CAP examination evaluates your expertise across seven domains. (ISC)2 has introduced an updated version of CAP Common Body of Knowledge (CBK), which is applicable after October 15th, 2018. However, if your exam if before October 15th, 2018, you should follow the older version of CAP CBK which is given below:

CAP Domains Weight
Domain 1: Risk Management Framework (RMF) 20%
Domain 2: Categorization of Information Systems 8%
Domain 3: Selection of Security Controls 13%
Domain 4: Security Control Implementation 10%
Domain 5: Security Control Assessment 19%
Domain 6: Information System Authorization 13%
Domain 7: Monitoring of Security Controls 17%
Total: 100%

However, if your exam is after October 15th, 2018, then you need to follow the latest version of CAP CBK, which is given below:

CAP Domains Weight
Domain 1: Information Security Risk Management Program 15%
Domain 2: Categorization of Information Systems (IS) 13%
Domain 3: Selection of Security Controls 13%
Domain 4: Implementation of Security Controls 15%
Domain 5: Assessment of Security Controls 14%
Domain 6: Authorization of Information Systems (IS) 14%
Domain 7: Continuous Monitoring 16%
Total: 100%

CAP Exam Preparation and Training

Attempting to pass via last-minute cramming is not the best approach in studying for your CAP exam. To help sort out your time management for your CAP exam, you need to set up a timetable and choose a peaceful environment for your study. Once you have been fully prepared for your CAP exam, you need to take the mock tests before appearing for the actual exam. A mock test will help you to figure out your weaknesses and identify the areas that need improvement.

Wasting time on irrelevant resources can be stressful and fruitless. Therefore, you must study (ISC)2 Self-Study Resources to best prepare for your CAP exam.

You can take part in InfoSec’s 3-day CAP Training Boot Camp. This process concentrates on gearing up candidates through extensive mentoring and drill sessions, review of the entire CAP CBK and practical question-and-answer scenarios, all through the high-energy seminar approach.


The Certified Authorization Professional (CAP) is the cybersecurity practitioner who is looking to advance his/her career in information security and risk management. These IT security controls are vital for almost every public and private organization, as IT systems are everywhere. To prevent or mitigate the impact of IT risks, organizations are highly looking for CAP-certified professionals.

CAPs have innumerable career opportunities in the IT marketplace. However, if you do not hold a CAP Certification, you can apply for the CAP exam at Pearson VUE website and complete your registration process. After that, you need to get CAP Training which is indispensable for every student. And you can take part in InfoSec’s 3-day CAP Training Boot Camp to best prepare for the CAP exam. Good luck with your certification!



CAP – Security Assessment and Authorization Certification, (ISC)2

Requesting Special Accommodation, (ISC)2

(ISC)2 Self-Study Resources, (ISC)2

The Importance of Risk Management In An Organisation, Careers in Audit

(ISC)2 Certification Testing, Pearson VUE

Salary Survey 2018: An all-new Salary Survey 75, Certification Magazine