The CAP exam is comprised of 125 items and the testing time is allowed for three hours. It is a computer-based test (CBT). Items in the exam are four-option multiple choice items with one correct key. At the end of the exam administration, candidates receive their pass/fail decision. Failing candidates receive feedback on their exam performance by domains; however, candidates who pass the exam receive their congratulatory letter describing their next step in acquiring the credential.
CAP exam is updated on a regular basis by conducting job task analysis every three years and by writing and pretesting many items throughout the year to maintain a robust item bank.
The CISSP exam requires candidates to demonstrate the following knowledge, skills and abilities: Information Security Risk Management Program (15%); Categorization of Information Systems (IS) (13%); Selection of Security Controls (13%); Implementation of Security Controls (15%); Assessment of Security Controls (14%); Authorization of Information Systems (14%); and Continuous Monitoring (16%).