Certified Administrative Professional (CAP) Practice Exam 2026 – Your All-in-One Guide to Exam Mastery!

The correct phase during which a system risk assessment is conducted is during the Development/Acquirement phase. In this phase, the focus is on designing and building the system, and identifying any potential risks associated with the system's components, architecture, and processes becomes critical. Conducting a risk assessment involves evaluating potential vulnerabilities and threats that could impact the system’s security, functionality, and overall success.

In the Development/Acquirement phase, stakeholders have the opportunity to assess these risks, apply risk management strategies, and make informed decisions on the design, acquisition, or development processes that can mitigate these risks effectively. This proactive approach ensures that the resulting system meets organizational objectives and adheres to quality and security standards.

Other phases such as Maintenance, Implementation, and Planning also involve discussions of risks, but none is as critical for thorough risk assessment as the Development/Acquirement phase. During Planning, assumptions about risks are made, while in Implementation, the focus is on deploying the system rather than assessing risks. Maintenance addresses ongoing issues but is not primarily concerned with the initial assessment of risks in the system's architecture.