Thanks - that's great to know. Does the CAP go deeply into the intricacies of these other frameworks or mention them as an alternative to manage risk whilst still mainly focusing on RMF?
Also, I have seen a module on security auditing/assessment of controls so wanted to find out if this is derived mainly from the workings of the framework or can it cover more technical risk items?
I can't tell you what is on the exam. However, depending on when you are going to take the exam, download the right outline and it will give you what is covered on the exam.