nerdexam
ExamsCGRCQuestions#396
(ISC)2(ISC)2

CGRC · Question #396

CGRC Question #396: Real Exam Question with Answer & Explanation

The correct answer is A: Designated Representative (DR). The Approving/Authorization Authority can appoint a Designated Representative to act on their behalf within the Risk Management Framework.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which RMF role can be appointed at the discretion of the Approving/Authorization Authority? Response:

Options

  • ADesignated Representative (DR)
  • BSystem Development Life-Cycle (SDLC)
  • CRisk Management Framework (RMF)
  • DPlan of Action and Milestones (POAM)

Explanation

The Approving/Authorization Authority can appoint a Designated Representative to act on their behalf within the Risk Management Framework.

Common mistakes.

  • B. SDLC (System Development Life-Cycle) is a process, not a role.
  • C. RMF (Risk Management Framework) is a process, not a role.
  • D. POAM (Plan of Action and Milestones) is a document or management tool, not a role.

Concept tested. NIST RMF roles (Designated Representative)

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf

Topics

#RMF Roles#Authorization Authority#Designated Representative#NIST SP 800-37

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CGRC PracticeBrowse All CGRC Questions