CGRC Exam Questions
724 real CGRC exam questions with expert-verified answers and explanations. Page 15 of 15.
- Question #703Selection and Approval of Framework, Security, and Privacy Controls
Which of the following statements about role-based access control (RBAC) model is true? Response:
Role-Based Access Control (RBAC)Access Control ModelsSecurity Controls - Question #704Assessment/Audit of Security and Privacy Controls
There are different types of control assessments depending on the assessment objectives. Which of the following is not a type of control assessments? Response:
Control Assessment TypesRisk AssessmentAuditVerification and Validation - Question #705Assessment/Audit of Security and Privacy Controls
Which of the following are the objectives of the security certification documentation task? Each correct answer represents a complete solution. Choose all that apply. Response:
Security CertificationRMF DocumentationPOAMAccreditation Package - Question #706Implementation of Security and Privacy Controls
Authorization to process should occur during what phase of the SDLC? Response:
SDLCRMFAuthorization to OperateSystem Lifecycle - Question #707Security and Privacy Governance, Risk Management, and Compliance Program
What is BRM? Response:
Business Reference Model (BRM)FrameworksGovernance Concepts - Question #708Security and Privacy Governance, Risk Management, and Compliance Program
Which publication primarily targets activities in Tier 3 of Risk Management approach/pyramid? Response:
NIST RMFRisk Management TiersNIST SP 800-37Compliance Guidance - Question #709Security and Privacy Governance, Risk Management, and Compliance Program
The Security Category that primarily deals with ensuring timely and reliable access to information. Response:
CIA TriadAvailabilityInformation Security PrinciplesSecurity Categories - Question #710Assessment/Audit of Security and Privacy Controls
What type of testing is the Evaluation thru operation, movement, or adjustment under specific conditions to determine control success? Response:
Control Testing MethodsDemonstrationControl AssessmentEffectiveness Testing - Question #711Security and Privacy Governance, Risk Management, and Compliance Program
What is NIST SP 800-37 R1? Response:
NIST SP 800-37 R1Risk Management FrameworkRMFFederal Information Systems - Question #712Security and Privacy Governance, Risk Management, and Compliance Program
An official authorization decision that allows for a single authorization package to be developed for an archetype (i.e., common) version of a system. This best defines which of th...
Type authorizationAuthorization decisionRisk managementCommon systems - Question #713Scope of the System
The RMF Step and task where the System Security Plan is initially approved by the AO or AODR. Response:
RMF StepsSystem Security PlanAuthorizing OfficialNIST RMF - Question #714Security and Privacy Governance, Risk Management, and Compliance Program
Managing information security risk from an organization-wide perspective has to do with the following processes except one. Choose the exception. Response:
Risk Management ProcessFraming RiskAssessing RiskResponding to Risk - Question #715Security and Privacy Governance, Risk Management, and Compliance Program
The potential impact is high if-The loss of confidentiality, integrity, or availability could be expected to have a.......................... Response:
Risk impact levelsCIA lossAdverse effectsOrganizational impact - Question #716Security and Privacy Governance, Risk Management, and Compliance Program
What tools is MOST appropriate to assess whether information security governance objectives are being met? Response:
Balanced ScorecardGovernance assessmentPerformance measurementSecurity governance - Question #717Assessment/Audit of Security and Privacy Controls
The Security Content Automation Protocol (SCAP) is a method for which of the following? Response:
SCAPSecurity AutomationCompliance DocumentationSecurity Controls - Question #718Security and Privacy Governance, Risk Management, and Compliance Program
An organizational official responsible for the development, implementation, assessment, and monitoring of security controls inherited by information systems is called... Response:
Common ControlsOrganizational RolesRisk Management Framework (RMF)Inherited Controls - Question #719Compliance Maintenance
In accordance with the organizational continuous monitoring strategy, the results of monitoring activities are documented and reported to: Response:
Continuous MonitoringReportingRoles and ResponsibilitiesAuthorizing Official - Question #720Assessment/Audit of Security and Privacy Controls
A planning estimate for the amount of days that it takes to assess a Moderate system is ___ - ___ days. Response:
System AssessmentPlanning EstimatesModerate SystemAssessment Duration - Question #721Security and Privacy Governance, Risk Management, and Compliance Program
You are the project manager of the NKJ Project for your company. The project's success or failure will have a significant impact on your organization's profitability for the coming...
Risk ManagementRisk ToleranceRisk Utility Function - Question #722Implementation of Security and Privacy Controls
Which of the following individuals is responsible for configuration management and control task? Response:
Roles and ResponsibilitiesInformation System OwnerConfiguration ManagementNIST RMF - Question #723Security and Privacy Governance, Risk Management, and Compliance Program
What is not a responsibility of the Risk Executive (Function) in an organization's ISCM? Response:
Risk ExecutiveISCMRoles and ResponsibilitiesGovernance - Question #724Assessment/Audit of Security and Privacy Controls
When SCA conducted assessments are conducted in parallel with system development/acquisition & implementation; it "does not" permit early identification of weaknesses & cost-effect...
Security Control Assessment (SCA)SDLC IntegrationEarly Weakness IdentificationCost-effective Remediation - Question #725Scope of the System
A complex system of systems composed of subsystems and services that are part of a continuously evolving, complex community of people, devices, information and services interconnec...
Net-Centric ArchitectureSystem ArchitectureSystem of SystemsInformation Sharing - Question #726Implementation of Security and Privacy Controls
What is RMF Step 3? Response:
RMF StepsNIST RMFControl ImplementationSP 800-37