Free ISC2 CGRC Exam Questions

Become ISC2 Certified with updated CGRC exam questions and correct answers

Page: 1 / 79

Total 393 Questions | Updated On: Jan 08, 2025

Add To Cart

Question 1

Which of the following is the MOST challenging aspect of asset identification in the context of information security risk management?

A : Identifying all assets within the organization's network

B : Determining the value of each asset in terms of its importance to the organization

C : Identifying and categorizing assets based on their criticality to the organization's operations

D : Determining the level of risk associated with each asset

Answer: A

Question 2

Which of the following is true about common controls?

A : Common controls promote more cost-effective and consistent information security across the organization

B : Common controls are easier to implement

C : Common controls are the same as hybrid controls

D : Common controls cannot be implemented in the cloud

Answer: A

Question 3

A system owner is considering the use of compensating controls to address a specific vulnerability. What factor should be taken into account when selecting compensating controls?

A : The cost of implementing the compensating controls

B : The ability of the compensating controls to mitigate the risk

C : The preferences of the system owner

D : The expertise of the information security officer

Answer: B

Question 4

ABC Corporation is considering implementing a new information system that will be critical to its business operations. The system is expected to cost $1 million to implement, and will be used to process sensitive customer information. The chief information officer (CIO) is concerned about the risks associated with the new system, and wants to ensure that the organization's risk appetite is taken into account. Which of the following factors should be considered when determining the risk appetite for the new system?

A : The cost of implementing additional security controls

B : The impact on the organization's reputation if the system is compromised

C : The risk management knowledge of the system owners

D : The level of risk tolerance among the organization's employees

Answer: B

Question 5

What are the objectives of the Prepare step in the NIST RMF framework?

A : Facilitating better communication between senior leaders and executives at the organization and mission and business process levels and system owners

B : Facilitating organization-wide identification of common controls and the development of organizationally tailored control baselines, reducing the workload on individual system owners and the cost of system development and asset protection

C : Reducing the complexity of the information technology and operations technology infrastructure using enterprise architecture concepts and models to consolidate, optimize, and standardize organizational systems, applications, and services

D : Ensuring that the implemented security controls continue to provide the intended level of protection for the information system and its data throughout the system's lifecycle.

E : Identifying, prioritizing, and focusing resources on the organizationâ€™s high-value assets and high impact systems that require increased levels of protection and taking steps commensurate with the risk to such assets.

Answer: A,B,C,E

Page: 1 / 79

Total 393 Questions | Updated On: Jan 08, 2025

Add To Cart