Free ISC2 CGRC Exam Questions

Become ISC2 Certified with updated CGRC exam questions and correct answers

Page: 1 / 79

Total 393 Questions | Updated On: Feb 17, 2025

Add To Cart

Question 1

Security controls are assessed for a number of reasons. Which of the following are reasons for assessing security controls? Select all that apply.

A : To ensure that the security and privacy controls for managing risk are in place and producing the desired outcomes

B : To satisfy legal and regulatory requirements and avoid paying a fine.

C : To provide a good source of KPIs to senior management.

D : To provide the authorizing official with the information needed to make an authorization decision

E : To maintain ongoing situational awareness about the security and privacy posture of the system and organization to support risk management decisions

Answer: A,D

Question 2

During the security controls assessment phase, the security control assessor at Ratio Corp is responsible for testing the effectiveness of the security controls. Which of the following is the most important consideration when conducting security control testing?

A : The number of security controls implemented

B : The potential risks to the information system

C : The availability of skilled personnel to conduct the testing

D : The number of positive reviews of the implemented controls

Answer: B

Question 3

Which of the following is NOT a best practice for implementing security controls according to NIST SP 800-53?

A : Implementing security controls in a phased approach

B : Providing security awareness training to personnel

C : Using automated tools to monitor security controls

D : Implementing only those security controls that are required by regulation or policy

Answer: D

Question 4

Which of the following is a key consideration when implementing security controls for an information system?

A : The system's hardware and software components

B : The budget and resource constraints of the organization

C : The potential risks to the information system

D : The organizational structure of the system's users

Answer: C

Question 5

Which of the following statements about OMB Circular A-130 is true?

A : It provides guidance on cybersecurity risk management for federal information systems.

B : It requires organizations to use the RMF to manage privacy risks.

C : It is applicable only to federal agencies in the United States.

D : It does not cover the management of federal information resources.

Answer: B

Page: 1 / 79

Total 393 Questions | Updated On: Feb 17, 2025

Add To Cart