Free ISC2 CGRC Exam Questions

Become ISC2 Certified with updated CGRC exam questions and correct answers

Page: 1 / 79

Total 393 Questions | Updated On: Jul 29, 2025

Add To Cart

Question 1

Which of the following is the MOST challenging aspect of asset identification in the context of information security risk management?

A : Identifying all assets within the organization's network

B : Determining the value of each asset in terms of its importance to the organization

C : Identifying and categorizing assets based on their criticality to the organization's operations

D : Determining the level of risk associated with each asset

Answer: A

Question 2

In the prepare step of the NIST RMF, which of the following should be established to ensure an effective risk management process?

A : A communication process for risk-related information

B : A continuous monitoring strategy

C : A system security plan

D : An incident response plan

Answer: A

Question 3

DEF Corporation is considering the implementation of a new software application. What is the role of security requirements in the SDLC?

A : To ensure that the software application is reliable and performs as intended

B : To identify and mitigate security risks associated with the software application

C : To design the software application and its features

D : To test the software application for defects and errors

Answer: B

Question 4

What is the main purpose of system categorization?

A : Determine if the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization.

B : Inform organizational risk management processes and tasks by determining the adverse impact with respect to the loss of confidentiality, integrity, and availability of systems and the information processed, stored, and transmitted by those systems

C : Carry out essential activities to help prepare all levels of the organization to manage its security and privacy risks using the RMF

D : Maintain ongoing situational awareness about the security and privacy posture of the system and organization to support risk management decisions

Answer: B

Question 5

Which of the following is a key factor in the success of a security awareness and training program?

A : Use of technical jargon and complex language

B : Delivery of training in a one-time, stand-alone format

C : Alignment with organizational goals and culture

D : Restriction of training to high-risk employees only

Answer: C

Page: 1 / 79

Total 393 Questions | Updated On: Jul 29, 2025

Add To Cart