Free ISC2 CGRC Exam Questions

Become ISC2 Certified with updated CGRC exam questions and correct answers

Page: 1 / 79

Total 393 Questions | Updated On: Jun 16, 2025

Add To Cart

Question 1

In the NIST RMF, who is responsible for developing the system security plan and ensuring that the appropriate security controls are selected and implemented?

A : System owner

B : Information security officer

C : Authorizing official

D : Security control assessor

Answer: A

Question 2

Which of the following is a key factor in the success of a security awareness and training program?

A : Use of technical jargon and complex language

B : Delivery of training in a one-time, stand-alone format

C : Alignment with organizational goals and culture

D : Restriction of training to high-risk employees only

Answer: C

Question 3

The purpose of the asset identification task is to identify assets that require protection. Which of the following is not a potential input for this task?

A : Internal stakeholders

B : System information

C : System security plan

D : Business impact analysis

Answer: C

Question 4

In the prepare step of the NIST RMF, which of the following should be established to ensure an effective risk management process?

A : A communication process for risk-related information

B : A continuous monitoring strategy

C : A system security plan

D : An incident response plan

Answer: A

Question 5

A system owner is considering the use of compensating controls to address a specific vulnerability. What factor should be taken into account when selecting compensating controls?

A : The cost of implementing the compensating controls

B : The ability of the compensating controls to mitigate the risk

C : The preferences of the system owner

D : The expertise of the information security officer

Answer: B

Page: 1 / 79

Total 393 Questions | Updated On: Jun 16, 2025

Add To Cart