Free ISC2 CGRC Exam Questions

Become ISC2 Certified with updated CGRC exam questions and correct answers

Page: 1 / 79

Total 393 Questions | Updated On: Apr 28, 2026

Add To Cart

Question 1

True or False: During control selection, all controls may be specialized with tailoring.

A : TRUE

B : FALSE

Answer: B

Question 2

In the NIST RMF, who is responsible for developing the system security plan and ensuring that the appropriate security controls are selected and implemented?

A : System owner

B : Information security officer

C : Authorizing official

D : Security control assessor

Answer: A

Question 3

In the prepare step of the NIST RMF, which of the following should be established to ensure an effective risk management process?

A : A communication process for risk-related information

B : A continuous monitoring strategy

C : A system security plan

D : An incident response plan

Answer: A

Question 4

A small organization has limited resources and is struggling to implement all of the necessary NIST SP 800-53 security controls. Which of the following is the BEST approach for the organization?

A : Implement only those controls that are required by regulation or policy

B : Implement only those controls that are relevant to the organization's risk management strategy

C : Implement only those controls that are easy to implement

D : Outsource the implementation of all security controls to a third-party vendor

Answer: B

Question 5

Which of the following is a key consideration when implementing security controls for an information system?

A : The system's hardware and software components

B : The budget and resource constraints of the organization

C : The potential risks to the information system

D : The organizational structure of the system's users

Answer: C

Page: 1 / 79

Total 393 Questions | Updated On: Apr 28, 2026

Add To Cart