ISC2 CGRC Certification Sample Questions

CGRC Dumps, CGRC Dumps, CGRC PDF, CGRC VCE, ISC2 CGRC VCE, ISC2 CGRC PDFThe purpose of this Sample Question Set is to provide you with information about the ISC2 Governance, Risk and Compliance exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CGRC certification test. To get familiar with real exam environment, we suggest you try our Sample ISC2 CGRC Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual ISC2 Certified Governance, Risk and Compliance (CGRC) certification exam.

These sample questions are simple and basic questions that represent likeness to the real ISC2 CGRC exam questions. To assess your readiness and performance with real time scenario based questions, we suggest you prepare with our Premium ISC2 CGRC Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

ISC2 CGRC Sample Questions:

01. An updated risk assessment in response to the security control assessment along with inputs from the risk executive helps to determine and prioritize…
a) Plan of action and milestones
b) Initial remediation actions
c) Failed controls
d) Control reassessments
 
02. What is the purpose of security impact analysis?
a) To determine the extent to which proposed or actual changes to the system or its environment of operation can affect or have affected the system’s security posture
b) To determine the level of impact of the violation of the confidentiality of PII
c) To determine if the information system processes PII
d) Non of the above
 
03. In NIST SP 800-39, risk framing requires that organizations identify:
a) Risk assumption, risk constraints and risk tolerance
b) Risk planning, risk methodology, risk tolerance and risk management
c) Risk assumption, risk constraints, risk tolerance, and priorities and trade-offs
d) Risk planning, risk methodology and risk tolerance
 
04. Which key risk term is defined as any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service?
a) Threat
b) Vulnerability
c) Impact
d) Risk determination
 
05. The determination of whether a system should be deemed a national security system is required by FISMA and supported by which NIST publication?
a) NIST SP 800-70
b) NIST SP 800-69
c) NIST SP 800-60
d) NIST SP 800-59
 
06. There are many prospective risks, categorizes of risk and manners in which risk is evaluated. Federal law requires the consideration of mission, assets, other organizations and:
a) Financial
b) Individuals
c) Policy
d) None of the above
 
07. As identified in NIST SP 800-30, a risk analysis approach can be threat-oriented, vulnerability-oriented and:
a) Impact-oriented
b) Mitigation-oriented
c) Likelihood-oriented
d) Asset/impact-oriented
 
08. The security objectives are:
a) Confidentiality, integrity and availability
b) Confidentiality, integrity and authenticity
c) Confidentiality, sensitivity and availability
d) Risk management, risk mitigation and risk monitoring
 
09. A condition that exists within an organization, a mission or business process, enterprise architecture, information system or environment of operation is known as:
a) A risk
b) A predisposing condition
c) An impact
d) A consequence
 
10. The RMF starting point for architectural description includes the subcomponent of system boundaries, which represents what intended system?
a) The system overseen by the information system owner
b) All other systems within the organization
c) The systems that are immediately adjacent to the intended system
d) The system owned by the authorizing official

Answers:

Question: 01
Answer: b
Question: 02
Answer: a
Question: 03
Answer: c
Question: 04
Answer: a
Question: 05
Answer: d
Question: 06
Answer: b
Question: 07
Answer: d
Question: 08
Answer: a
Question: 09
Answer: b
Question: 10
Answer: c

Note: For any error in ISC2 Certified Governance, Risk and Compliance (CGRC) certification exam sample questions, please update us by writing an email on feedback@edusum.com.

Rating: 4.7 / 5 (446 votes)