CGRC Practice Test: ISC2 CGRC Certification Sample Questions correctly answered

CGRC Practice Test: ISC2 CGRC
Certification Sample Questions

01. According to the Risk Management Framework (RMF), which role has a primary responsibility to
report the security status of the information system to the authorizing official (AO) and other
appropriate organizational officials on an ongoing basis in accordance with the monitoring strategy?



a) Information system security officer (ISSO)

b) Common control provider

c) Independent assessor

d) Senior information assurance officer (SIAO) - correct answer ✔✔b) Common control provider



02. Which authorization approach considers time elapsed since the authorization results were produced,
the environment of operation, the criticality/sensitivity of the information, and the risk tolerance of the
other organization?



a) Leveraged

b) Single

c) Joint

d) Site specific - correct answer ✔✔a) Leveraged



03. When should the information system owner document the information system and authorization
boundary description in the security plan?



a) After security controls are implemented

b) While assembling the authorization package

c) After security categorization

d) When reviewing the security control assessment plan - correct answer ✔✔c) After security
categorization