ISC2 Certified in Governance, Risk and Compliance (CGRC) - ISC2 Actual Exam Questions
Last updated on April 30, 2026
Which of the following is not part of the contents of a PO&Ms? Response:
Scheduled completion date
Resources required
Recommended actions and milestones
Rules of engagement
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which of the following processes is used to protect the data based on its secrecy, sensitivity, or confidentiality? Response:
Change Control
Data Hiding
Configuration Management
Data Classification
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
One of the following is a formal document that provides an overview of the security requirements for the information system, describes the system and the security controls in place or planned for meeting those requirements. Response:
Initial Risk Assessment
Security Plan (SP)
Security and Privacy assessment reports
Plan of Action and Milestones (POA&M)
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which of the following are included in Administrative Controls? Each correct answer represents a complete solution. Choose all that apply. Response:
Conducting security-awareness training
Screening of personnel
Monitoring for intrusion
Implementing change control procedures
Developing policy
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Which NIST SP details how RMF can be integrated into the System Development Life-Cycle (SDLC)? Response:
NIST SP 800-37
NIST SP 800-39
NIST SP 800-53
NIST SP 800-37A
to join the discussion
No discussions yet. Be the first to ask!
Delete Comment
Are you sure? This action cannot be undone.
Finish Practice?
Are you sure you want to finish? This will end your practice session.