Certified in Governance Risk and Compliance (CGRC) Free Practice Test

Question 1

Which of the following emphasizes the importance of continuous monitoring by requiring agencies to conduct control assessments at a frequency appropriate to risk but no less than annually?
Response:

A. OMB memorandum M-11-33, FY 2011

B. Clinger-Cohen Act

C. FISMA, 2002

D. OMB Circular A-130, Appendix III, 1997

Correct Answer: C

Question 2

Assessment plans should be prepared _______ of the testing and forwarded to all involved for review and approval.
Response:

A. Quickly

B. Well in advance

C. At the end

D. Within 24 hrs of start

Correct Answer: B

Question 3

Documenting the description of the system in the system security plan is the primary responsibility of which Risk Management Framework (RMF) role?
Response:

A. Information system owner

B. Information system security officer (ISSO)

C. Authorizing official (AO)

D. Information owner

Correct Answer: A

Question 4

What publication provides a wide range of security controls as a basis for mitigation measures?
Response:

A. NIST SP 800-39

B. NIST SP 800-60

C. NIST SP 800-53

D. NIST SP 800-37

Correct Answer: C

Question 5

The Security Category that guards against the improper modification or destruction of information and includes ensuring information non-repudiation & authenticity.
Response:

A. Availability

B. Authenticity

C. Confidentiality

D. Integrity

Correct Answer: D

Question 6

Wendy is about to perform qualitative risk analysis on the identified risks within her project. Which one of the following will NOT help Wendy to perform this project management activity?
Response:

A. Risk management plan

B. Stakeholder register

C. Risk register

D. Project scope statement

Correct Answer: B

Question 7

In accordance with NIST SP 800-59 a National Security System is a system that its function, operation, or use must fulfil some of the following criteria.
CHOOSE ALL THAT APPLY.
Response:

A. Involves command and control of military forces

B. Involves equipment that is an integral part of a weapon or weapons system

C. Involves cryptologic activities related to national security

D. Invove intelligence activities

Correct Answer: A,B,C,D

Question 8

Test Results should be shown as "meeting standards" or "not meeting standards"; or in short
________, _______.
Response:

A. Good, bad

B. True, false

C. Yes, no

D. Pass, fail

Correct Answer: D

Question 9

An organization conducts one of the following analyses to determine if their system processes personally identifiable information Response:

A. Business Impact Analysis

B. Privacy Impact Analysis (PIA)

C. Privacy Threshold Analyes (PTA)

D. Risk Assessment

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function best defines which of the following?
Response:

A. Criticality

B. Confidentiality

C. Sensitivity

D. Assurance

Correct Answer: A

Welcome to TestSimulate

ISC Certified in Governance Risk and Compliance (CGRC) Free Practice Test