ISC Certified in Governance Risk and Compliance - CGRC FREE EXAM DUMPS QUESTIONS & ANSWERS]

Question 1

Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified.
It will also define how contingency plans will be implemented by the project team. What document is Frank and the NHH Project team creating in this scenario? Response:

A. Project plan B. Resource management plan C. Risk management plan D. Project management plan

Discussion 0

Correct Answer: C Vote an answer

Question 2

You are preparing to start the qualitative risk analysis process for your project. You will be relying on some organizational process assets to influence the process. Which one of the following is NOT a probable reason for relying on organizational process assets as an input for qualitative risk analysis? Response:

A. Review of vendor contracts to examine risks in past projects B. Information on prior, similar projects C. Studies of similar projects by risk specialists D. Risk databases that may be available from industry sources

Discussion 0

Correct Answer: A Vote an answer

Question 3

The process of determining the security category for information or an information system.
Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems Response:

A. Security Category B. Security Categorization C. Security Controls D. Adequate Security

Discussion 0

Correct Answer: B Vote an answer

Question 4

What are the four business areas of BRM?
Response:

A. 1. purpose of government (support delivery of services)
2. mechanisms the government uses to achieve its purpose(modes of delivery)
3. resource management functions that support all areas of the government's business (missions or services to citizens)
4. support functions necessary to conduct government (support delivery of services) B. 1. purpose of government (missions or services to citizens)
2. mechanisms the government uses to achieve its purpose(modes of delivery)
3. support functions necessary to conduct government ((missions or services to citizens)
4. resource management functions that support all areas of the government's business (support delivery of services) C. 1. purpose of government (missions or services to citizens)
2. mechanisms the government uses to achieve its purpose(modes of delivery)
3. support functions necessary to conduct government (support delivery of services)
4. resource management functions that support all areas of the government's business (management of resources) D. 1. support functions necessary to conduct government (support delivery of services)
2. resource management functions that support all areas of the government's business (management of resources)
3. mechanisms the government uses to achieve its purpose (missions or services to citizens)
4. purpose of government (modes of delivery)

Discussion 0

Correct Answer: C Vote an answer

Question 5

Applying the first three steps in the RMF to legacy systems can be viewed in what way to determine if the necessary and sufficient security controls have been appropriately selected and allocated? Response:

A. Level of effort B. Sequential C. Common control D. Gap analysis

Discussion 0

Correct Answer: D Vote an answer

Question 6

The test plan should evaluate plans that support the IS; such as Incident Response, Disaster Recovery, and _______________ Plan to ensure they are up to date & meet the protection needs of the system Response:

A. Contingency Plan B. Remediation plan C. Security Plan D. Assessment Plan

Discussion 0

Correct Answer: A Vote an answer

Question 7

In which of the following phases do the system security plan update and the Plan of Action and Milestones (POAM) update take place?
Response:

A. Preparation Phase B. Accreditation Phase C. DITSCAP Phase D. Continuous Monitoring Phase

Discussion 0

Correct Answer: D Vote an answer

Question 8

Which NIST publication provides guidance on the three tiers in the risk management hierarchy including Tier 1, Tier 2, and Tier 3?
Response:

A. NIST SP 800-37 B. NIST SP 800-30 C. NIST SP 800-137 D. NIST SP 800-39

Discussion 0

Correct Answer: D Vote an answer

Question 9

Which of the three-tiered approaches to risk management address risk at the IS security control level & their allocation?
Response:

A. Management Systems B. Security System C. Federal Systems D. Information Systems

Discussion 0

Correct Answer: D Vote an answer

Question 10

An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
Response:

A. User password policy B. Network security policy C. Backup policy D. Privacy policy

Discussion 0

Correct Answer: D Vote an answer

Question 11

An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
Response:

A. Information B. Incremental C. Imminent D. Incident

Discussion 0

Correct Answer: D Vote an answer

Question 12

Developmental testing and evaluation is a type of control Assessment and its activities include the following except one.
Response:

A. Audits B. Design and code reviews C. Regression testing D. Application scanning

Discussion 0

Correct Answer: A Vote an answer

Question 13

One of the primary goals in conducting analysis of the test results from a scan during Security Control Assessment (SCA) is to Response:

A. Identify false negative findings B. Determine threats to the system C. Validate system boundaries D. Categorize vulnerabilities

Discussion 0

Correct Answer: D Vote an answer