Online Access Free ISC.CGRC.v2024-06-23.q151 Practice Test (Page 26)

CGRC Exam Question 121

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation.
Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.
Response:

A.Certification is a comprehensive assessment of the management, operational, and technical security controls inan information system.

B.Certification is the official management decision given by a senior agency official to authorize operation of an information system.

C.Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.

D.Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.

CGRC Exam Question 122

Which of the following NIST Special Publication documents provides a guideline on network security testing?
Response:

A.NIST SP 800 42

B.NIST SP 800 53

C.NIST SP 800 37

D.NIST SP 800 53A

CGRC Exam Question 123

Which of the following are the tasks performed by the owner in the information classification schemes? Each correct answer represents a part of the solution. Choose three.
Response:

A.To delegate the responsibility of the data safeguard duties to the custodian.

B.To perform data restoration from the backups whenever required.

C.To review the classification assignments from time to time and make alterations as the business requirements alter.

D.To make original determination to decide what level of classification the information requires, which is based on the business requirements for the safety of the data.

CGRC Exam Question 124

Neil works as a project manager for SoftTech Inc. He is working with Tom, the COO of his company, on several risks within the project. Tom understands that through qualitative analysis Neil has identified many risks in the project.
Tom's concern, however, is that the priority list of these risk events are sorted in "high- risk,"
"moderate-risk," and "low-risk" as conditions apply within the project. Tom wants to know that is there any other objective on which Neil can make the priority list for project risks. What will be Neil's reply to Tom?
Response:

A.Risks may be listed by categories

B.Risks may be listed by priority separately for schedule, cost, and performance

C.Risk may be listed by the responses in the near-term

D.Risks may be listed by the additional analysis and response

CGRC Exam Question 125

How many steps are in the Risk Management Framework (RMF)? Response:

A.8

B.5

C.7

D.6

Other Version: 1158ISC.CGRC.v2025-02-03.q173

Latest Upload: 142Oracle.1D0-1057-25-D.v2026-06-03.q29; 273NAHQ.CPHQ.v2026-06-03.q396; 255CompTIA.220-1201.v2026-06-03.q196; 157GIAC.GCFE.v2026-06-03.q78; 154HIMSS.CPHIMS.v2026-06-03.q45; 233Google.Professional-Cloud-Architect.v2026-06-03.q165; 156HP.HPE7-A09.v2026-06-02.q48; 167ACDIS.CCDS-O.v2026-06-02.q56; 150Microsoft.AB-730.v2026-06-02.q31; 212ASQ.CSSBB.v2026-06-02.q130

CGRC Exam Question 121

CGRC Exam Question 122

CGRC Exam Question 123

CGRC Exam Question 124

CGRC Exam Question 125

Download PDF File