Online Access Free ISC.CGRC.v2024-06-23.q151 Practice Test (Page 30)

CGRC Exam Question 141

A SCAP specification for communicating the characteristics of vulnerabilities and measuring their relative severity.
Response:

A.Disaster Recovery Plan (DRP)

B.Common Vulnerability Scoring System (CVSS)

C.Continuity of Operations Plan (COOP)

D.Common Vulnerability and Exposures (CVE)

CGRC Exam Question 142

The documentation of a predetermined set of instructions or procedures that describe how an organization's mission/business functions will be sustained during and after a significant disruption.
Response:

A.Business Impact Analysis (BIA)

B.Business Continuity Plan (BCP)

C.Business Recovery/Disruption Plan (BRP)

D.Common Vulnerability and Exposures (CVE)

CGRC Exam Question 143

What are five primary roles associated with the system authorization program? Response:

A.1. CISO (Chief Information Security Officer or senior information security officer)
2. System Owner
3. ISSO (Information System Security Officer)
4. Certifying Agent (or security control assessor)
5. AO (Approving Authority or authorizing official)

B.1. ISSO (Information System Security Officer)
2. Certifying Agent (or security control assessor)
3. AO (Approving Authority or authorizing official)
4. CISO (Chief Information Security Officer or senior information security officer)
5. System Owner

C.1. System Owner
2. ISSO (Information System Security Officer)
3. Certifying Agent (or security control assessor)
4. AO (Approving Authority or authorizing official)
5. CISO (Chief Information Security Officer or senior information security officer)

D.1. CISO (Chief Information Security Officer or senior information security officer)
2. System Owner
3. ISSO (Information System Security Officer)
4. System Owner
5. Certifying Agent (or security control assessor)

CGRC Exam Question 144

Managing information security risk from an organization-wide perspective has to do with the following processes except one. Choose the exception.
Response:

A.responding to rist

B.Mitigating risk

C.Framing risk

D.Assessing risk

CGRC Exam Question 145

An information system is currently in the initiation phase of the system development life cycle (SDLC) and has been categorized high impact. The information system owner wants to inherit common controls provided by another organizational information system that is categorized moderate impact. How does the information system owner ensure that the common controls will provide adequate protection for the information system?
Response:

A.Perform rigorous testing of the common controls to determine if they provide adequate protection.

B.Ask the common control provider for the system security plan for the common controls.

C.Supplement the common controls with system-specific or hybrid controls to achieve the required protection for the system.

D.Consult with the information system security engineer and the information security architect.

Other Version: 1220ISC.CGRC.v2025-02-03.q173

Latest Upload: 102ISTQB.CT-AI.v2026-06-18.q68; 221IIA.IIA-CIA-Part3.v2026-06-17.q220; 147WGU.Introduction-to-IT.v2026-06-17.q67; 194CompTIA.220-1202.v2026-06-16.q110; 128TheInstitutes.CPCU-500.v2026-06-16.q25; 206ACAMS.CAMS7-CN.v2026-06-16.q170; 221CBIC.CIC.v2026-06-15.q123; 142Peoplecert.ITIL-4-Specialist-High-velocity-IT.v2026-06-15.q16; 243HashiCorp.Terraform-Associate-004.v2026-06-15.q126; 149Peoplecert.ITILFNDv5.v2026-06-15.q26

CGRC Exam Question 141

CGRC Exam Question 142

CGRC Exam Question 143

CGRC Exam Question 144

CGRC Exam Question 145

Download PDF File