Search Header Logo

CGRC Practice Exam December 2023

Authored by Avinash Borse

Other

3rd Grade

CGRC Practice Exam December 2023
AI

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

    Content View

    Student View

27 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In determining system boundaries for systems either partially or wholly managed, maintained, or operated by external providers, an agreement clearly describing authorization boundaries ensures what?

Security

Interconnection agreements

Accountability

Understanding

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What risk assessment approach typically employs a set of methods, principles, or rules for assessing risk based on nonnumerical categories or levels?

A) Quantitative assessment

B) Qualitative assessment

C) Semi-quantitative assessment

D) Empirical assessment

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is NOT a merit when an organization identifies and understands how information types are processed during all stages of the life cycle?

It helps organizations identify considerations for protecting the information, informs the organization’s security and privacy risk assessments, and informs the selection and implementation of controls.

Identification and understanding of the information life cycle facilitates the employment of practices to help ensure, for example, that organizations have the authority to collect or create information.

Organizations that process highly classified information types can allow all organizational employees to identify and know the value and impact of the information they work with for safe keeping.

It helps develop rules related to the processing of information in accordance with its impact level, create agreements for information sharing, and follow retention schedules for the storage and disposition of information.

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Identify the entity that establishes the compliance schedules for the National Institutes of Standards and Technology security standards and guidelines.

A) The Office of Management and Budget in policies, directives, or memoranda

B) The department of Commerce

C) The FedRAMP JAB

D) Third party assessor organizations

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The Prepare step has two risk assessment tasks: one for the organization level, and the other for the system level. The potential input for one of these risk assessments includes the following: assets to be protected; mission, business functions the system will support; business impact analyses or criticality analyses; system stakeholder information; and information about other systems that interact with the system. What will be the main output after the risk assessment?

Organization-level risk assessment results.

Organizational systems prioritized into low-, moderate-, and high-impact sub-categories.

Security and privacy assessment report.

Security and privacy risk assessment report.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What name is given to a risk management concept that is related to the level of risk or degree of uncertainty that is acceptable to organizations and is a key element of the organizational risk frame?

A) Risk Monitoring

B) Risk Response

C) Risk tolerance

D) Risk Assessment

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The risk executive (function) coordinates with senior leaders to do the following, except:

A) establish risk management roles and responsibilities.

B) establish organization-wide forums to consider all types and sources of risk.

C) ensure that security authorization decisions consider all factors necessary for mission and business success.

D) authorizing the operation of an information system, thereby accepting the risk to the organization.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Google

Continue with Google

Email

Continue with Email

Classlink

Continue with Classlink

Clever

Continue with Clever

or continue with

Microsoft

Microsoft

Apple

Apple

Others

Others

Already have an account?