ISC2 CGRC Overview: Exam Info | Syllabus | Questions Make CGRC Certification Exam Easy with Edusum.com Exam Code CGRC Full Exam Name ISC2 Certified Governance, Risk and Compliance (CGRC) Number of Questions 125 Practice Exams ISC2 CGRC Certification Practice Exam Passing Score 700 / 1000 Time Limit 180 mins Schedule Exam Pearson VUE CGRC Exam Detail Experience success with Edusum.com CGRC Syllabus Topic Weights Information Security Risk Management Program 16% Scope of the Information System 11% Selection and Approval of Security and Privacy Controls 15% Implementation of Security and Privacy Controls 16% Authorization/Approval of Information System 10% Continuous Monitoring 16% Assessment/Audit of Security and Privacy Controls 16% Experience success with Edusum.com • Perform enough practice with ISC2 system with related ISC2 CGRC certification subjects • Identify the key configuration, workflow and data flow • Understand the all Syllabus Topics of Exam which are Given in Description. • Identify your weak areas from practice test and do more practice with system • Repeat practice exams and try to score 100% on www.edusum.com Preparation tips for ISC2 CGRC Certification Experience success with Edusum.com CGRC Sample Questions Experience success with Edusum.com Q 1) According to the Risk Management Framework (RMF), which role has a primary responsibility to report the security status of the information system to the authorizing official (AO) and other appropriate organizational officials on an ongoing basis in accordance with the monitoring strategy? Option. a) Information system security officer (ISSO) b) Common control provider c) Independent assessor d) Senior information assurance officer (SIAO) Experience success with Edusum.com ANSWER a) Information system security officer (ISSO) Experience success with Edusum.com Q 2) Which authorization approach considers time elapsed since the authorization results were produced, the environment of operation, the criticality/sensitivity of the information, and the risk tolerance of the other organization? Option. a) Leveraged b) Single c) Joint d) Site specific Experience success with Edusum.com ANSWER a) Leveraged Experience success with Edusum.com Q 3) When should the information system owner document the information system and authorization boundary description in the security plan? Option. a) After security controls are implemented b) While assembling the authorization package c) After security categorization d) When reviewing the security control assessment plan Experience success with Edusum.com ANSWER c) After security categorization Experience success with Edusum.com Q 4) Information developed from Federal Information Processing Standard (FIPS) 199 may be used as an input to which authorization package document? Option. a) Security assessment report (SAR) b) System security plan (SSP) c) Plan of actions and milestones (POA&M) d) Authorization decision document Experience success with Edusum.com ANSWER b) System security plan (SSP) Experience success with Edusum.com Q 5) Why is security control volatility an important consideration in the development of a security control monitoring strategy? Option. a) It identifies needed security control monitoring exceptions. b) It indicates a need for compensating controls. c) It establishes priority for security control monitoring. d) It provides justification for revisions to the configuration management and control plan. Experience success with Edusum.com ANSWER c) It establishes priority for security control monitoring. Experience success with Edusum.com • For more information on CGRC Certification please refer to FAQs. • The CGRC certification is increasingly becoming important for the career of employees. • The fees information are for the informative purposes and do not serve as an official offering and are subject to change • Focus on the guide for online registration and you will find it out. Info on ISC2 CGRC Certification Experience success with Edusum.com More Info on ISC2 Certification VISIT www.edusum.com