Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

A federal agency plans to adopt a SaaS that already holds a FedRAMP Joint Authorization Board (JAB) provisional ATO (P-ATO) at the Moderate baseline. Before deployment, what must the agency's Authorizing Official do to meet FedRAMP requirements?

  • Treat the JAB P-ATO as final approval and allow immediate operational use without further review.

  • Send a notification to the FedRAMP PMO and rely on it to conduct continuous monitoring on the agency's behalf.

  • Examine the P-ATO security package, document an agency risk decision, and grant an Agency ATO for the service.

  • Require the provider to undergo a full assessment against the FedRAMP High baseline and obtain a new JAB P-ATO.

ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot