Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

After an Authorizing Official accepts a medium residual risk created by an unremediated control weakness, the information system owner must record the accepted risk so it can be tracked, assigned an owner, and periodically reviewed. Which document is most commonly used within organizations to capture this kind of residual risk information for ongoing monitoring?

  • Plan of Action and Milestones (POA&M)

  • Security Assessment Report (SAR)

  • Risk register

  • System Security Plan (SSP)

ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot