Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

After completing the initial risk assessment, your team rated a system's inherent risk for an insider data-exfiltration threat as High. Compensating technical and management controls are now fully implemented, and you must calculate the residual risk to brief the authorizing official. Which item must you re-evaluate to quantify the residual risk level accurately?

  • The disaster recovery plan's recovery time objective (RTO) for the affected system.

  • The asset's criticality rating established during the business impact analysis.

  • The organization's documented risk tolerance thresholds.

  • The revised likelihood that the insider can successfully exfiltrate data after controls are in place.

ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot