Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

During a risk assessment for a new e-commerce server, you estimate a 0.4 annual likelihood of compromise with a $1 000 000 impact. Planned controls are expected to drop likelihood to 0.1 while impact remains the same. How should you record this change when comparing inherent and residual risk in the risk register?

  • List inherent risk as $100 000 and residual risk as $400 000 because the added controls introduce operational cost that raises residual exposure.

  • Show both inherent and residual risk as $400 000 since the impact value did not change.

  • Record inherent risk as the full $1 000 000 impact and residual risk as $100 000, because only impact values influence residual risk calculations.

  • List inherent risk as $400 000 and residual risk as $100 000, noting that management must decide whether the $100 000 exposure is acceptable.

ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot