ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During an Authorization to Operate decision, the authorizing official is comparing the residual risks documented in the SAR against the organization's risk acceptance criteria. Which single factor creates a mandatory ceiling on acceptable risk that cannot be relaxed by business drivers or risk appetite?
Organizational risk tolerance defined in policy
Business objectives and mission impact
Regulatory or statutory requirements that apply to the system
Threat likelihood ratings assigned during assessment
Regulatory or statutory requirements impose obligations derived from laws, mandates, and contracts. An organization cannot legally accept a level of residual risk that would place it out of compliance, even if leadership is comfortable with the exposure or the system is critical to mission success. Organizational risk tolerance and business objectives help define what is acceptable within those legal boundaries, while threat likelihood values simply inform the analysis rather than establish the ceiling.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are residual risks in a risk assessment?
Open an interactive chat with Bash
What are statutory and regulatory requirements in risk management?
Open an interactive chat with Bash
How does the Security Assessment Report (SAR) contribute to risk decision-making in ATO?
Open an interactive chat with Bash
What are residual risks in an Authorization to Operate decision?
Open an interactive chat with Bash
What is the role of regulatory or statutory requirements in risk management?
Open an interactive chat with Bash
How do threat likelihood ratings influence risk acceptance decisions?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .