ISC2 Governance, Risk and Compliance (CGRC) Practice Question

During an Authorization to Operate decision, the authorizing official is comparing the residual risks documented in the SAR against the organization's risk acceptance criteria. Which single factor creates a mandatory ceiling on acceptable risk that cannot be relaxed by business drivers or risk appetite?

Threat likelihood ratings assigned during assessment
Organizational risk tolerance defined in policy
Regulatory or statutory requirements that apply to the system
Business objectives and mission impact

ISC2 Governance, Risk and Compliance (CGRC)

System Compliance

Your Score:

Settings & Objectives

Security and Privacy Governance, Risk Management, and Compliance Program

Scope of the System

Selection and Approval of Framework, Security, and Privacy Controls

Implementation of Security and Privacy Controls

Assessment/Audit of Security and Privacy Controls

System Compliance

Compliance Maintenance

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Wipe Score

Bash, the Crucial Exams Chat Bot

AI Bot

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Answer Description

Ask Bash

What are residual risks in a risk assessment?

What are statutory and regulatory requirements in risk management?

How does the Security Assessment Report (SAR) contribute to risk decision-making in ATO?

What are residual risks in an Authorization to Operate decision?

What is the role of regulatory or statutory requirements in risk management?

How do threat likelihood ratings influence risk acceptance decisions?

Monthly

$19.99

Billed monthly,
Cancel any time.

3 Month Pass

$44.99

One time purchase of $44.99,
Does not auto-renew.

Annual Pass

$119.99

One time purchase of $119.99,
Does not auto-renew.

Lifetime Pass

$189.99

One time purchase,
Good for life.

All Exams

Unlimited Tests

Unlimited Questions

AI Tutor

Track scores

Report Cards

Voucher Discounts

Advanced PBQs

Included Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Report Issue

Answer Description

Ask Bash

What are residual risks in a risk assessment?

What are statutory and regulatory requirements in risk management?

How does the Security Assessment Report (SAR) contribute to risk decision-making in ATO?

What are residual risks in an Authorization to Operate decision?

What is the role of regulatory or statutory requirements in risk management?

How do threat likelihood ratings influence risk acceptance decisions?

Report Issue