ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During residual risk analysis of a federal information system, the security analyst must evaluate the effectiveness of implemented controls. Which evidence would provide the MOST direct indication that a technical control is functioning as intended over time?
The section of the System Security Plan that describes the control's purpose and scope
Continuous monitoring data showing control-specific security metrics trending within acceptable thresholds
An acknowledgment of risk acceptance signed by the authorizing official
The original control implementation plan approved during system design
Ongoing evidence that a control is operating effectively comes from continuous monitoring outputs such as automated log reviews, vulnerability-scan trends, or other near-real-time metrics that map directly to the control objectives. A design-phase implementation plan and the descriptive text in the system security plan only show what the control is supposed to do, not whether it currently works. A signed risk-acceptance memo reflects a management decision, not control performance data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is continuous monitoring in the context of security controls?
Open an interactive chat with Bash
How do security metrics help evaluate control effectiveness?
Open an interactive chat with Bash
Why is the original control implementation plan insufficient for evaluating residual risk?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .