Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

During your final review of an authorization package, you discover that the SAR lists control AC-3 as Partially Implemented, yet the SSP still shows it as Fully Implemented. To meet documentation-review responsibilities before sending the package to the authorizing official, what should you do next?

  • Remove the AC-3 entry from the SSP, since it is already described in the SAR, and proceed with submission.

  • Coordinate with the assessor and system owner to reconcile the inconsistency and update the affected document before submission.

  • Attach an explanatory memo and submit the package unchanged so the authorizing official can decide which document is correct.

  • Suspend the review and immediately escalate the issue to the risk executive without modifying the package.

ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot