Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Following a security control assessment of an agency's new payroll system, you are directed to open a Plan of Action and Milestones (POA&M) for each control weakness that remains. To meet federal POA&M guidance and allow executives to monitor risk-remediation progress, which information must you record for every listed weakness?

  • A comprehensive list of all fully implemented security controls that have no findings.

  • Evidence that the system security plan was approved by the Authorizing Official before the assessment.

  • A clear description of the weakness, planned corrective action, responsible organization or individual, estimated resources, and target completion milestones.

  • Current authorization boundary diagrams and detailed network topology for the affected system.

ISC2 Governance, Risk and Compliance (CGRC)
Implementation of Security and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot