Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

For a federal cloud-hosted financial system, after controls implementation the assessment reveals two moderate and one high residual risks. The system owner insists on going live next week. To secure stakeholder concurrence with the proposed risk acceptance, what should the CGRC professional do next?

  • Update the contract to transfer the high risk to the cloud service provider and skip internal authorization.

  • Lower the high residual risk to moderate in the SSP so it falls within organizational tolerance and proceed.

  • Draft a formal risk-acceptance memorandum and obtain signatures from the authorizing official and business owner, then add it to the authorization package.

  • List the residual risks on the POA&M and move the system to production without further approvals.

ISC2 Governance, Risk and Compliance (CGRC)
System Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot