ISC2 Governance, Risk and Compliance (CGRC) Practice Question
When compiling the initial assessment report for a newly audited payment platform, you must include a risk mitigation summary for every critical vulnerability found. Which of the following best satisfies this requirement in the initial report phase?
A brief description of potential control or process improvements that could lower the likelihood or impact of the risk
The formally accepted residual risk score after mitigation activities are completed
Documented proof that remediation tasks are finished and retested for effectiveness
A finalized remediation project plan with budgets, timelines, and assigned personnel
The purpose of the risk mitigation summary in an initial assessment report is to give management a concise, high-level view of how each identified risk could be reduced. At this early point the assessor is not expected to deliver a full project plan or evidence of completed fixes. Instead, the report should briefly describe potential control enhancements or procedural changes that would lower the likelihood or impact of the vulnerability. Detailed budgets, residual-risk decisions, and verification of completed remediation occur later in the remediation and follow-up phases, so those items are inappropriate for the initial report.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a risk mitigation summary in the context of an initial assessment report?
Open an interactive chat with Bash
What are control enhancements mentioned in the risk mitigation summary?
Open an interactive chat with Bash
Why is a finalized remediation project plan not suitable for the initial report phase?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .