Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While preparing a Plan of Action and Milestones (POA&M) for an information system that cannot remediate a critical vulnerability before the authorization decision, the information system security officer must capture specific data so the Authorizing Official can track progress. Which detail is essential to include in the POA&M for this purpose?

  • Scheduled completion date and interim milestones for resolving the weakness

  • Names of the assessment team members who identified the issue

  • Manufacturer warranty and support details for the faulty component

  • Data-retention timeline for records affected by the vulnerability

ISC2 Governance, Risk and Compliance (CGRC)
Implementation of Security and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot