Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

You are the ISSO for a newly authorized FISMA-moderate information system. Management asks you to "stand up" continuous monitoring as quickly as possible. According to NIST SP 800-137, which action should you complete before choosing monitoring tools or setting data-collection frequencies to ensure results truly support ongoing authorization decisions?

  • Define monitoring objectives and metrics that reflect the organization's risk tolerance.

  • Assign operations staff to review security alerts on a daily rotation.

  • Install automated scanners and dashboards to begin collecting vulnerability and configuration data.

  • Open preliminary POA&Ms for all known control weaknesses to track remediation progress.

ISC2 Governance, Risk and Compliance (CGRC)
Selection and Approval of Framework, Security, and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot