Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Your team has finished implementing the tailored control set for a cloud application and is about to enter the Assessment phase of the NIST Risk Management Framework. To ensure the evaluation is repeatable, traceable, and approved before any testing begins, what should be completed first?

  • Develop and obtain approval of a security assessment plan that outlines the test scope and methods.

  • Draft the initial Plan of Action and Milestones (POA&M) listing expected control gaps.

  • Conduct a penetration test against the application to look for exploitable weaknesses.

  • Begin continuous monitoring to collect automated metrics on control performance.

ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot