ISC CGRC Actual Free Exam Questions & Community Discussion

The term __________ relates to the system as a whole where as Sensitivity relates to the data that the system processes.
Response:

According to NIST SP 800-37 Rev 2, step 6 of the risk management framework can be described as:
Response:

The findings from a security control assessment are documented in which of the following documents? Response:

Which National Institute of Standards and Technology Special Publication (NIST SP) 800 series document is concerned with continuous monitoring for federal information systems and organizations? Response:

When determining the applicability of a specific security control, the security professional should utilize which type of guidance?
Response:

When should the assessment team provide the briefing following the conclusion of testing to provide system management/operations personnel an opportunity to know the security posture and take immediate actions; 24 hrs, 48 hrs, immediately)?
Response:

Any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency.
Response:

A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization or in some instances, by a specific law, Executive Order, directive, policy, or regulation.
Response:

The use of automation to manage changes to the information system or its environment of operation facilitates Response:

Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?
Response:

Neil works as a project manager for SoftTech Inc. He is working with Tom, the COO of his company, on several risks within the project. Tom understands that through qualitative analysis Neil has identified many risks in the project.
Tom's concern, however, is that the priority list of these risk events are sorted in "high- risk,"
"moderate-risk," and "low-risk" as conditions apply within the project. Tom wants to know that is there any other objective on which Neil can make the priority list for project risks. What will be Neil's reply to Tom?
Response:

What are three examples of data classification found in FIPS PUB 199? Response: