Free Practice ISC2 CGRC Exam Questions 2025

Which of the following is a key factor in the success of a security awareness and training program?

ABC Corporation is considering implementing a new information system that will be critical to its business operations. The system is expected to cost $1 million to implement, and will be used to process sensitive customer information. The chief information officer (CIO) is concerned about the risks associated with the new system, and wants to ensure that the organization's risk appetite is taken into account. Which of the following factors should be considered when determining the risk appetite for the new system?

A large organization has recently implemented a new system to manage its financial transactions. The system includes several components, such as a database server, web server, and application server, which are all connected to a local network. The organization's IT team has configured the system according to best practices and security policies and has performed several security assessments to ensure its compliance. However, the organization's security team wants to implement continuous monitoring of the system configurations to enhance its security posture. What is the main benefit of implementing continuous monitoring of the system configurations in the scenario described above?

True or False: Risk response is the final step in the NIST Risk Management Framework and involves implementing security controls to address identified risks.

A large organization has recently implemented a new system to manage its financial transactions. The system includes several components, such as a database server, web server, and application server, which are all connected to a local network. The organization's IT team has configured the system according to best practices and security policies and has performed several security assessments to ensure its compliance. However, the organization's security team wants to implement continuous monitoring of the system configurations to enhance its security posture. What is the main benefit of implementing continuous monitoring of the system configurations in the scenario described above?