• Home
  • Articles
  • Latest [Jun 05, 2024] 100% Passing Guarantee - Brilliant CGRC Exam Questions PDF [Q226-Q249]

Latest [Jun 05, 2024] 100% Passing Guarantee - Brilliant CGRC Exam Questions PDF [Q226-Q249]

Share

Latest [Jun 05, 2024] 100% Passing Guarantee - Brilliant CGRC Exam Questions PDF

CGRC Certification – Valid Exam Dumps Questions Study Guide! (Updated 725 Questions)

NEW QUESTION # 226
The scope of activities associated with a system, encompassing the system's initiation, development and acquisition, implementation and maintenance, and ultimately its disposal that instigates another system initiation best describes Response:

  • A. IT infrastructure
  • B. Information system
  • C. Authorization Process
  • D. System Development Life Cycle (SDLC)

Answer: D


NEW QUESTION # 227
Which of the following methods of authentication uses finger prints to identify users? Response:

  • A. Mutual authentication
  • B. Biometrics
  • C. Kerberos
  • D. PKI

Answer: B


NEW QUESTION # 228
What are the three tools necessary for managing the inventory program? Response:

  • A. 1. Inventory form.
    2. Inventory change form.
    3. Organization inventory summary.
  • B. 1. Acquisition/Development
    2. Inventory change form.
    3. Organization inventory summary.
  • C. 1. Inventory change form.
    2. Organization inventory summary.
    3. Inventory form.
  • D. 1. Acquisition/Development
    2. Organization inventory summary.
    3. Inventory change form.

Answer: A


NEW QUESTION # 229
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test?
Each correct answer represents a complete solution. Choose all that apply.
Response:

  • A. Information system architectures
  • B. Kernel flaws
  • C. Trojan horses
  • D. Social engineering
  • E. Race conditions
  • F. File and directory permissions
  • G. Buffer overflows

Answer: B,C,D,E,F,G


NEW QUESTION # 230
A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers.
Response:

  • A. Logistics Network
  • B. Supply Chamber
  • C. Supply Chain
  • D. Supply Network

Answer: C


NEW QUESTION # 231
Where can a project manager find risk-rating rules?
Response:

  • A. Risk probability and impact matrix
  • B. Enterprise environmental factors
  • C. Risk management plan
  • D. Organizational process assets

Answer: D


NEW QUESTION # 232
Which of the following is not a risk factor as stated in NIST SP 800-37? Response:

  • A. Likelihood
  • B. Vulnerability
  • C. Threat actor
  • D. Threat

Answer: C


NEW QUESTION # 233
During the security impact analysis vulnerabilities were uncovered in the information system.
Which of the following documents should address the outstanding items? Response:

  • A. System discrepancy plan
  • B. System deficiency plan
  • C. System security plan
  • D. Plan of action and milestones

Answer: D


NEW QUESTION # 234
If an organization shares financial and personal details of a client to other companies without prior consent of the individuals that organization is violating what following Internet law? Response:

  • A. Copyright law
  • B. Trademark law
  • C. Privacy law
  • D. Security law

Answer: C


NEW QUESTION # 235
Which of the following refers to a process that is used for implementing information security?
Response:

  • A. Classic information security model
  • B. Information Assurance (IA)
  • C. Five Pillars model
  • D. Certification and Accreditation (C&A)

Answer: D


NEW QUESTION # 236
Which RMF role establishes risk management roles and responsibilities and provides advice and relevant information to authorizing officials concerning the risk management strategy to guide authorization decision making.
Response:

  • A. System owner
  • B. Risk executive
  • C. ISSE
  • D. Common control provider

Answer: B


NEW QUESTION # 237
A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?
Response:

  • A. Add the identified risk to a quality control management control chart.
  • B. Add the identified risk to the risk register.
  • C. Add the identified risk to the issues log.
  • D. Add the identified risk to the low-level risk watchlist.

Answer: B


NEW QUESTION # 238
In which of the following Risk Management Framework (RMF) phases is a risk profile created for threats?
Response:

  • A. Phase 1
  • B. Phase 0
  • C. Phase 3
  • D. Phase 2

Answer: D


NEW QUESTION # 239
The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements.
Response:

  • A. Guidance
  • B. Scoping
  • C. Tailoring
  • D. Feature

Answer: C


NEW QUESTION # 240
An information system's boundary definition resides with who? Response:

  • A. The Information System Owner, in which he or she would must be careful to consult with authorizing officials (AO), the CIO, CISO, and the risk executive (function)..
  • B. The Information System Owner, in which he would must be careless to consult with authorizing officials (AO), the CIO, CISO, and the risk executive (function)..
  • C. The Information System Owner, in which she would must be careful to consult with authorizing officials (AO), the CIO, CISO, and the risk executive (function)..
  • D. The Information System Owner, in which he or she would must be careful to consult with authorizing officials (AO), the CIO, CISO, and the safe executive (function)..

Answer: A


NEW QUESTION # 241
James work as an IT systems personnel in SoftTech Inc. He performs the following tasks:
- Runs regular backups and routine tests of the validity of the backup data.
- Performs data restoration from the backups whenever required.
- Maintains the retained records in accordance with the established information classification policy.
What is the role played by James in the organization?
Response:

  • A. User
  • B. Custodian
  • C. Manager
  • D. Owner

Answer: B


NEW QUESTION # 242
Which one of the following publications provides details of the monitoring security control?
Response:

  • A. NIST SP 800 137
  • B. NIST SP 800 41
  • C. NIST SP 800 53
  • D. NIST SP 800 42

Answer: A


NEW QUESTION # 243
Any telecommunications system or information system used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency that (1) the function, operation, or use of which involves intelligence activities, cryptologic activities related to national security, involves command and control of military forces; involves equipment that is an integral part of a weapon system; or is critical to the direct to the direct fulfilment of military or (2) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an executive order or an act of congress is:
Response:

  • A. System
  • B. Critical system
  • C. National security system
  • D. Information system

Answer: C


NEW QUESTION # 244
Tailoring refers to the process by which a security control baseline is modified based on all but one of the following:
Response:

  • A. The specification of organization-defined parameters in controls via explicit assignement and selection statements.
  • B. The security categorization of the information system
  • C. The specification of compensating controls
  • D. The application of scoping guidance

Answer: B


NEW QUESTION # 245
Which of the following assessment methods involves observing or conducting the operation of physical devices?
Response:

  • A. Deviation
  • B. Interview
  • C. Testing
  • D. Examination

Answer: C


NEW QUESTION # 246
Which role has the primary responsibility to conduct ongoing assessments after an initial system authorization?
Response:

  • A. Security Control Assessor
  • B. Information System Owner (ISO)
  • C. Common Control Provider (CCP)
  • D. Authorizing Official (AO)

Answer: A


NEW QUESTION # 247
In what phases of the Risk Management Framework (RMF) and system development life cycle (SDLC), respectively, does documentation of control implementation start? Response:

  • A. Implement security controls and development/acquisition
  • B. Authorization and operations/maintenance
  • C. Monitor and sunset
  • D. Categorization and initiation

Answer: A


NEW QUESTION # 248
The security control assessor for Colvine Tech will be conducting a comprehensive level assessment on an information system at Colvine Tech. Which controls must be assessed separately, not by the assessor for colvine Tech?
Response:

  • A. Common Controls
  • B. Alternative controls
  • C. Failed controls
  • D. Management controls

Answer: A


NEW QUESTION # 249
......

CGRC are Available for Instant Access: https://www.vce4plus.com/ISC/CGRC-valid-vce-dumps.html

CGRC Dumps 2024 - New ISC CGRC Exam Questions: https://drive.google.com/open?id=1ng2nQLUx_RdJpZQN4y34tAlWoPP8P3_E

Related Articles

more
ISC CGRC Certification Practice Exam