CGRC EXAM STUDY GUIDE 2025 QUIZZES & ANS!!
Who is responsible for indentifying individuals and assigning roles in the RMF
for the Org? Answer - CIO, Head of Agency, & Senior Agency Official for Privacy
[Risk Mgmt Roles Task P01]
The head of Agency crafts a risk management strategy that guides & informs
risk-based decisions, including how security & privacy risk is formed, assessed,
responded to and monitored, at what Task? Answer - Risk Management
Strategy [Task P-2]
Who is responsible for assessing org-wide sec & privacy risk, considering the
totality of risk from system connections to externally owned assets? Answer -
Senior Accountable Official, SAO for Privacy, Risk Exec (Function), at Risk
Assessment - Organizational [Task P-3]
An org tailored control baseline that provides a fully specified set of controls,
control enhancements, and supplemental guidance is established & derived
from established control baselines described in NIST 800-53B Answer - Org -
Tailored Control Baselines & CyberSec Framework [Task P-4]
Who is responsible for the Mgmt, maintenance, and testing of the common
controls? Answer - Common Control Provider
what are security or privacy controls that are typcally provided by an entity
different from the org that owns the system? Answer - Common Controls
Who is responsible for indentifying individuals and assigning roles in the RMF
for the Org? Answer - CIO, Head of Agency, & Senior Agency Official for Privacy
[Risk Mgmt Roles Task P01]
The head of Agency crafts a risk management strategy that guides & informs
risk-based decisions, including how security & privacy risk is formed, assessed,
responded to and monitored, at what Task? Answer - Risk Management
Strategy [Task P-2]
Who is responsible for assessing org-wide sec & privacy risk, considering the
totality of risk from system connections to externally owned assets? Answer -
Senior Accountable Official, SAO for Privacy, Risk Exec (Function), at Risk
Assessment - Organizational [Task P-3]
An org tailored control baseline that provides a fully specified set of controls,
control enhancements, and supplemental guidance is established & derived
from established control baselines described in NIST 800-53B Answer - Org -
Tailored Control Baselines & CyberSec Framework [Task P-4]
Who is responsible for the Mgmt, maintenance, and testing of the common
controls? Answer - Common Control Provider
what are security or privacy controls that are typcally provided by an entity
different from the org that owns the system? Answer - Common Controls
