Free CGRC Exam Questions - Easiest Way for Success

Which of the following is true about common controls?

True or False: During control selection, all controls may be specialized with tailoring.

Your organization is preparing to authorize a new information system. As part of the Prepare phase of the NIST SP 800-37 Risk Management Framework, your team is working to identify the system's stakeholders and their roles. Which of the following stakeholders would be responsible for ensuring that the system's security controls are properly implemented and maintained?

Which of the following is NOT a best practice for implementing security controls according to NIST SP 800-53?

A large organization has recently implemented a new system to manage its financial transactions. The system includes several components, such as a database server, web server, and application server, which are all connected to a local network. The organization's IT team has configured the system according to best practices and security policies and has performed several security assessments to ensure its compliance. However, the organization's security team wants to implement continuous monitoring of the system configurations to enhance its security posture. What is the main benefit of implementing continuous monitoring of the system configurations in the scenario described above?