CERTIFIED IN GOVERNANCE, RISK AND COMPLIANCE (CGRC) EXAM STUDY GUIDE: Risk Management Framework (RMF) Summary & 250 Sample Exam-Grade Questions and Annotated Answers

Book Synopsis: Note: The content of this publication is the same as the one in our previously published book titled: CERTIFIED AUTHORIZATION PROFESSIONAL (CAP) EXAM STUDY GUIDE: Summary of the Risk Management Framework (RMF): 250 Exam-Grade Questions and Annotated Answers, authored by Nformi PsyD, George N., Tata DrPH, Valintine K. (ISBN: 9798407273806) available on Amazon.com.

The title change is meant to streamline and mirror the change in the certification name by ISC2 from CAP to CGRC. The Certified in Governance, risk and Compliance (CGRC) exam is designed for Information Technology (IT) professionals interested in organizational/system risk assessment, risk management and governance /resource compliance. The certification was formerly known as Certified Authorization Professional (CAP) but was changed by ISC2 in February 2023 to better streamline the focus of the content to mirror the governance and compliance management in organizational settings.

This book is written based on the most recent National Institute of Standards and Technology (NIST) Special Publications. This includes NIST 800-53 revision 5 of September 2020; NIST 800-53B-Control Baselines for Information Systems and Organizations (new special publication) of September 2020; NIST 800-37 revision 2 of December 2018 among other NIST publications, laws and executive orders that support the Risk Management Framework (RMF) for US federal information systems.

The authors present succinct summaries of each of the RMF steps from the “Prepare” through the “Monitor” step. They emphasize indispensable tasks on each step, pointing out key areas for candidates to retain and important areas that tend to feature in the Certified in Governance, Risk and Compliance (CGRC) exams. The chapters are synced with the ISC2 domains that make up the common body of knowledge for the CGRC certification exams.

Over 250 exam-grade sample questions follow immediately after the summary of each RMF step to test the candidate’s understanding of the content in that step/exam domain. The authors’ experience in U.S federal government work underpin scenario questions that reflect a minimum of two years’ work experience as required by ISC2 for CGRC certification. In part two of the book, the questions on each chapter are featured again, but this time with the correct answers and rationale behind the answers. Most importantly, the annotations explain in greater detail why the incorrect answer options are inaccurate. This approach speeds up the candidate’s understanding of important concepts and accelerates coverage of the knowledge areas for the CGRC exams.

Questions typically come in the CGRC exam testing the candidate’s understanding and pledge of allegiance to the ISC2 codes of conduct/ethics as laid out in the organization’s cannons. This aspect is usually overlooked in other publications, but in this book several ISC2 ethics-related questions are featured.

Good luck in your CGRC exams Read more.