Best Free Actual Exam Prep Sources

JOB Exam Prep
Menu

ISC2 : CGRC

Click here to more Exam

Start Exam

Total Q&A : 726

Get ISC2 : CGRC Full PDF

About ISC2 CGRC Exam:

The CGRC (Certified in Governance, Risk and Compliance)—formerly known as CAP (Certified Authorization Professional)—is an advanced certification offered by ISC2. It validates your expertise in authorizing and maintaining information systems within the RMF (Risk Management Framework) as defined by NIST. This credential is ideal for cybersecurity professionals working in governance, risk, and compliance, particularly those in federal, defense, and commercial sectors.

If you are preparing for the CGRC exam, this guide includes essential information, expert tips, and practice resources to help you pass the exam on your first attempt!

Exam Details and Format:

  • Duration: 180 minutes (3 hours)
  • Format: 125 multiple-choice questions
  • Cost: $599 USD (varies by Country)
  • Passing Score: 700 out of 1000
  • Languages: English
  • Delivery: Pearson VUE (in-person or online proctored)

Prerequisites:

  • At least 2 years of cumulative paid work experience in one or more of the seven domains of the CGRC Common Body of Knowledge (CBK).
  • No experience? You can still take the exam and become an Associate of ISC2 until you fulfill the experience requirement within 3 years.

Preparation Tips:

1. Understand the Exam Domains

ISC2 CGRC exam is based on 7 domains of the ISC2 CBK:

  • Information Security Risk Management Program (16%)
  • Scope of the Information System (11%)

  • Selection and Approval of Security and Privacy Controls (15%)
  • Implementation of Security and Privacy Controls (16%)
  • Assessment/Audit of Security and Privacy Controls (16%)
  • Authorization/Approval of Information System (10%)
  • Continuous Monitoring (16%)

Download the official ISC2 CGRC Exam Outline from ISC2

2. Use ISC2 FREE Learning Resources

ISC2 offers self-study materials and community forums to prepare:

  • ISC2 CGRC Candidate Handbook
  • Official CGRC Study Guide (available on Amazon or Wiley)
  • Join ISC2 study groups and online webinars for insights from certified professionals.

3. Get Hands-On Experience with RMF

Since CGRC is tied to the NIST RMF, hands-on practice is essential:

  • Understand NIST SP 800-37 and NIST SP 800-53 controls
  • Use GRC tools like Archer, ServiceNow GRC, or OpenRMF
  • Practice control assessment and documentation
  • Simulate security categorization and impact analysis

Free or low-cost labs can be found on:

  • FedVTE (for U.S. Govt personnel)
  • Cybrary
  • Coursera (NIST-aligned GRC courses)

4. Use Practice Questions & Mock Exams

Use exam-style questions to:

  • Familiarize yourself with CGRC question formats
  • Identify weak topics
  • Practice exam time management

 Start Your FREE CGRC Practice Test
 Best source for full preparation: CLEARCATNET

Start Exam
Scroll to Top