Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

A critical cloud service provider renegotiates its SLA, shortening the maximum incident notification time from 48 to 24 hours. To stay compliant, what is the most appropriate action for the authorizing official's team?

  • Log the change in the contract repository but defer any monitoring adjustments until the next scheduled audit.

  • Revise the continuous monitoring strategy to include a control metric that verifies provider incident notifications occur within 24 hours and ensure collection mechanisms capture the data.

  • Require the provider to self-certify its compliance annually and discontinue in-house monitoring of incident notifications.

  • Escalate the SLA change to the Change Control Board and suspend all integrations with the provider until a full system re-authorization is completed.

ISC2 Governance, Risk and Compliance (CGRC)
Compliance Maintenance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot