Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

An agency is rolling out a new human-resources information system and has chosen a set of NIST SP 800-53 security controls. To address the "timeline" element of its control implementation strategy, what is the MOST appropriate action for the authorization boundary owner to take?

  • Allocate the necessary budget for purchasing and deploying required security technologies

  • Map every chosen control to the applicable laws, regulations, and internal policies

  • Document any residual weaknesses for each control in the POA&M

  • Define start and completion dates with interim milestones for installing, configuring, and testing every selected control

ISC2 Governance, Risk and Compliance (CGRC)
Implementation of Security and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot