ISC2 Governance, Risk and Compliance (CGRC) Practice Question
Drafting an SSP for a cloud HR system, you list four connected components: application servers and a managed database in one VPC, an on-prem Active Directory via LDAPS, a third-party payroll processor over an IPSec VPN, and a log-aggregation service in another subnet of the same account. Which component must be documented as an external system interconnection outside the authorization boundary?
The managed relational database instance residing in the same VPC as the application servers
The organization's on-premises Active Directory domain controller accessed via LDAPS
The third-party payroll processor accessed through the dedicated IPSec VPN
The log-aggregation service hosted in a separate subnet within the same cloud account
The authorization boundary includes only resources under the organization's direct management and security control. The application servers and their managed database reside in the organization's VPC, the on-prem Active Directory is owned by the same enterprise, and the log-aggregation service is still within the organization's cloud account, so all remain inside the boundary. The third-party payroll processor is operated by an independent provider and is accessed via a dedicated VPN, making it an external system interconnection that must be documented separately in the SSP.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an authorization boundary in the context of SSP documentation?
Open an interactive chat with Bash
What are external system interconnections, and why must they be documented in the SSP?
Open an interactive chat with Bash
How does an IPSec VPN ensure secure communication with an external system like a payroll processor?
Open an interactive chat with Bash
What is an SSP and why is it important?
Open an interactive chat with Bash
What is the 'authorization boundary' in an SSP?
Open an interactive chat with Bash
Why is the third-party payroll processor considered an external interconnection?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .