Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

During a planned upgrade to an online banking system, the development team identifies a new encryption module that will require additional firewall ports to be opened in production. According to an effective system change-management process, what is the most appropriate next step?

  • Document the change and submit it to the Change Control Board for risk and compliance review before any deployment.

  • Push the updated code to the test environment and only involve the Change Control Board if issues are discovered.

  • Immediately open the ports in the development and production firewalls to avoid delaying the project schedule.

  • Schedule a penetration test of the new module after it is live to satisfy audit requirements.

ISC2 Governance, Risk and Compliance (CGRC)
Compliance Maintenance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot