Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

During a pre-authorization audit you learn that many sensitive reports do not display their classification when printed, increasing the chance they will be mishandled once they leave the office. Which corrective action best satisfies data-marking requirements for visibility of sensitivity and handling instructions?

  • Enforce file encryption and digital rights management on all sensitive documents without adding any visible classification text.

  • Configure document templates to automatically add the correct classification label in the header and footer of each page when files are created or exported.

  • Require staff to store documents only in network folders whose names reflect the data classification level.

  • Embed an invisible digital watermark that encodes the classification and can be read by forensic tools if needed.

ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot