ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During a quarterly compliance readiness review, an auditor asks for primary evidence that the organization has formally established the requirement for administrators to use multi-factor authentication when initiating remote sessions. Which artifact will most directly satisfy this request?
The service-level agreement with the internet service provider outlining network availability targets
The most recent penetration-test report demonstrating resistance to credential stuffing attacks
Recent VPN gateway logs showing successful connections that include one-time password codes
An approved access-control policy and accompanying procedure that mandates multi-factor authentication for privileged remote access
Auditors first look for documentary evidence that a control has been formally defined by the organization. A published security policy-supplemented by a procedure detailing how administrators enroll and use multi-factor credentials-demonstrates management approval, scope, and accountability for the requirement. Log extracts or penetration-test reports can corroborate implementation but do not, by themselves, prove that the mandate is institutionalized. An ISP service-level agreement is unrelated to authentication controls, so it provides no value for this objective.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multi-factor authentication (MFA), and why is it required for remote access?
Open an interactive chat with Bash
How does an access-control policy define security requirements for administrators?
Open an interactive chat with Bash
Why are VPN gateway logs and penetration-test reports insufficient as primary evidence for compliance?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Compliance Maintenance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .