Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

During a scheduled maintenance window, a database administrator is instructed by the system owner to install a new encryption module in production that night so the system complies with an upcoming regulatory deadline. The regular Change Control Board (CCB) will not convene until next week. To remain compliant with change-management policy, what should the administrator do next?

  • Open a security-incident ticket so the installation can proceed without going through change control.

  • Trigger the emergency change process and obtain expedited approval from an Emergency Change Control Board before deploying within the maintenance window.

  • Defer the deployment until the regular CCB meets next week, even if that misses the regulatory deadline.

  • Install the module immediately, then document the change and request retroactive CCB endorsement at next week's meeting.

ISC2 Governance, Risk and Compliance (CGRC)
Compliance Maintenance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot