ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During an authorization boundary discussion, you note that incident response coverage is provided by an enterprise Security Operations Center for all business units, with no system-specific IR staff. Which control classification best describes the SOC's incident monitoring function?
A management control applied at the individual system level
A technical control implemented within application code
An operational control unique to each information system
A common control that can be inherited by multiple systems
In NIST guidance, a common control is a security or privacy control whose protection capability is inheritable by multiple information systems. An organization-wide SOC that centrally performs incident monitoring and response meets this definition, because each system relies on and benefits from the same control implementation without duplicating it locally. A management control focuses on governance activities such as policies and planning, not hands-on monitoring. An operational control is implemented primarily by people for a single system or enclave, while a technical control is enforced by hardware or software resident within an individual system or application. Thus, the SOC's enterprise service is most accurately categorized as a common control that other systems inherit.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a common control in the context of NIST guidance?
Open an interactive chat with Bash
How does a Security Operations Center (SOC) qualify as a common control?
Open an interactive chat with Bash
What is the difference between management controls and operational controls?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Implementation of Security and Privacy Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .