ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During an authorization package review, you note a planned control requiring multifactor authentication for all privileged remote sessions to an information system hosted in a federal cloud environment. Under NIST control classifications, this control is primarily categorized as which type?
A compensating control implemented when baseline safeguards are not feasible
An operational control addressing human-centric processes such as incident response
A management control focused on establishing policy, procedure, and oversight
A technical control that relies on automated mechanisms to enforce identification and authentication
NIST FIPS 200 and SP 800-53 organize security controls into management, operational, and technical classes. Controls in the technical class are implemented and executed by information systems through hardware, software, or firmware. Multifactor authentication relies on automated mechanisms that electronically verify user identities before permitting access, placing it squarely in the technical class (specifically within the Identification and Authentication family). Management controls deal with policy and governance activities, operational controls focus on human-centered processes such as training and incident response, and compensating controls are alternative safeguards used when standard controls cannot be applied. Therefore, the requirement for multifactor authentication is a technical control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multifactor authentication (MFA)?
Open an interactive chat with Bash
What are NIST SP 800-53 technical controls?
Open an interactive chat with Bash
How do NIST control classifications differ from each other?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .