Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

During requirements gathering for a U.S. federal agency's new citizen-services portal, the security engineer wants to embed security early in the SDLC. Which task should be performed in this phase to meet that goal?

  • Conduct red-team penetration tests against the first working prototype to uncover coding flaws.

  • Apply Center for Internet Security benchmark settings to the operating system images before deployment.

  • Configure and tune security information and event management (SIEM) correlation rules for production monitoring.

  • Compile and document system-specific security requirements by mapping applicable laws, regulations, and baseline controls to functional specifications.

ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot