ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During Step 3 (Select) of the NIST RMF, you are verifying that each control class is represented. Which of the following activities is categorized by FIPS 200 as an operational control rather than a technical or management control?
Enforcing multifactor authentication for all privileged accounts
Configuring firewall rules on the enterprise perimeter router
Performing annual risk assessments to update the information system security plan
Conducting regular security awareness and training sessions for all system users
FIPS 200 groups its 17 security control families into three classes. Awareness and Training (AT) is an operational family because it focuses on day-to-day personnel actions that promote correct security behavior. Configuring perimeter firewall rules and enforcing multifactor authentication are technical controls, belonging to System and Communications Protection (SC) and Identification and Authentication (IA), respectively. Performing periodic risk assessments is a management control under the Risk Assessment (RA) family. Therefore, conducting regular awareness and training sessions is the only activity listed that FIPS 200 classifies as operational.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the three classes of security controls categorized in FIPS 200?
Open an interactive chat with Bash
What is the focus of the Awareness and Training (AT) control in FIPS 200?
Open an interactive chat with Bash
Why are configuring firewall rules and enforcing multifactor authentication considered technical controls?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .