ISC2 Governance, Risk and Compliance (CGRC) Practice Question
During system categorization, a risk assessor concludes that unauthorized disclosure of the system's data would at most cause minor financial loss and degrade some business processes without halting mission functions. According to FIPS 199, how should the impact level on confidentiality be recorded?
Not Applicable, because there is no significant mission failure expected
Moderate impact, because any financial loss automatically triggers the middle category
Low impact, since the adverse effect is limited to minor financial loss and reduced efficiency
High impact, as confidentiality breaches always warrant the highest level
FIPS 199 defines a low impact for confidentiality as a loss that could be expected to have only a limited adverse effect-for example, causing minor financial loss or a noticeable but not mission-stopping reduction in effectiveness. Because the assessor determined that disclosure would merely create minor financial loss and some degradation of operations without shutting them down, this aligns with the definition of a limited adverse effect. Moderate impact would require a serious adverse effect such as significant financial loss or major operational disruption, while high impact involves severe or catastrophic consequences. "Not Applicable" is incorrect because FIPS 199 requires every security objective to be categorized at one of the three impact levels.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is FIPS 199?
Open an interactive chat with Bash
Can you explain the difference between 'low,' 'moderate,' and 'high' impact levels under FIPS 199?
Open an interactive chat with Bash
Why is confidentiality significant in system categorization according to FIPS 199?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .