ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Following an assessment that revealed unencrypted sensitive data on production databases, you are determining resources needed to estimate how long remediation will take. Which of the following is considered a technical resource for the risk response plan?

Revision of the organization's data classification policy to mandate encryption
Budget approval for consulting fees to develop the remediation strategy
Licenses for a database transparent data-encryption feature and compatible hardware security modules
Allocation of two additional database administrators for three months

Report Issue

Answer Description

Technical resources are the specific technologies, tools, or systems that must be acquired, configured, or integrated to carry out a chosen mitigation. Procuring licenses for a database's transparent data-encryption capability and the required hardware security modules represents technology that engineers must install and test, so it is a technical resource affecting the project schedule. Extra administrators are a personnel resource, consulting funds are a financial resource, and updating a policy is an administrative control-not a technical tool-so those items do not meet the definition of a technical resource.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What is a hardware security module (HSM)?

Open an interactive chat with Bash

How does transparent data encryption (TDE) function in databases?

Open an interactive chat with Bash

What is the role of data classification policies in risk management?

Open an interactive chat with Bash

What is a hardware security module (HSM)?

Open an interactive chat with Bash

What does transparent data encryption (TDE) mean?

Open an interactive chat with Bash

Why are personnel resources not considered technical resources?

Open an interactive chat with Bash

What is a hardware security module (HSM)?

Open an interactive chat with Bash

What is database transparent data encryption (TDE)?

Open an interactive chat with Bash

What is the difference between technical resources and administrative controls in a risk response plan?

Open an interactive chat with Bash

ISC2 Governance, Risk and Compliance (CGRC)

Assessment/Audit of Security and Privacy Controls

Your Score:

Settings & Objectives

Security and Privacy Governance, Risk Management, and Compliance Program

Scope of the System

Selection and Approval of Framework, Security, and Privacy Controls

Implementation of Security and Privacy Controls

Assessment/Audit of Security and Privacy Controls

System Compliance

Compliance Maintenance

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot