Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

When migrating a contractor-owned server that holds aerospace design files labeled as Controlled Unclassified Information (CUI) to an external data center, which technical safeguard must be in place to meet NIST SP 800-171 requirements for handling CUI on non-federal systems?

  • Automatically declassify the files five years after creation unless extended by the originator.

  • Protect the files with FIPS 140-validated encryption both at rest and in transit.

  • Keep the files only inside a facility accredited under Intelligence Community Directive 705.

  • Allow unrestricted remote access once users complete annual cybersecurity awareness training and sign nondisclosure agreements.

ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot