ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While categorizing a new payroll processing system, the team notes that unauthorized alteration of employee salary figures could cause serious financial errors, but accidental disclosure would have limited effect and the system could be restored within four hours. Which security objective warrants the highest impact level?

Confidentiality
Integrity
Non-repudiation
Availability

Report Issue

Answer Description

Because the most damaging consequence for the payroll system would result from erroneous or manipulated salary data, the greatest risk lies in unauthorized modification of information. This directly threatens integrity-the assurance that data remain accurate, complete, and unaltered except by authorized actions. Although confidentiality and availability are important, the scenario states that disclosure has limited impact and recovery time is acceptable, so their impact levels can remain lower. Non-repudiation is a component of integrity but not one of the three core security objectives used for FIPS 199 categorization. Therefore, integrity must receive the highest impact rating.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

Why is integrity considered more critical than confidentiality in this payroll processing system context?

Open an interactive chat with Bash

What is the role of FIPS 199 in categorizing security objectives?

Open an interactive chat with Bash

How does non-repudiation relate to integrity in security objectives?

Open an interactive chat with Bash

What does integrity mean in the context of information security?

Open an interactive chat with Bash

How does FIPS 199 categorize impact levels for systems?

Open an interactive chat with Bash

What is the difference between non-repudiation and integrity?

Open an interactive chat with Bash

ISC2 Governance, Risk and Compliance (CGRC)

Scope of the System

Your Score:

Settings & Objectives

Security and Privacy Governance, Risk Management, and Compliance Program

Scope of the System

Selection and Approval of Framework, Security, and Privacy Controls

Implementation of Security and Privacy Controls

Assessment/Audit of Security and Privacy Controls

System Compliance

Compliance Maintenance

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot