Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While compiling the System Security Plan for a new grants-management platform hosted in a private cloud, the security team must establish the system's authorization boundary. Which component should be documented as residing inside that boundary instead of being treated as an external interconnection?

  • The agency's public website that simply redirects visitors to the platform's login page.

  • The virtual database cluster that stores applicant data within the same cloud VPC.

  • The third-party payment gateway the platform calls via an encrypted API.

  • The enterprise Security Operations Center that passively receives copies of audit logs.

ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot