Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While completing the System Security Plan for a new cloud-hosted case-management application, the GRC analyst must write the subsection that documents the system's purpose and functionality. Which of the following draft sentences BEST satisfies that specific requirement?

  • The application enables investigators to log, track, and report regulatory compliance cases from intake through closure, supporting the agency's enforcement mission.

  • The system consists of two Ubuntu 22.04 servers hosted in AWS, connected by a load balancer in the agency's VPC.

  • System downtime exceeding four hours will degrade field operations and must be reported to the CIO within one business day.

  • All stored data is encrypted with AES-256 and all traffic is protected by TLS 1.3 to safeguard Controlled Unclassified Information.

ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot