Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While drafting a procedure to implement database encryption in a regulated financial institution, you must ensure the document meets CGRC expectations for control documentation. Which content must the procedure include to show clear alignment with the organization's purpose, scope, and risk profile?

  • A brief narrative summarizing the residual risk that remains after the encryption control is deployed.

  • A short mission statement explaining why encryption supports the company's overall security vision, without implementation details.

  • An appendix listing all industry frameworks and regulations that recommend or require encryption measures.

  • A numbered sequence of implementation and operational steps, each mapped to the responsible role and success criteria.

ISC2 Governance, Risk and Compliance (CGRC)
Implementation of Security and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot