Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While drafting the annual security assessment plan, you review the last two audit reports for a cloud-hosted ERP system and note that both cited unresolved weaknesses in database backup encryption. How should this recurring finding influence the scope and resourcing of the upcoming assessment?

  • Record the issue as an accepted residual risk and focus assessment resources on new control areas instead.

  • Defer testing of backup encryption until the next audit cycle to give system owners more remediation time.

  • Plan a dedicated follow-up test with additional sampling and interviews to verify that backup encryption controls are now properly implemented.

  • Exclude backup encryption from the assessment scope because it was already documented in prior audits.

ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot