ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While drafting the audit plan for a cloud-hosted payroll application, you must determine whether employees' salary data will be protected by encryption as it moves between the web front end, application programming interface (API) layer, and backend database. Which system document will give the clearest view of these data transfer paths and trust boundaries?

Data flow diagram depicting the application's processes and data stores
Physical rack elevation diagram for the data center equipment
Standard operating procedure for incident response escalation
Server build and hardening checklist for the Linux images

Report Issue

Answer Description

A data flow diagram illustrates how information moves among processes, data stores, and external entities. Because it highlights where data is created, transmitted, and stored, auditors can pinpoint trust boundaries and identify where encryption or other controls must be applied. Rack elevation diagrams show physical equipment placement, not logical data movement. Incident-response procedures describe steps after an event, not normal data flows. Server build or hardening checklists focus on configuration details for a single host, offering little insight into inter-component data exchanges.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What is a data flow diagram (DFD) and why is it important for auditing?

Open an interactive chat with Bash

What are trust boundaries in the context of a data flow diagram?

Open an interactive chat with Bash

How does encryption ensure security during data transfers in a cloud application?

Open an interactive chat with Bash

What is a data flow diagram (DFD) and why is it useful?

Open an interactive chat with Bash

What are trust boundaries in a system, and why are they important?

Open an interactive chat with Bash

How does encryption help secure data in a cloud-hosted application?

Open an interactive chat with Bash

What is a data flow diagram (DFD) and why is it important?

Open an interactive chat with Bash

What are trust boundaries in a system, and why are they significant in a DFD?

Open an interactive chat with Bash

How does encryption work in securing data across trust boundaries?

Open an interactive chat with Bash

ISC2 Governance, Risk and Compliance (CGRC)

Assessment/Audit of Security and Privacy Controls

Your Score:

Settings & Objectives

Security and Privacy Governance, Risk Management, and Compliance Program

Scope of the System

Selection and Approval of Framework, Security, and Privacy Controls

Implementation of Security and Privacy Controls

Assessment/Audit of Security and Privacy Controls

System Compliance

Compliance Maintenance

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot