ISC2 Governance, Risk and Compliance (CGRC) Practice Question
While establishing the authorization boundary for an agency's cloud-hosted payroll system running on an Infrastructure as a Service (IaaS) platform, the security architect inventories several components. Which of the following should be classified as a system asset that belongs inside the system boundary?
The government compliance portal where the agency submits monthly continuous-monitoring reports.
The upstream Internet gateway router owned and operated by the external telecommunications carrier.
The tenant-managed payroll database containing employee salary records stored on virtual disk volumes.
The virtualization hypervisor layer managed entirely by the cloud service provider under the shared-responsibility model.
System assets are the hardware, software, firmware, information, and personnel that are part of the information system and under the organization's direct control. The tenant-managed payroll database, which stores employee salary records on virtual disks allocated to the agency, is part of the information system's software and information components and therefore lies within the boundary.
The hypervisor is managed solely by the cloud provider; it is an external service component covered by the provider's boundary and only connected to the agency's system. The Internet gateway router owned by the telecommunications carrier is an external interconnection device, not a component of the system itself. The government compliance portal used to upload monitoring reports is an external information system, serving as an interface for reporting rather than an internal asset.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the authorization boundary in a cloud system?
Open an interactive chat with Bash
What is the shared responsibility model in cloud environments?
Open an interactive chat with Bash
Why does the tenant-managed payroll database fall within the authorization boundary?
Open an interactive chat with Bash
ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .