Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While performing the Select security controls step of the NIST Risk Management Framework, you learn that the new information system will operate in a strictly controlled data-center where visitors are never permitted. To justify removing control PE-16 (Visitor Access Records) from the initial Moderate baseline, which tailoring activity defined by NIST SP 800-53 should you document?

  • Set the organization-defined parameters in PE-16 to values that effectively disable its requirements.

  • Document a scoping consideration that the operational environment makes the control inapplicable.

  • Replace PE-16 with a compensating control that provides equivalent protection.

  • Apply a privacy overlay that excludes PE-16 from the Moderate baseline.

ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot