Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While preparing the SSP for a cloud-hosted HR application that syncs with on-premises Active Directory and interfaces with a SaaS payroll service, which single artifact most directly documents the system's hardware, software, trust zones, and all internal and external connections to define its authorization boundary?

  • A RACI chart mapping HR-system stakeholders to their roles and responsibilities

  • A configuration baseline listing approved operating-system versions and patch levels for each server

  • A business impact analysis defining recovery-time and recovery-point objectives for HR services

  • A current network and data-flow diagram that shows all system components, trust zones, and connections to the internal AD environment and the external SaaS payroll service

ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot