Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While tailoring the NIST SP 800-53 moderate baseline for a federal web application, the ISSO discovers the system exchanges protected health information between two internal subnets separated by a controlled interface in another enclave. To satisfy the added confidentiality need, which control enhancement or security practice should most immediately be incorporated?

  • Replace SC-7 boundary protection with AC-6 least privilege to restrict user permissions on the application servers.

  • Augment SC-8 with control enhancement (1) to require FIPS-validated cryptographic protection for information in transit across the interface.

  • Add MP-6 media sanitization procedures for disposal of decommissioned storage devices used by the application.

  • Implement AU-6(3) centralized correlation to improve detection of anomalous security events.

ISC2 Governance, Risk and Compliance (CGRC)
Selection and Approval of Framework, Security, and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot