Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While validating evidence for an access-control audit, you discover that the live firewall rule set differs from the approved baseline. The firewall administrator explains the change was an emergency exception approved verbally last week. Which action best satisfies evidence verification requirements before you document your finding?

  • Review the change-management system for written approval and supporting tickets that authorize the rule change.

  • Accept the administrator's explanation as adequate evidence and proceed with the report.

  • Classify the control as non-compliant immediately because the baseline was not followed.

  • Compare the current firewall rules to industry best practices to decide whether the change is acceptable.

ISC2 Governance, Risk and Compliance (CGRC)
Assessment/Audit of Security and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot