Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

You are developing a control implementation strategy for a U.S. health provider launching a telehealth app that will collect EU residents' personal health data. To align with applicable national and international requirements, which additional step should you include before deployment?

  • Map system audit logs to the MITRE ATT&CK framework for future threat hunting.

  • Update all service-level agreements to reference the FedRAMP Moderate security baseline only.

  • Conduct a Data Protection Impact Assessment to address GDPR obligations before processing EU personal data.

  • Rely on the HIPAA Privacy Rule's safe harbor to process patient data globally without further analysis.

ISC2 Governance, Risk and Compliance (CGRC)
Implementation of Security and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot