Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

You have completed the security categorization worksheet for a new federal case-management system. The analysis shows a Confidentiality impact of Moderate, an Integrity impact of High, and an Availability impact of Low. Which single impact level must you record in the final security categorization section, and why?

  • Moderate, because it represents the median of the three impact values and avoids over-control.

  • Moderate, because only two of the three objectives are above Low and a consensus value is required.

  • Low, because the system's mission can tolerate limited downtime despite integrity concerns.

  • High, because the highest of the three impact ratings drives the overall categorization.

ISC2 Governance, Risk and Compliance (CGRC)
Scope of the System
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot