Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Your agency categorizes a new national-security system as high-impact across confidentiality, integrity, and availability. When building the security plan, which approach correctly applies NIST SP 800-53B requirements for establishing the high-impact control baseline?

  • Start with the low-impact baseline and customize it because the high rating is driven solely by confidentiality.

  • Implement all controls and enhancements in the high baseline, removing only those formally tailored out and documented.

  • Deploy only the controls shared by all three baselines, adding the rest during continuous monitoring.

  • Apply only catalog controls designated as priority 1 (P1) for high-impact systems.

ISC2 Governance, Risk and Compliance (CGRC)
Selection and Approval of Framework, Security, and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot