Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Your agency must demonstrate continuous monitoring of personnel activities to an external auditor. Access logs already flow to a central SIEM, but terminated employees sometimes retain active privileged accounts for several days. Which additional control would best close this compliance gap?

  • Schedule weekly vulnerability scans of all employee workstations.

  • Extend firewall log retention from 30 to 90 days for historical analysis.

  • Implement an automated feed from the HR system to the IAM solution so account status changes instantly update or disable user privileges.

  • Enforce a policy requiring administrators to change shared root passwords every 60 days.

ISC2 Governance, Risk and Compliance (CGRC)
Compliance Maintenance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot