Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Your agency's baseline requires full-disk encryption on every laptop that processes personally identifiable information (PII). Several legacy laptops lack the hardware needed for FDE and will not be replaced until next year. To satisfy the requirement with a compensating control that offers equivalent protection in the interim, which action is MOST appropriate?

  • Have employees sign a statement accepting personal responsibility if PII is exposed from the legacy laptops.

  • Allow PII only on organization-issued USB drives that provide hardware encryption and block local storage of PII on the legacy laptops.

  • Require users to set strong BIOS passwords on the affected laptops before each use.

  • Increase annual security-awareness training to remind users never to leave laptops unattended in public places.

ISC2 Governance, Risk and Compliance (CGRC)
Implementation of Security and Privacy Controls
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot