Crucial Exams

ISC2 Governance, Risk and Compliance (CGRC) Practice Question

Your federal agency plans to let a private contractor operate a system that will process agency-owned data. According to FISMA requirements, which action must the agency take before allowing the contractor to begin operations?

  • Transfer full responsibility for any future security incidents to the contractor through a service-level agreement.

  • Obtain prior approval from the Government Accountability Office before any agency information is processed off-site.

  • Verify that the contractor's system implements security controls that provide protection equivalent to the level the agency applies to its own systems and data.

  • Publish a detailed description of the system's security architecture in the Federal Register for public comment.

ISC2 Governance, Risk and Compliance (CGRC)
Security and Privacy Governance, Risk Management, and Compliance Program
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot