CGRC · Question #351
CGRC Question #351: Real Exam Question with Answer & Explanation
The correct answer is A: Security Control Inheritance. This question defines the scenario where an information system or application is protected by security controls managed by entities external to or distinct from the system's own responsible entity.
Question
A situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. Response:
Options
- ASecurity Control Inheritance
- BNetwork Security Controls
- CHybrid Security Controls
- DSystem-Specific Security Control
Explanation
This question defines the scenario where an information system or application is protected by security controls managed by entities external to or distinct from the system's own responsible entity.
Common mistakes.
- B. Network Security Controls are specific types of technical controls focused on network infrastructure, not a concept describing how controls are managed or shared across entities.
- C. Hybrid Security Controls describe a mix of common and system-specific controls, not the concept of receiving protection from other entities.
- D. System-Specific Security Control refers to controls unique to a particular system, which is the opposite of controls provided by other entities.
Concept tested. Security Control Inheritance
Reference. https://csrc.nist.gov/glossary/term/security_control_inheritance
Topics
Community Discussion
No community discussion yet for this question.