CGRC Question #428: Real Exam Question with Answer & Explanation

Sign in or unlock CGRC to reveal the answer and full explanation for question #428. The question stem and answer options stay visible for context.

Selection and Approval of Framework, Security, and Privacy Controls

Question

An information system is currently in the initiation phase of the system development life cycle (SDLC) and has been categorized high impact. The information system owner wants to inherit common controls provided by another organizational information system that is categorized moderate impact. How does the information system owner ensure that the common controls will provide adequate protection for the information system? Response:

Options

ASupplement the common controls with system-specific or hybrid controls to achieve the required
BAsk the common control provider for the system security plan for the common controls.
CConsult with the information system security engineer and the information security architect.
DPerform rigorous testing of the common controls to determine if they provide adequate protection.

Unlock CGRC to see the answer

You've previewed enough free CGRC questions. Unlock CGRC for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CGRC - $49.99 / 30 days Sign in

Topics

#Control Inheritance#Impact Level#Security Control Tailoring#System Development Life Cycle

Full CGRC Practice Browse All CGRC Questions