(ISC)2(ISC)2
CGRC · Question #632
CGRC Question #632: Real Exam Question with Answer & Explanation
The correct answer is D: Common controls. Site-specific controls, which are applied to particular sites or environments within an organization, are categorized as common controls in security frameworks.
Selection and Approval of Framework, Security, and Privacy Controls
Question
Site-specific controls are typically implemented by an organization as what type of controls? Response:
Options
- ATechnical controls
- BSystem specific controls
- CHybrid controls
- DCommon controls
Explanation
Site-specific controls, which are applied to particular sites or environments within an organization, are categorized as common controls in security frameworks.
Common mistakes.
- A. Technical controls are hardware or software-based mechanisms, such as firewalls or encryption, not a classification of how controls are applied across sites.
- B. System specific controls are unique to a particular information system and are not typically applied across an entire site to be inherited by multiple systems.
- C. Hybrid controls are a mix of common and system-specific controls, but the question asks about the primary classification of site-specific controls themselves.
Concept tested. Classification of security controls - common controls
Reference. https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-53r5.pdf
Topics
#Common controls#Control types#Site-specific controls#Control classification
Community Discussion
No community discussion yet for this question.