ISC2 CGRC Exam Questions With Verified And Updated Solutions.

ISC2 CGRC Exam Questions With Verified And Updated Solutions. Baseline Configuration - answerA documented set of specifications for a system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time and which can be changed only through change control procedures. Clear - answerA method of sanitization by applying logical techniques to sanitize data in all user-addressable storage locations for protection against simple noninvasive data recovery techniques using the same interface available to the user; typically applied through the standard read and write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported). Configuration - answerThe possible conditions, parameters and specifications with which an information system or system component can be described or arranged. Change Control - answerProcess for controlling modifications to hardware, firmware, software and documentation to protect the information system against improper modifications before, during and after system implementation. Configuration Control Board - answerA group of qualified people with responsibility for the process of regulating and approving changes to hardware, firmware, software, and documentation throughout the development and operational life cycle of an information system. Configuration Item - answerAn aggregation of system components that is designated for configuration management and treated as a single entity in the configuration management process. Configuration Management Plan - answerA comprehensive description of the roles, responsibilities, policies and procedures that apply when managing the configuration of products and systems. Destroy - answerA method of sanitization that renders target data recovery infeasible using state-of-the-art laboratory techniques and results in the subsequent inability to use the media for storage of data. Disposal - answerA release outcome following the decision that media does not contain sensitive data. This occurs either because the media never contained sensitive data or because sanitization techniques were applied, and the media no longer contains sensitive data. Purge - answerA method of sanitization by applying physical or logical techniques that renders target data recovery infeasible using state-of-the-art laboratory techniques. Sanitize - answerA process to render access to target data on the media infeasible for a given level of effort. Clear, purge and destroy are actions that can be taken to sanitize media. Security Impact Analysis - answerThe analysis conducted by an organizational official to determine the extent to which a change to the information system has affected the security state of the system. Security Posture - answerThe security status of an enterprise's networks, information and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. Synonymous with security status. Authorization Package - answerThe essential information that an authorizing official uses to determine whether to authorize the operation of an information system or the provision of a designated set of common controls. At a minimum, the authorization package includes an executive summary, system security plan, privacy plan, security control assessment, privacy control assessment as well as any relevant plans of action and milestones. Authorization to Operate (ATO) - answerThe official management decision given by one or more senior federal officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations and the nation, based on the implementation of an agreed- upon set of security and privacy controls. Authorization also applies to common controls inherited by agency information systems. Authorization to Use (ATU) - answerThe official management decision given by an authorizing official to authorize the use of an information system, service or application based on the information in an existing authorization package generated by another organization, and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations and the nation, based on the implementation of an agreed-upon set of controls in the system, service or application. Authorizing Official (AO) - answerA senior federal official or executive with the authority to authorize (i.e., assume responsibility for) the operation of an information system or the use of a designated set of common controls at an acceptable level of risk to agency operations (including mission, functions, image or reputation), agency assets, individuals, other organizations and the nation. Continuous Monitoring - answerMaintaining ongoing awareness to support organizational risk decisions. Information Security Risk - answerThe risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations and the