An organization uses one centralized single sign-on (SSO) control to cover many applications. Which of the following is the BEST course of action when a new application is added to the environment after testing of the SSO control has been completed?
A.
Initiate a retest of the full control.
B.
Re-evaluate the control during the next assessment.
C.
Review the corresponding change control documentation.
D.
Retest the control using the new application as the only sample.
C
This approach is important because change control documentation should detail the impact of adding a new application on the existing SSO control, including any potential risks or necessary adjustments. Reviewing this documentation helps ensure that the addition of the new application is aligned with the current control environment and that any necessary modifications to the SSO control are identified and addressed.
Effectiveness of SSO control has been done (lets say with 10 apps). Now you adding one more application. Why would one want to retest the entire control again with 11 apps now? You would only test the effectiveness of control for this new app only.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
K5000ism
11 months, 2 weeks agomynk29
1 year, 6 months agoCbtL
1 year, 7 months agojohn_boogieman
1 year, 9 months ago