ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 1302 discussion

Actual exam question from Isaca's CRISC
Question #: 1302
Topic #: 1
[All CRISC Questions]

An organization has experienced a cyber attack that exposed customer personally identifiable information (PII) and caused extended outages of network services. Which of the following stakeholders are MOST important to include in the cyber response team to determine response actions?

  • A. Cyber risk remediation plan owners
  • B. Enterprise risk management (ERM) team
  • C. Security control owners based on control failures
  • D. Risk owners based on risk impact
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by john_boogieman at Feb. 25, 2023, 5:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LDR2409
2 months, 3 weeks ago
Selected Answer: A
Key word is "response" not "mitigate", a response is an inmediate answer to contain the incident, of that the risk owner mught not know the best, but to implement a permanent solution (mitigate) i think D would be appropiate
upvoted 1 times
...
K5000ism
1 year ago
Selected Answer: A
A. Cyber risk remediation plan owners. This person is the most relevant person who knows how to contain the attack. System control owners' expertise and understanding of the specific control mechanisms are vital for both identifying the root causes and formulating effective response strategies to address the breach. The issue with C is that the breach may have happened because of a non-existing control.
upvoted 1 times
...
mynk29
1 year, 7 months ago
Selected Answer: D
Risk owners knows the best. :)
upvoted 1 times
...
CbtL
1 year, 8 months ago
Selected Answer: D
Agree with D.
upvoted 1 times
CbtL
1 year, 8 months ago
The risk owners would provide the best guidance on response should a risk be realized. They know who and what is impacted, and what the company needs for mitigation actions and continuity needs.
upvoted 1 times
...
...
john_boogieman
1 year, 10 months ago
Selected Answer: A
The Cyber risk remediation plan owner is best suited to provide guidance on how to contain the attack, minimize the impact, and prevent future attacks.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel