ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 1705 discussion

Actual exam question from Isaca's CRISC
Question #: 1705
Topic #: 1
[All CRISC Questions]

Which of the following should be of MOST concern to a risk practitioner reviewing the system development life cycle (SDLC)?

  • A. Segregation of duties controls are overridden during user testing phases
  • B. Testing is completed by IT support users without input from end users
  • C. Data anonymization is used during all cycles of end user testing
  • D. Testing is completed in phases with user testing scheduled as the final phase
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Baddest at March 24, 2024, 12:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
d9iceguy
1 month, 3 weeks ago
Selected Answer: A
Overriding segregation of duties (SoD) controls poses the greatest risk in the SDLC because it: Introduces the potential for unauthorized changes, fraud, errors, or malicious activities. Undermines fundamental controls meant to ensure the integrity and reliability of the system. Can significantly compromise security, auditability, and compliance throughout the development lifecycle. Why not the other options? B. Testing by IT support users without end-user input: A concern for functionality or usability, but less severe than overriding critical security controls. C. Data anonymization used during end-user testing: Actually reduces risk by protecting sensitive data. D. User testing as the final phase: A standard approach in many SDLC methodologies; not inherently a significant risk.
upvoted 1 times
...
lferolm
10 months, 2 weeks ago
Selected Answer: A
Segregation of duties controls are overridden during user testing phases: This is the most concerning issue for a risk practitioner because segregation of duties (SoD) is a critical internal control designed to prevent conflicts of interest and reduce the risk of errors and fraud. Overriding these controls during any phase of the SDLC, including user testing, can lead to significant risks such as unauthorized access, manipulation of data, and lack of accountability. This concern directly impacts the integrity, security, and reliability of the system being developed.
upvoted 1 times
...
Baddest
1 year, 1 month ago
A. Segregation of duties controls are overridden during user testing phases Segregation of duties controls are critical for preventing fraud and errors by ensuring that no single individual has the ability to execute a critical process from beginning to end without oversight. Overriding these controls during user testing phases could potentially lead to unauthorized or inappropriate actions being taken, increasing the risk of fraud, errors, or data breaches. Therefore, a risk practitioner would be particularly concerned if segregation of duties controls were compromised during any phase of the SDLC, as it could introduce significant risks to the development process and the resulting system
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago