ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 238 discussion

Actual exam question from Isaca's CRISC
Question #: 238
Topic #: 1
[All CRISC Questions]

You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. (Choose three.)

  • A. Education of staff or business partners
  • B. Deployment of a threat-specific countermeasure
  • C. Modify of the technical architecture
  • D. Apply more controls
Show Suggested Answer Hide Answer
Suggested Answer: ABC 🗳️
As new threats are identified and prioritized in terms of impact, the first step is to evaluate the ability of existing controls to mitigate risk associated with new threats and if it does not work then in that case facilitate the:
✑ Modification of the technical architecture
Deployment of a threat-specific countermeasure

✑ Implementation of a compensating mechanism or process until mitigating controls are developed
✑ Education of staff or business partners
Incorrect Answers:
D: Applying more controls is not the good solution. They usually complicate the condition.
by Rooks at Nov. 1, 2020, 4:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
faed87a
3 months, 4 weeks ago
Selected Answer: ABC
Modifying the technical architecture involves changing the design or infrastructure of the system to make it more resilient to the new risks. This could include enhancing network security, upgrading firewalls, or redesigning the system to address specific vulnerabilities
upvoted 1 times
...
SuperMax
8 months, 3 weeks ago
In the scenario where you have identified new threats and found that existing controls are not efficient in mitigating these risks, here are three steps you could take to address the situation: B. Deployment of a threat-specific countermeasure: Implementing threat-specific countermeasures is an effective strategy to address the new risks. These countermeasures are tailored to the specific threats, and they can be more efficient in mitigating the risks compared to general controls. C. Modify the technical architecture: Sometimes, the existing technical architecture may need modifications to better address new threats. This can involve making changes to your network, systems, or infrastructure to enhance security and resilience against the identified risks. D. Apply more controls: In some cases, adding more controls to your security framework may be necessary. These additional controls can complement existing measures and provide a layered defense against the new threats. It's important to choose controls that are relevant to the specific risks you've identified.
upvoted 1 times
SuperMax
8 months, 3 weeks ago
Education of staff or business partners: While education and awareness are important aspects of overall security, they may not be the most immediate and direct response to addressing new threats. Education can be a preventative measure, but in the case of identified threats, it's typically more urgent to deploy specific countermeasures, modify the technical architecture, or apply additional controls. Staff and partners should be educated on these changes, but this step alone may not efficiently mitigate the risks associated with the new threats.
upvoted 1 times
...
...
eblue
10 months, 1 week ago
BCD. Education of staff or business partners: While education might not be a direct solution to modifying controls, it's an important step to enhance the overall security posture of the enterprise. Ensuring that staff and business partners are aware of the new threats and understand how to respond appropriately can contribute to a more secure environment. Educated employees are better equipped to recognize potential threats and follow security best practices.
upvoted 2 times
...
mih
10 months, 3 weeks ago
Selected Answer: BCD
It should be BCD.
upvoted 1 times
...
Prashil
3 years, 1 month ago
dont agree with the answers.
upvoted 1 times
...
Rooks
3 years, 8 months ago
I would argue that modifying the existing architecture can complicate the situation worse than applying more controls.
upvoted 3 times
Volose
12 months ago
Applying controls too general when you have Deployment of a threat-specific countermeasure
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel