ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 671 discussion

Actual exam question from Isaca's CRISC
Question #: 671
Topic #: 1
[All CRISC Questions]

Which of the following issues should be of GREATEST concern when evaluating existing controls during a risk assessment?

  • A. Redundant compensating controls are in place.
  • B. Asset custodians are responsible for defining controls instead of asset owners.
  • C. A high number of approved exceptions exist with compensating controls.
  • D. Successive assessments have the same recurring vulnerabilities.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Khy at April 12, 2021, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Staanlee
8 months, 1 week ago
Selected Answer: D
D. Successive assessments have the same recurring vulnerabilities. When evaluating existing controls during a risk assessment, the greatest concern should be recurring vulnerabilities. This indicates that the controls in place are not effectively mitigating the identified risks. It suggests that there may be fundamental weaknesses in the control environment, and these vulnerabilities continue to pose a threat to the organization. Recurring vulnerabilities can be a sign of various issues, including control ineffectiveness, inadequate risk response planning, or insufficient monitoring and improvement of controls over time. Addressing these recurring vulnerabilities should be a top priority to enhance the organization's security posture and reduce the associated risks. It's essential to identify the root causes of these vulnerabilities and take corrective actions to prevent them from reoccurring.
upvoted 2 times
...
CbtL
1 year, 1 month ago
Selected Answer: D
D seems the best answer. If there are exceptions that are covered with compensating controls, that shows there is a risk mitigation strategy. Multiple risk assessments finding the same vulnerabilities implies the findings from the assessment are not being mitigated.
upvoted 1 times
...
john_boogieman
1 year, 2 months ago
Selected Answer: D
The biggest risk is that there are still unresolved vulnerabilities, not that the exceptions are approved and also have compensatory control.
upvoted 2 times
...
MusMus
2 years, 4 months ago
I think it should be C
upvoted 2 times
Ceecil1959
2 years, 1 month ago
I don't think you have a good grasp of compensating controls. Nowhere does it mention that the existing controls did not work. And when you give an answer, back it up with a justification or proof although this site has not provided it.
upvoted 2 times
Koulyo
1 year, 1 month ago
with all due respect you seem to have an attitude problem.
upvoted 1 times
...
...
...
Josh93
3 years ago
I would think it would be C as well
upvoted 2 times
...
Khy
3 years ago
why not C?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago