ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CGEIT All Questions

View all questions & answers for the CGEIT exam
Go to Exam

Exam CGEIT topic 1 question 228 discussion

Actual exam question from Isaca's CGEIT
Question #: 228
Topic #: 1
[All CGEIT Questions]

A business unit within an enterprise has directly contracted with a cloud service provider to process sensitive customer information. The CIO later identifies a serious risk of potential data compromise due to the vendor's insufficient segregation of environments and lack of strong access controls. The FIRST course of action should be to:

  • A. immediately suspend sending of data to the cloud service provider.
  • B. notify internal audit of the risk.
  • C. discuss the risk with the vendor to determine mitigation actions.
  • D. inform the business process owner of the risk.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by John_Connor at Nov. 8, 2021, 11:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
shiowbah
9 months, 2 weeks ago
A. immediately suspend sending of data to the cloud service provider.
upvoted 1 times
shiowbah
9 months, 1 week ago
C. discuss the risk with the vendor to determine mitigation actions.
upvoted 1 times
...
...
SuperMax
10 months, 1 week ago
Selected Answer: C
C. Discuss the risk with the vendor to determine mitigation actions. Engaging in a discussion with the vendor is crucial because it allows for immediate communication and collaboration to address the identified risks. By discussing the risk with the vendor, the enterprise can work together to understand the nature and severity of the issues, identify potential mitigation measures, and establish a timeline for implementing necessary improvements to enhance security and mitigate the risk of data compromise.
upvoted 1 times
...
Sathish5
1 year ago
Selected Answer: C
Discuss the risk with the vendor to determine mitigation actions: Engaging with the vendor to discuss the identified risks is crucial for understanding their perspective, obtaining information on existing controls, and collaborating on mitigation actions. This proactive communication allows for a more informed and collaborative approach to addressing the identified concerns.
upvoted 2 times
...
John_Connor
3 years, 2 months ago
Why not A? Risk would not be addressed if we notify internal audit.
upvoted 1 times
Ramye
3 years, 1 month ago
Yes, I was thinking A or C. Audit team will just report the same thing and ask for taking actions to mitigate.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel