exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam

Exam CRISC topic 1 question 987 discussion

Actual exam question from Isaca's CRISC
Question #: 987
Topic #: 1
[All CRISC Questions]

What should a risk practitioner do FIRST when a shadow IT application is identified in a business owner's business impact analysis (BIA)?

  • A. Include the application in the business continuity plan (BCP).
  • B. Report the finding to management.
  • C. Segregate the application from the network.
  • D. Determine the business purpose of the application.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
CbtL
8 months, 2 weeks ago
Selected Answer: D
Agree with D.
upvoted 1 times
...
Koulyo
9 months, 1 week ago
the FIRST thing a risk practitioner should do is D. Determine the business purpose of the application. It is important to first understand the purpose and scope of the shadow IT application before taking any action. The risk practitioner should determine why the business owner is using the application, what data it processes, and what level of risk it presents to the organization. Once the purpose of the application is understood, the risk practitioner can work with the business owner to evaluate the risk and determine the appropriate course of action. This may involve including the application in the business continuity plan (BCP), reporting the finding to management, or segregating the application from the network, depending on the level of risk involved. However, taking any action without first understanding the purpose of the application could potentially disrupt business operations or create unnecessary costs. Therefore, determining the business purpose of the application should be the FIRST step taken by the risk practitioner.
upvoted 2 times
...
john_boogieman
11 months, 1 week ago
Selected Answer: D
The risk professional is not the one to include the application in the BCP, what he has to do is determine the purpose of the application.
upvoted 2 times
...
Ebucluc
1 year, 3 months ago
I strongly believe the answer is A
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...