ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 1213 discussion

Actual exam question from Isaca's CRISC
Question #: 1213
Topic #: 1
[All CRISC Questions]

Due to budget constraints, an organization cannot implement encryption to all databases. Which of the following is the MOST useful information to identify high- risk databases where encryption should be applied?

  • A. Business impact assessment (BIA)
  • B. Unsupported database list
  • C. Penetration test results
  • D. Data classification scheme
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by johnwalters at Oct. 20, 2022, 10:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rahmeh
1 year ago
The answer is A, you need to understand the impact on the business incase the data were not encrypted.
upvoted 1 times
...
CbtL
1 year, 3 months ago
Selected Answer: D
Agree with D.
upvoted 1 times
...
ldl
1 year, 4 months ago
Selected Answer: D
Data classification is the first step then comes BIA so i would change it to D
upvoted 2 times
...
jseeker
1 year, 4 months ago
Selected Answer: A
The organization has X number of databases and it is looking to encrypt only a subset of that due to budget constraints; the question is, how would you find the subset, that qualifies for encryption? If you go the data classification route, you would end up choosing to encrypt all of the PII information databases (but budget does not support); if you choose the business critical route through the BIA analysis DBs, you would find a subset of databases that need to be encrypted. I would choose choice A. No?
upvoted 2 times
CbtL
1 year, 3 months ago
BIA is more about availability, encryption is more about confidentiality. Something can be business critical and have only data that does not warrant encryption.
upvoted 1 times
...
...
ldl
1 year, 5 months ago
BIA is the answer
upvoted 1 times
...
john_boogieman
1 year, 5 months ago
Selected Answer: D
To identify high-risk databases where encryption should be applied, the most useful information would be provided by a data classification scheme. A data classification scheme helps to categorize data based on its sensitivity and the potential impact to the organization if that data were to be compromised. By applying a classification scheme to the databases, the organization can determine which databases contain the most sensitive or critical data, and therefore, have the highest risk associated with them.
upvoted 3 times
...
Annyp
1 year, 7 months ago
BIA gives criticality of business and not data. Data classification tells us importance of data hence D is correct
upvoted 1 times
...
johnwalters
1 year, 9 months ago
Selected Answer: D
A database could be non sensitive and not require confidentiality but really require integrity and availability so D is correct.
upvoted 2 times
MartyMar
1 year, 8 months ago
I would think the BIA would have taken that into consideration, therefore being a better right answer. So I would still go with BIA
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel