ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 1109 discussion

Actual exam question from Isaca's CRISC
Question #: 1109
Topic #: 1
[All CRISC Questions]

A recent vulnerability assessment of a web-facing application revealed several weaknesses. Which of the following should be done NEXT to determine the risk exposure?

  • A. Gap assessment
  • B. Business impact analysis (BIA)
  • C. Code review
  • D. Penetration test
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Jco at Nov. 24, 2022, 7:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jco
Highly Voted 1 year, 1 month ago
Should be D? Pentest can leverage on the Vulnerability assesment results to validate and test on the possible exposure/impact.
upvoted 6 times
...
CbtL
Most Recent 8 months, 2 weeks ago
Selected Answer: D
Agree it is D.
upvoted 1 times
...
Koulyo
9 months, 1 week ago
Penetration testing will validating impact or not. I opt D
upvoted 2 times
...
ldl
10 months, 2 weeks ago
why not B to assess the impact on the business
upvoted 1 times
...
john_boogieman
10 months, 3 weeks ago
Selected Answer: D
Agree.
upvoted 2 times
...
Suchib
1 year ago
Selected Answer: D
After VA is done PT to be performed to consider the exposure.
upvoted 2 times
...
skhalid
1 year, 1 month ago
it should be D
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel