ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam
Go to Exam

Exam CRISC topic 1 question 800 discussion

Actual exam question from Isaca's CRISC
Question #: 800
Topic #: 1
[All CRISC Questions]

An organization's chief technology officer (CTO) has decided to accept the risk associated with the potential loss from a denial-of-service (DoS) attack. In this situation, the risk practitioner's BEST course of action is to:

  • A. validate the CTO's decision wish the business process owner.
  • B. recommend that the CTO revisit the risk acceptance decision.
  • C. identify key risk indicators (KRIs) for ongoing monitoring.
  • D. update the risk register with the selected risk response.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Broesweelies at March 21, 2023, 8:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kennethlim79
1 month, 1 week ago
Selected Answer: C
he best course of action for the risk practitioner in this situation is C. identify key risk indicators (KRIs) for ongoing monitoring. Here's why: Risk acceptance: The CTO has already accepted the risk, so trying to validate the decision or recommend revisiting it would not be effective. Proactive mitigation: Identifying KRIs is a proactive step that allows the organization to monitor the situation and take action if the risk becomes more severe. Data-driven decision-making: By tracking KRIs, the organization can gather data and insights into the potential impacts of the DoS attack. This information can be used to make informed decisions about resource allocation and further risk mitigation strategies. While updating the risk register is important, it should not be the first step after the CTO accepts the risk. Identifying KRIs is a more immediate and effective way to manage the accepted risk.
upvoted 2 times
...
CbtL
9 months ago
Selected Answer: A
Agree it is A.
upvoted 2 times
...
Koulyo
9 months, 1 week ago
Risk acceptances must be done by the business and validated. A
upvoted 3 times
...
Broesweelies
9 months, 3 weeks ago
Selected Answer: D
D. update the risk register with the selected risk response. In this situation, the risk practitioner's best course of action is to update the risk register with the selected risk response, as the CTO has decided to accept the risk. This ensures that the risk register accurately reflects the organization's risk management decisions and the accepted risk level.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago