Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 1015 discussion

Actual exam question from Isaca's CISM
Question #: 1015
Topic #: 1
[All CISM Questions]

During an internal compliance review, the review team discovers that a critical legacy application is unable to meet the organization's mandatory security requirements. Which of the following should be done FIRST?

  • A. Update the risk register.
  • B. Recommend taking the application out of service.
  • C. Implement compensating controls.
  • D. Monitor the application until it can be replaced.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by richck102 at Oct. 24, 2023, 7:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
PatSnyder
2 months, 2 weeks ago
I believe it is C if the review team discovered noncompliance and likely documented it in the report and risk register...
upvoted 1 times
...
shootnot
7 months ago
First C, if after applying compensating control, the risk is still above the acceptable level, then accept the risk and update the risk register.
upvoted 1 times
...
yottabyte
8 months ago
Selected Answer: A
update the risk register first and then track it on regular intervals.
upvoted 1 times
...
AlexJacobson
9 months, 3 weeks ago
Selected Answer: A
Update the risk register first. This way you can better understand the risk and choose how to treat the risk (like with compensating controls).
upvoted 2 times
AlexJacobson
9 months, 3 weeks ago
In the context of the question, the order should be A->C->D.
upvoted 1 times
...
...
TamerBeSafe
9 months, 4 weeks ago
Selected Answer: A
A. Update the risk register. Updating the risk register is the initial action to document and track the identified risk associated with the critical legacy application. This involves recording the non-compliance with mandatory security requirements and assessing the potential impact and likelihood of the risk. Once the risk is documented, the organization can then proceed to determine the most appropriate risk treatment strategy. While options like recommending taking the application out of service (Option B), implementing compensating controls (Option C), and monitoring the application until it can be replaced (Option D) are potential risk treatment strategies, updating the risk register is the foundational step in the risk management process. It ensures that the organization has a clear record of the identified risk and can make informed decisions on how to address it.
upvoted 3 times
...
richck102
1 year ago
Selected Answer: C
C. Implement compensating controls.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel