Exam CRISC topic 1 question 1686 discussion

Actual exam question from Isaca's CRISC

Question #: 1686
Topic #: 1

An organization uses a web application hosted by a cloud service that is populated by data sent to the vendor via email on a monthly basis. Which of the following should be the FIRST consideration when analyzing the risk associated with the application?

A. Whether the service provider contract allows right of onsite audit
B. Whether the service provider's data center is located in the same country
C. Whether the data has been appropriately classified
D. Whether the data sent by email has been encrypted

Show Suggested Answer

Suggested Answer: C 🗳️

by Staanlee at July 27, 2024, 1:09 p.m.

Comments

Submit Cancel

Staanlee

3 months, 3 weeks ago

Selected Answer: D

When analyzing the risk associated with the web application, the first consideration should be whether the data sent by email has been encrypted. Encrypting data in transit protects it from being intercepted or accessed by unauthorized parties, which is crucial for maintaining data confidentiality and security. This step addresses a fundamental aspect of data protection before delving into other considerations such as service provider contracts or data center locations.

upvoted 1 times

...

Exam CRISC All Questions

View all questions & answers for the CRISC exam

Exam CRISC topic 1 question 1686 discussion

Comments

Staanlee

Get IT Certification

New Version GCP Professional Cloud Architect Certificate & Helpful Information

The 5 Most In-Demand Project Management Certifications of 2019