exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam

Exam CRISC topic 1 question 956 discussion

Actual exam question from Isaca's CRISC
Question #: 956
Topic #: 1
[All CRISC Questions]

A risk practitioner identifies a database application that has been developed and implemented by the business independently of IT. Which of the following is the
BEST course of action?

  • A. Document the reasons for the exception.
  • B. Include the application in IT risk assessments.
  • C. Propose that the application be transferred to IT.
  • D. Escalate the concern to senior management.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cyberbugnx
3 months, 3 weeks ago
Selected Answer: C
B. Include the application in IT risk assessments.
upvoted 1 times
...
Passmi
1 year, 9 months ago
Selected Answer: B
Going with B here..This seems more like End User Computing. Not sure but if it is,then B seems more like the answer
upvoted 1 times
...
mynk29
1 year, 9 months ago
Selected Answer: C
went looking for guidance from ISACA, found this: https://www.isaca.org/about-us/newsroom/press-releases/2017/isaca-shares-eight-controls-to-help-manage-shadow-it-and-optimize-its-benefits IT department as a service-delivery organization kind of leans towards C.
upvoted 1 times
...
CbtL
1 year, 10 months ago
Selected Answer: C
Going with C.
upvoted 1 times
...
Koulyo
1 year, 11 months ago
Its not A as this occurrence is quite popular so its not an exception. I am guessing either B or C. and will voce for C as in the IT the application will be subject to enterprise security assessment.
upvoted 1 times
...
john_boogieman
2 years, 1 month ago
Selected Answer: A
The first thing that should be done is to know why the policy has been breached.
upvoted 1 times
...
Jco
2 years, 3 months ago
Why isnt it B?
upvoted 2 times
CbtL
1 year, 10 months ago
If it is not under IT's management, the risk assessment may not have any benefit to the company / no authority to change things for the better? Just guessing here.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago