An organization plans to migrate sensitive information to a public cloud infrastructure. Which of the following is the GREATEST security risk in this scenario?
Correct Answer: A
The greatest security risk in this scenario is that data may be commingled with other tenants' data on the public cloud infrastructure. Data commingling occurs when data from different sources or customers are mixed together without proper segregation or encryption. This may result in data leakage, unauthorized access, or loss of confidentiality and integrity. Data commingling is a common challenge in public cloud environments, where multiple customers share the same physical resources and network. System downtime, infrastructure management, and cloud provider certification are also potential risks in this scenario, but they are not as great as data commingling. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 5, Section 5.2.1.1, page 2451 1: ISACA Certified in Risk and Information Systems Control (CRISC) Exam Guide, Answer to Question 638.
CRISC Exam Question 47
When developing risk scenario using a list of generic scenarios based on industry best practices, it is MOST imported to:
Correct Answer: B
The most important step when developing risk scenarios using a list of generic scenarios based on industry best practices is to validate the generic risk scenarios for relevance. The generic risk scenarios may not be applicable or suitable for the specific context, objectives, and environment of the organization. Therefore, the risk practitioner should validate the relevance of the generic risk scenarios by comparing them with the organization's risk profile, risk appetite, and risk criteria. Assessing generic risk scenarios with business users, selecting the maximum possible risk scenarios from the list, and identifying common threats causing generic risk scenarios are other steps that may be useful, but they are not as important as validating the relevance of the generic risk scenarios. References = ISACA Certified in Risk and Information Systems Control (CRISC) Certification Exam Question and Answers, question 12; CRISC Review Manual, 6th Edition, page 215.
CRISC Exam Question 48
Which of the following presents the GREATEST challenge to managing an organization's end-user devices?
Correct Answer: D
CRISC Exam Question 49
A payroll manager discovers that fields in certain payroll reports have been modified without authorization. Which of the following control weaknesses could have contributed MOST to this problem?
Correct Answer: C
A payroll manager discovers that fields in certain payroll reports have been modified without authorization. This indicates that there is a risk of unauthorized access, use, disclosure, modification, or destruction of sensitive data, such as employee information, payroll records, tax returns, etc. A control weakness that could have contributed most to this problem is that the programmer had access to the production programs. This means that the programmer could potentially alter the source code or configuration of the payroll software without proper authorization or approval. The other options are not control weaknesses that could have contributed most to this problem. They are either irrelevant or less likely to cause unauthorized changes in the payroll software. The references for this answer are: Risk IT Framework, page 12 Information Technology & Security, page 6 Risk Scenarios Starter Pack, page 4
CRISC Exam Question 50
Which of the following should be considered when selecting a risk response?
Correct Answer: B
When selecting a risk response, the following should be considered: B: Risk response costs It's important to evaluate the costs associated with implementing a risk response to ensure that they are justified by the benefits of mitigating the risk. This helps in making cost-effective decisions that align with the organization's risk management objectives.