New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CRISC Exam - Topic 3 Question 93 Discussion

Actual exam question for Isaca's CRISC exam
Question #: 93
Topic #: 3
[All CRISC Questions]

An organization recently implemented a cybersecurity awareness program that includes phishing simulation exercises for all employees. What type of control is being utilized?

Show Suggested Answer Hide Answer
Suggested Answer: C

Phishing simulations serve as a deterrent by highlighting the consequences of risky behavior and reinforcing secure practices, reducing the likelihood of successful attacks. This supports Behavioral Risk Management.


by Lynelle at Jan 22, 2025, 04:44 AM

Limited Time Offer

25%

Off

Get Premium CRISC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rossana
3 months ago
Compensating? Nah, that's not it.
upvoted 0 times
...
Janella
3 months ago
Surprised to see this as preventive, seems more like training.
upvoted 0 times
...
Matilda
3 months ago
Totally agree, preventive all the way!
upvoted 0 times
...
Ammie
4 months ago
Really? I thought it was more of a detective measure.
upvoted 0 times
...
Kristian
4 months ago
It's definitely a preventive control!
upvoted 0 times
...
Dante
4 months ago
I’m leaning towards preventive as well, but I wonder if it could also be seen as compensating since it’s a response to potential threats.
upvoted 0 times
...
Latrice
4 months ago
I feel like it could be detective too, since it helps identify who might fall for phishing, but that doesn't seem right for the main purpose.
upvoted 0 times
...
Ellsworth
4 months ago
I remember practicing a question about this, and I think phishing simulations are more about training, so maybe it's a deterrent control?
upvoted 0 times
...
Abraham
5 months ago
I think this is a preventive control since the goal is to stop phishing before it happens, but I'm not entirely sure.
upvoted 0 times
...
Ronnie
5 months ago
Okay, let me think this through. The phishing simulations are designed to detect and prevent employees from falling for real phishing attempts, so I'm going to go with Detective control.
upvoted 0 times
...
Shantell
5 months ago
I'm a bit confused on the differences between the control types. Is a Compensating control the right answer since the phishing simulations are an additional measure to address the risk of phishing?
upvoted 0 times
...
Corrie
5 months ago
Hmm, I'm not sure about this one. Is it a Deterrent control since the phishing simulations are meant to discourage employees from falling for real phishing attacks?
upvoted 0 times
...
Brynn
5 months ago
This seems like a straightforward question. The organization is using phishing simulations to raise cybersecurity awareness, so I think the answer is Preventive control.
upvoted 0 times
...
Cheryl
1 year ago
I believe it could also be a detective control, as it helps in detecting potential vulnerabilities.
upvoted 0 times
...
Ceola
1 year ago
This question is a bit 'phishy' if you ask me, but I'm going to have to go with A) Preventive. Gotta stay ahead of those cybercriminals, you know?
upvoted 0 times
Corinne
1 year ago
I think so too. It's better to prevent the attacks rather than just detect them after the fact.
upvoted 0 times
...
Yan
1 year ago
I agree, A) Preventive sounds like the right choice. It's important to proactively protect against phishing attacks.
upvoted 0 times
...
...
Winifred
1 year ago
I'm feeling a bit like a 'phish' out of water here, but I'll go with B) Compensating. The exercises help compensate for the potential weaknesses in the organization's cybersecurity measures.
upvoted 0 times
...
Mona
1 year ago
I agree with Julio, phishing simulation exercises are meant to prevent cyber attacks.
upvoted 0 times
...
Alishia
1 year ago
Hmm, I'm going with C) Deterrent. The phishing simulations are meant to deter employees from engaging in risky online behavior.
upvoted 0 times
Kati
1 year ago
I think it could also be A) Preventive, since the goal is to prevent security incidents by raising awareness.
upvoted 0 times
...
Fallon
1 year ago
I agree, C) Deterrent makes sense. It's all about preventing employees from falling for phishing attacks.
upvoted 0 times
...
...
Haydee
1 year ago
D) Detective makes more sense to me. The exercises are designed to detect which employees need more cybersecurity training.
upvoted 0 times
...
Julio
1 year ago
I think the control being utilized is preventive.
upvoted 0 times
...
Ayesha
1 year ago
I think the correct answer is A) Preventive. The phishing simulation exercises are designed to prevent employees from falling for real phishing attacks.
upvoted 0 times
Timothy
1 year ago
I'm leaning towards A) Preventive as well. It's better to be safe than sorry when it comes to cybersecurity.
upvoted 0 times
...
Eladia
1 year ago
I think it could also be C) Deterrent, to scare employees into being more cautious.
upvoted 0 times
...
Kenneth
1 year ago
I agree, A) Preventive makes sense. It's all about stopping the attacks before they happen.
upvoted 0 times
...
...

Save Cancel