Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca Exam CRISC Topic 3 Question 93 Discussion

Actual exam question for Isaca's CRISC exam
Question #: 93
Topic #: 3
[All CRISC Questions]

An organization recently implemented a cybersecurity awareness program that includes phishing simulation exercises for all employees. What type of control is being utilized?

Show Suggested Answer Hide Answer
Suggested Answer: C

Phishing simulations serve as a deterrent by highlighting the consequences of risky behavior and reinforcing secure practices, reducing the likelihood of successful attacks. This supports Behavioral Risk Management.


by Lynelle at Jan 22, 2025, 04:44 AM

Limited Time Offer

25%

Off

Get Premium CRISC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cheryl
3 months ago
I believe it could also be a detective control, as it helps in detecting potential vulnerabilities.
upvoted 0 times
...
Ceola
4 months ago
This question is a bit 'phishy' if you ask me, but I'm going to have to go with A) Preventive. Gotta stay ahead of those cybercriminals, you know?
upvoted 0 times
Corinne
3 months ago
I think so too. It's better to prevent the attacks rather than just detect them after the fact.
upvoted 0 times
...
Yan
3 months ago
I agree, A) Preventive sounds like the right choice. It's important to proactively protect against phishing attacks.
upvoted 0 times
...
...
Winifred
4 months ago
I'm feeling a bit like a 'phish' out of water here, but I'll go with B) Compensating. The exercises help compensate for the potential weaknesses in the organization's cybersecurity measures.
upvoted 0 times
...
Mona
4 months ago
I agree with Julio, phishing simulation exercises are meant to prevent cyber attacks.
upvoted 0 times
...
Alishia
4 months ago
Hmm, I'm going with C) Deterrent. The phishing simulations are meant to deter employees from engaging in risky online behavior.
upvoted 0 times
Kati
3 months ago
I think it could also be A) Preventive, since the goal is to prevent security incidents by raising awareness.
upvoted 0 times
...
Fallon
3 months ago
I agree, C) Deterrent makes sense. It's all about preventing employees from falling for phishing attacks.
upvoted 0 times
...
...
Haydee
4 months ago
D) Detective makes more sense to me. The exercises are designed to detect which employees need more cybersecurity training.
upvoted 0 times
...
Julio
4 months ago
I think the control being utilized is preventive.
upvoted 0 times
...
Ayesha
4 months ago
I think the correct answer is A) Preventive. The phishing simulation exercises are designed to prevent employees from falling for real phishing attacks.
upvoted 0 times
Timothy
3 months ago
I'm leaning towards A) Preventive as well. It's better to be safe than sorry when it comes to cybersecurity.
upvoted 0 times
...
Eladia
3 months ago
I think it could also be C) Deterrent, to scare employees into being more cautious.
upvoted 0 times
...
Kenneth
4 months ago
I agree, A) Preventive makes sense. It's all about stopping the attacks before they happen.
upvoted 0 times
...
...

Save Cancel