New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CRISC Exam - Topic 4 Question 3 Discussion

Actual exam question for Isaca's CRISC exam
Question #: 3
Topic #: 4
[All CRISC Questions]

After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:

After a high-profile systems breach at an organization s key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:

Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Renea at May 06, 2022, 10:47 PM

Limited Time Offer

25%

Off

Get Premium CRISC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lelia
4 months ago
Regulatory exams usually miss a lot of details, right?
upvoted 0 times
...
Jamal
4 months ago
Wait, why is the vendor performance scorecard even an option?
upvoted 0 times
...
Cathrine
4 months ago
Not so sure about that, internal audits can be just as effective.
upvoted 0 times
...
Julianna
4 months ago
Totally agree, external audits are thorough!
upvoted 0 times
...
Kris
5 months ago
I think the external audit is the most reliable.
upvoted 0 times
...
Bok
5 months ago
Regulatory examinations are thorough, but I feel like they might not reflect the current state of controls as well as an internal audit would.
upvoted 0 times
...
Brendan
5 months ago
The vendor performance scorecard seems like it could give insights into ongoing performance, but I wonder if it captures all the risks effectively.
upvoted 0 times
...
Maynard
5 months ago
I think internal audits might be more relevant since they focus on the vendor's specific environment, but I can't recall the exact details.
upvoted 0 times
...
Tayna
5 months ago
I remember we discussed how external audits can provide an objective view of controls, but I'm not sure if they are the most reliable for residual risk.
upvoted 0 times
...
Lera
5 months ago
This seems like a straightforward question. I think the Citrix Director tool would be the best option to extract the required information for the upgrade.
upvoted 0 times
...
Shenika
5 months ago
Hmm, this is a tricky one. I'm not entirely sure about the nuances of corporate governance, but I think the answer might be C since it mentions "independent challenge and rigour in strategic development," which sounds like a good governance practice.
upvoted 0 times
...
Dorothy
5 months ago
My notes said something about the need for transparency with those in charge, especially if there are issues identified during the audit. Is that part of this?
upvoted 0 times
...

Save Cancel