New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CRISC Exam - Topic 6 Question 18 Discussion

Actual exam question for Isaca's CRISC exam
Question #: 18
Topic #: 6
[All CRISC Questions]

Which of the following provides the BEST evidence that risk mitigation plans have been implemented effectively?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Jesusa at May 08, 2022, 10:44 PM

Limited Time Offer

25%

Off

Get Premium CRISC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Eloisa
4 months ago
B is solid too, but D really tells the story.
upvoted 0 times
...
Shasta
4 months ago
Wait, how can we trust risk owner attestations?
upvoted 0 times
...
Karl
4 months ago
A self-assessment can be biased, though.
upvoted 0 times
...
Pamela
4 months ago
Totally agree with D! It’s all about the numbers.
upvoted 0 times
...
Craig
5 months ago
I think D is the best choice. Residual risk shows real impact.
upvoted 0 times
...
Truman
5 months ago
I’m a bit confused about which one is best. I remember discussing how all these options could be useful in different contexts.
upvoted 0 times
...
Ronald
5 months ago
I practiced a question similar to this, and I think risk owner attestation might not provide enough evidence on its own.
upvoted 0 times
...
Tyra
5 months ago
I feel like self-assessments by process owners could be biased, so I'm leaning towards mitigation plan progress reports as a better option.
upvoted 0 times
...
Gladys
5 months ago
I think I remember that change in the level of residual risk is often seen as a strong indicator of effective risk mitigation, but I'm not entirely sure.
upvoted 0 times
...
Dong
5 months ago
Okay, I've got this. The most secure option is to use Workload Identity to federate the GitHub Actions identity with Google Cloud. That way, I don't have to manage any sensitive credentials in the pipeline or repo. Definitely going with option D!
upvoted 0 times
...
Ivan
5 months ago
This looks like a straightforward question about Palo Alto Networks products. I'll review the options carefully and choose the one that best fits the description.
upvoted 0 times
...
Francene
5 months ago
I'm a little confused by the different options presented. I'll need to review the requirements closely and make sure I understand the pros and cons of each approach before deciding.
upvoted 0 times
...
Darnell
5 months ago
Hmm, this is a tricky one. I'm not entirely sure, but I think the DPO's main task might be to conduct Privacy Impact Assessments, so I'll select option B.
upvoted 0 times
...
Carline
5 months ago
Hmm, I'm not sure about using Cloud Dataprep. The changing schema every third month might make that a bit tricky. I'm thinking a more programmatic approach like Cloud Dataflow or Spark on Dataproc could be more flexible.
upvoted 0 times
...

Save Cancel