CRISC · Question #387
CRISC Question #387: Real Exam Question with Answer & Explanation
The correct answer is C: Introduce recovery control procedures.. Introducing recovery control procedures is the best way to address the risk of a fraud detection system outage by minimizing downtime and restoring critical functionality.
Question
An online payment processor would be severely impacted if the fraud detection system has an outage. Which of the following is the BEST way to address this risk?
Options
- AImplement continuous control monitoring.
- BCommunicate the risk to management.
- CIntroduce recovery control procedures.
- DDocument a risk response plan.
Explanation
Introducing recovery control procedures is the best way to address the risk of a fraud detection system outage by minimizing downtime and restoring critical functionality.
Common mistakes.
- A. Implementing continuous control monitoring helps ensure controls are operating effectively, but it does not directly address the severe impact of a critical system's outage by providing recovery capabilities.
- B. Communicating the risk to management is part of risk reporting but does not, by itself, mitigate or respond to the severe impact of an outage.
- D. Documenting a risk response plan is important for outlining actions, but 'introducing recovery control procedures' represents the concrete implementation of a critical part of such a plan to deal with an outage.
Concept tested. Risk response for critical system outages
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/disaster-recovery-dr
Topics
Community Discussion
No community discussion yet for this question.