Certified in Risk and Information Systems Control (CRISC) — Question 212

Upon learning that the number of failed back-up attempts continually exceeds the current risk threshold, the risk practitioner should:

Answer options

• A. keep monitoring the situation as there is evidence that this is normal.
• B. adjust the risk threshold to better reflect actual performance.
• C. inquire about the status of any planned corrective actions.
• D. initiate corrective action to address the known deficiency.

Correct answer: C

Explanation

The correct answer is C because inquiring about the status of planned corrective actions is essential to understand if there are steps being taken to resolve the issue. Option A is incorrect as ongoing monitoring without action does not address the problem. Option B incorrectly suggests changing the threshold instead of resolving the underlying issue, and option D, while proactive, is not the first step to take without first checking on existing plans.