Certified in Risk and Information Systems Control (CRISC) — Question 935

Which of the following is the MOST effective way for a large and diversified organization to minimize risk associated with unauthorized software on company devices?

Answer options

• A. Perform frequent internal audits of enterprise IT infrastructure.
• B. Scan end points for applications not included in the asset inventory.
• C. Conduct frequent reviews of software licenses.
• D. Prohibit the use of cloud-based virtual desktop software.

Correct answer: B

Explanation

The correct answer is B because scanning endpoints for unauthorized applications helps identify and mitigate risks associated with unapproved software. While options A, C, and D may contribute to overall governance and control, they do not directly address the immediate risk of unauthorized software as effectively as performing scans.