Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Isaca Exam CRISC Topic 3 Question 93 Discussion

Actual exam question for Isaca's CRISC exam
Question #: 93
Topic #: 3
[All CRISC Questions]

An organization recently implemented a cybersecurity awareness program that includes phishing simulation exercises for all employees. What type of control is being utilized?

Show Suggested Answer Hide Answer
Suggested Answer: C

Phishing simulations serve as a deterrent by highlighting the consequences of risky behavior and reinforcing secure practices, reducing the likelihood of successful attacks. This supports Behavioral Risk Management.


by Lynelle at Jan 22, 2025, 04:44 AM

Limited Time Offer

25%

Off

Get Premium CRISC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cheryl
4 months ago
I believe it could also be a detective control, as it helps in detecting potential vulnerabilities.
upvoted 0 times
...
Ceola
5 months ago
This question is a bit 'phishy' if you ask me, but I'm going to have to go with A) Preventive. Gotta stay ahead of those cybercriminals, you know?
upvoted 0 times
Corinne
4 months ago
I think so too. It's better to prevent the attacks rather than just detect them after the fact.
upvoted 0 times
...
Yan
4 months ago
I agree, A) Preventive sounds like the right choice. It's important to proactively protect against phishing attacks.
upvoted 0 times
...
...
Winifred
5 months ago
I'm feeling a bit like a 'phish' out of water here, but I'll go with B) Compensating. The exercises help compensate for the potential weaknesses in the organization's cybersecurity measures.
upvoted 0 times
...
Mona
5 months ago
I agree with Julio, phishing simulation exercises are meant to prevent cyber attacks.
upvoted 0 times
...
Alishia
5 months ago
Hmm, I'm going with C) Deterrent. The phishing simulations are meant to deter employees from engaging in risky online behavior.
upvoted 0 times
Kati
4 months ago
I think it could also be A) Preventive, since the goal is to prevent security incidents by raising awareness.
upvoted 0 times
...
Fallon
4 months ago
I agree, C) Deterrent makes sense. It's all about preventing employees from falling for phishing attacks.
upvoted 0 times
...
...
Haydee
5 months ago
D) Detective makes more sense to me. The exercises are designed to detect which employees need more cybersecurity training.
upvoted 0 times
...
Julio
5 months ago
I think the control being utilized is preventive.
upvoted 0 times
...
Ayesha
5 months ago
I think the correct answer is A) Preventive. The phishing simulation exercises are designed to prevent employees from falling for real phishing attacks.
upvoted 0 times
Timothy
4 months ago
I'm leaning towards A) Preventive as well. It's better to be safe than sorry when it comes to cybersecurity.
upvoted 0 times
...
Eladia
4 months ago
I think it could also be C) Deterrent, to scare employees into being more cautious.
upvoted 0 times
...
Kenneth
4 months ago
I agree, A) Preventive makes sense. It's all about stopping the attacks before they happen.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77