DumpsBox
Home/isaca/Free Isaca Cybersecurity Audit Certificate Actual Exam Questions/Question 8
← Back to Exam

Free Isaca Cybersecurity Audit Certificate Actual Exam Questions - Question 8 Discussion

Question No. 8
Which of the following is MOST likely to result in unidentified cybersecurity risks?
Select one option, then reveal solution.
US
KA
Kevin A.
2026-02-14

C imo, because if there’s no protocol to disclose serious breaches, some incidents might stay hidden and lead to unknown risks piling up undetected. This can keep vulnerabilities under the radar longer.

0
KA
Kevin A.
2026-02-10

It’s A for me. Without established procedures and guidelines, the whole process of identifying risks can be inconsistent or missed altogether. Even if roles are clear (B), without a proper framework, people might not know what to look for or how to act on potential threats. So, lacking procedures sets the foundation for unidentified risks way more than just unclear responsibilities.

0
AF
Ahmed F.
2026-01-31

A/D? I’m leaning away from D since recovery processes don’t really prevent risks from being identified—they’re about what happens after something’s detected. A seems strong because without proper procedures and guidelines, there’s no consistent way to spot risks across the board. Even if roles aren’t perfect (B), having a solid procedure might still catch many issues. So, to me, A is more likely to result in unidentified cybersecurity risks since it’s the foundation for knowing what and how to check.

0
AF
Ahmed F.
2026-01-30

It’s B because without clear roles and responsibilities, some risks might never get flagged since no one's accountable for spotting them. Procedures alone won’t help if no one’s actually tasked with monitoring.

0
AF
Ahmed F.
2026-01-29

It’s A, because no procedures means no framework to spot risks early on.

0
AC
Ali C.
2026-01-29

Yeah, I think D is less about identifying risks and more about reacting after something happens. So that leaves A and B as stronger candidates. B could cause unidentified risks if no one’s watching certain areas, but without procedures (A), even clear roles wouldn’t know what to look for. So I’d say A still fits best for the MOST likely cause of unidentified risks.

0
ZN
Zain N.
2026-01-15

Good point about B, but I think A fits better here. Without clear cybersecurity procedures and guidelines, it’s way easier for risks to go unnoticed because there’s no standard way to spot or manage them. So, A seems like the strongest choice for unidentified risks.

0
ZN
Zain N.
2026-01-13

B seems right, if roles aren’t clear, some risks might slip through unnoticed.

0