BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

PECB Exam ISO-IEC-27005-Risk-Manager Topic 1 Question 10 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam

Question #: 10
Topic #: 1

[All ISO-IEC-27005-Risk-Manager Questions]

Which activity below is NOT included in the information security risk assessment process?

ADetermining the risk identification approach

BPrioritizing risks for risk treatment

CSelecting information security risk treatment options

Show Suggested Answer

Suggested Answer: C

The information security risk assessment process, as outlined in ISO/IEC 27005, typically includes identifying risks, assessing their potential impact, and prioritizing them. However, selecting risk treatment options is not part of the risk assessment process itself; it is part of the subsequent risk treatment phase. Therefore, option C is the correct answer as it is not included in the risk assessment process.

by Delmy at Sep 17, 2024, 04:32 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Roosevelt

2 months ago

But selecting risk treatment options is a crucial step in managing information security risks.

upvoted 0 times

...

Tu

2 months ago

Ha! This question is a real head-scratcher. I bet the answer is B, prioritizing risks. That's like asking a toddler to do their taxes, am I right?

upvoted 0 times

Justine

12 days ago

I agree with Justine, C seems like the odd one out.

upvoted 0 times

...

Julian

14 days ago

No way, it's definitely C, selecting information security risk treatment options.

upvoted 0 times

...

Felicia

22 days ago

I think the answer is A, determining the risk identification approach.

upvoted 0 times

...

...

Tomoko

2 months ago

Hmm, I'm not so sure. I think C might be the right answer here. Selecting risk treatment options is a crucial step in the process.

upvoted 0 times

Sherly

23 days ago

I agree, C is not included in the information security risk assessment process.

upvoted 0 times

...

Nida

24 days ago

C) Selecting information security risk treatment options

upvoted 0 times

...

Dana

27 days ago

B) Prioritizing risks for risk treatment

upvoted 0 times

...

Meghan

1 months ago

A) Determining the risk identification approach

upvoted 0 times

...

...

Dean

2 months ago

I think the correct answer is A. Determining the risk identification approach is definitely part of the risk assessment process.

upvoted 0 times

Jamika

1 months ago

B) Prioritizing risks for risk treatment

upvoted 0 times

...

Dong

2 months ago

A) Determining the risk identification approach

upvoted 0 times

...

...

Alyce

2 months ago

I disagree, I believe the answer is A) Determining the risk identification approach.

upvoted 0 times

...

Roosevelt

2 months ago

I think the answer is C) Selecting information security risk treatment options.

upvoted 0 times

...