PECB Exam ISO-IEC-27005-Risk-Manager Topic 1 Question 16 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam

Question #: 16
Topic #: 1

[All ISO-IEC-27005-Risk-Manager Questions]

Which statement regarding information gathering techniques is correct?

ASending questionnaires to a group of people who represent the interested parties is NOT preferred

BOrganizations can utilize technical tools to identify technical vulnerabilities and compile a list of assets that influence risk assessment

CInterviews should be conducted only with individuals responsible for information security management

Show Suggested Answer

Suggested Answer: C

ISO/IEC 27005 advises that even after risks have been treated, any residual risks should be continuously monitored and reviewed. This is necessary to ensure that they remain within acceptable levels and that any changes in the internal or external environment do not escalate the risk beyond acceptable thresholds. Monitoring also ensures that the effectiveness of the controls remains adequate over time. Option A is incorrect because all risks, including those meeting the risk acceptance criteria, should be monitored. Option B is incorrect because monitoring is necessary regardless of the perceived severity if it occurs, to detect changes early.

by Joanna at Jan 23, 2025, 02:09 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!