Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam ISO-IEC-27005-Risk-Manager Topic 3 Question 4 Discussion

Actual exam question for PECB's PECB Certified ISO/IEC 27005 Risk Manager exam
Question #: 4
Topic #: 3
[All PECB Certified ISO/IEC 27005 Risk Manager Questions]

Which activity below is NOT included in the information security risk assessment process?

Show Suggested Answer Hide Answer
Suggested Answer: C

The information security risk assessment process, as outlined in ISO/IEC 27005, typically includes identifying risks, assessing their potential impact, and prioritizing them. However, selecting risk treatment options is not part of the risk assessment process itself; it is part of the subsequent risk treatment phase. Therefore, option C is the correct answer as it is not included in the risk assessment process.


Contribute your Thoughts:

William
18 days ago
This question is a real head-scratcher. Maybe the exam writers are trying to catch us off guard, like a bunch of mischievous hackers.
upvoted 0 times
...
Yolande
25 days ago
Wait, is this a trick question? I feel like they're all included in the risk assessment process. Someone should tell the exam writers to get their facts straight.
upvoted 0 times
...
Marshall
25 days ago
I think B) Prioritizing risks for risk treatment is also a valid option to consider.
upvoted 0 times
...
Kimberely
25 days ago
Prioritizing risks and selecting treatment options? That's the fun part! I bet option A is the correct answer.
upvoted 0 times
Veronica
9 hours ago
Yes, you're right! Option A is NOT included in the information security risk assessment process.
upvoted 0 times
...
Fletcher
5 days ago
I agree, prioritizing risks and selecting treatment options is definitely the fun part.
upvoted 0 times
...
Carissa
9 days ago
I think option A is the correct answer, determining the risk identification approach.
upvoted 0 times
...
Danica
16 days ago
I agree, prioritizing risks and selecting treatment options is definitely the fun part!
upvoted 0 times
...
...
Dean
1 months ago
I agree with Socorro, C) Selecting information security risk treatment options seems like the odd one out.
upvoted 0 times
...
Antonio
1 months ago
I'm going to go with option A. I mean, how can you assess risks without first knowing how to identify them? Seems like a no-brainer to me.
upvoted 0 times
Lanie
11 days ago
But don't forget about prioritizing risks for treatment, that's important too.
upvoted 0 times
...
Geoffrey
15 days ago
I agree, identifying risks is crucial for the assessment process.
upvoted 0 times
...
...
Jose
1 months ago
I disagree, I believe the answer is A) Determining the risk identification approach.
upvoted 0 times
...
Von
1 months ago
Hmm, I'm pretty sure determining the risk identification approach is part of the assessment process. This question is trickier than it seems.
upvoted 0 times
Emeline
28 days ago
B) Prioritizing risks for risk treatment
upvoted 0 times
...
Yuki
1 months ago
A) Determining the risk identification approach
upvoted 0 times
...
...
Socorro
2 months ago
I think the answer is C) Selecting information security risk treatment options.
upvoted 0 times
...

Save Cancel