BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam ISO-IEC-27005-Risk-Manager Topic 3 Question 4 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 4
Topic #: 3
[All ISO-IEC-27005-Risk-Manager Questions]

Which activity below is NOT included in the information security risk assessment process?

Show Suggested Answer Hide Answer
Suggested Answer: C

The information security risk assessment process, as outlined in ISO/IEC 27005, typically includes identifying risks, assessing their potential impact, and prioritizing them. However, selecting risk treatment options is not part of the risk assessment process itself; it is part of the subsequent risk treatment phase. Therefore, option C is the correct answer as it is not included in the risk assessment process.


Contribute your Thoughts:

William
1 months ago
This question is a real head-scratcher. Maybe the exam writers are trying to catch us off guard, like a bunch of mischievous hackers.
upvoted 0 times
Carmen
8 days ago
A) Determining the risk identification approach
upvoted 0 times
...
...
Yolande
1 months ago
Wait, is this a trick question? I feel like they're all included in the risk assessment process. Someone should tell the exam writers to get their facts straight.
upvoted 0 times
...
Marshall
1 months ago
I think B) Prioritizing risks for risk treatment is also a valid option to consider.
upvoted 0 times
...
Kimberely
1 months ago
Prioritizing risks and selecting treatment options? That's the fun part! I bet option A is the correct answer.
upvoted 0 times
Lucina
1 days ago
It's important to understand the different activities involved in the risk assessment process.
upvoted 0 times
...
Shonda
9 days ago
Yes, you're right. Option A is the correct answer.
upvoted 0 times
...
Lea
10 days ago
I think option A, determining the risk identification approach, is not included in the information security risk assessment process.
upvoted 0 times
...
Veronica
18 days ago
Yes, you're right! Option A is NOT included in the information security risk assessment process.
upvoted 0 times
...
Fletcher
23 days ago
I agree, prioritizing risks and selecting treatment options is definitely the fun part.
upvoted 0 times
...
Carissa
27 days ago
I think option A is the correct answer, determining the risk identification approach.
upvoted 0 times
...
Danica
1 months ago
I agree, prioritizing risks and selecting treatment options is definitely the fun part!
upvoted 0 times
...
...
Dean
2 months ago
I agree with Socorro, C) Selecting information security risk treatment options seems like the odd one out.
upvoted 0 times
...
Antonio
2 months ago
I'm going to go with option A. I mean, how can you assess risks without first knowing how to identify them? Seems like a no-brainer to me.
upvoted 0 times
Marisha
13 days ago
All of these activities are essential for a comprehensive information security risk assessment.
upvoted 0 times
...
Patti
16 days ago
True, selecting treatment options is also a key step in the process.
upvoted 0 times
...
Lanie
28 days ago
But don't forget about prioritizing risks for treatment, that's important too.
upvoted 0 times
...
Geoffrey
1 months ago
I agree, identifying risks is crucial for the assessment process.
upvoted 0 times
...
...
Jose
2 months ago
I disagree, I believe the answer is A) Determining the risk identification approach.
upvoted 0 times
...
Von
2 months ago
Hmm, I'm pretty sure determining the risk identification approach is part of the assessment process. This question is trickier than it seems.
upvoted 0 times
Emeline
2 months ago
B) Prioritizing risks for risk treatment
upvoted 0 times
...
Yuki
2 months ago
A) Determining the risk identification approach
upvoted 0 times
...
...
Socorro
2 months ago
I think the answer is C) Selecting information security risk treatment options.
upvoted 0 times
...

Save Cancel