nerdexam
EC-Council

312-50V10 · Question #770

Which of the following is a component of a risk assessment?

The correct answer is A. Administrative safeguards. A risk assessment is a structured process with defined components, and administrative safeguards are a recognized element used to evaluate and mitigate identified risks.

Information Security and Ethical Hacking Fundamentals

Question

Which of the following is a component of a risk assessment?

Options

  • AAdministrative safeguards
  • BPhysical security
  • CLogical interface
  • DDMZ

How the community answered

(30 responses)
  • A
    87% (26)
  • B
    3% (1)
  • C
    3% (1)
  • D
    7% (2)

Why each option

A risk assessment is a structured process with defined components, and administrative safeguards are a recognized element used to evaluate and mitigate identified risks.

AAdministrative safeguardsCorrect

Administrative safeguards - such as security policies, workforce training, and assigned security responsibilities - are a formal component of risk assessments under NIST SP 800-30 and the HIPAA Security Rule. During a risk assessment, existing administrative controls are evaluated to determine their effectiveness and gaps are identified as part of calculating residual risk.

BPhysical security

Physical security is a category of controls that may be reviewed or recommended as an output of a risk assessment, but it is a control domain rather than a component of the assessment process itself.

CLogical interface

Logical interface is a networking or software abstraction concept and is not a recognized phase or component in formal risk assessment methodologies.

DDMZ

A DMZ is a network architecture control used to segment untrusted traffic and is an implementation artifact, not a component of the risk assessment process.

Concept tested: Risk assessment components and administrative safeguards

Source: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Topics

#risk assessment#administrative safeguards#security controls#compliance

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice