312-50V10 · Question #770
Which of the following is a component of a risk assessment?
The correct answer is A. Administrative safeguards. A risk assessment is a structured process with defined components, and administrative safeguards are a recognized element used to evaluate and mitigate identified risks.
Question
Which of the following is a component of a risk assessment?
Options
- AAdministrative safeguards
- BPhysical security
- CLogical interface
- DDMZ
How the community answered
(30 responses)- A87% (26)
- B3% (1)
- C3% (1)
- D7% (2)
Why each option
A risk assessment is a structured process with defined components, and administrative safeguards are a recognized element used to evaluate and mitigate identified risks.
Administrative safeguards - such as security policies, workforce training, and assigned security responsibilities - are a formal component of risk assessments under NIST SP 800-30 and the HIPAA Security Rule. During a risk assessment, existing administrative controls are evaluated to determine their effectiveness and gaps are identified as part of calculating residual risk.
Physical security is a category of controls that may be reviewed or recommended as an output of a risk assessment, but it is a control domain rather than a component of the assessment process itself.
Logical interface is a networking or software abstraction concept and is not a recognized phase or component in formal risk assessment methodologies.
A DMZ is a network architecture control used to segment untrusted traffic and is an implementation artifact, not a component of the risk assessment process.
Concept tested: Risk assessment components and administrative safeguards
Source: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.