EC-Council
312-50V11 · Question #558
312-50V11 Question #558: Real Exam Question with Answer & Explanation
The correct answer is C: Security architecture. IT system analysis feeds the risk assessor information about the current security architecture, including controls and configurations already in place.
Question
What information should an IT system analysis provide to the risk assessor?
Options
- AManagement buy-in
- BThreat statement
- CSecurity architecture
- DImpact analysis
Explanation
IT system analysis feeds the risk assessor information about the current security architecture, including controls and configurations already in place.
Common mistakes.
- A. Management buy-in is an organizational prerequisite for conducting a risk assessment, not an output of IT system analysis.
- B. A threat statement is produced during the threat identification phase of the risk assessment itself, not derived from system analysis.
- D. Impact analysis is a separate step in the risk assessment process that evaluates consequences of threats, not an output of system analysis.
Concept tested. IT system analysis output in risk assessment
Reference. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
Community Discussion
No community discussion yet for this question.