312-50V11 · Question #570
Which of the following is a component of a risk assessment?
The correct answer is B. Administrative safeguards. A risk assessment evaluates threats, vulnerabilities, and controls across an organization. Administrative safeguards are formal policies and procedures that are a core component of a risk assessment framework.
Question
Which of the following is a component of a risk assessment?
Options
- APhysical security
- BAdministrative safeguards
- CDMZ
- DLogical interface
How the community answered
(52 responses)- A2% (1)
- B92% (48)
- C2% (1)
- D4% (2)
Why each option
A risk assessment evaluates threats, vulnerabilities, and controls across an organization. Administrative safeguards are formal policies and procedures that are a core component of a risk assessment framework.
Physical security is a category of security controls, not a component of the risk assessment process itself.
Administrative safeguards are policies, procedures, and training measures that govern how an organization manages risk and protects sensitive information. They are explicitly recognized as a component of risk assessments under frameworks such as HIPAA and NIST, addressing management and operational controls used to reduce risk.
A DMZ is a network architecture element used to segment trusted and untrusted zones, not a component of a risk assessment.
A logical interface is a network or system configuration concept, not a recognized element of a risk assessment methodology.
Concept tested: Risk assessment components and administrative safeguards
Source: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.