nerdexam
EC-Council

312-50V11 · Question #770

Which of the following is a component of a risk assessment?

The correct answer is A. Administrative safeguards. A risk assessment evaluates threats, vulnerabilities, and existing controls - including administrative safeguards such as policies and procedures - to determine an organization's overall risk posture.

Information Security and Ethical Hacking Fundamentals

Question

Which of the following is a component of a risk assessment?

Options

  • AAdministrative safeguards
  • BPhysical security
  • CLogical interface
  • DDMZ

How the community answered

(52 responses)
  • A
    92% (48)
  • B
    4% (2)
  • C
    2% (1)
  • D
    2% (1)

Why each option

A risk assessment evaluates threats, vulnerabilities, and existing controls - including administrative safeguards such as policies and procedures - to determine an organization's overall risk posture.

AAdministrative safeguardsCorrect

Administrative safeguards are the policies, procedures, and oversight processes used to manage the selection, implementation, and maintenance of security controls, and assessing whether adequate administrative safeguards exist is a recognized component of formal risk assessments under frameworks such as HIPAA Security Rule and NIST SP 800-30. Identifying gaps in administrative controls directly informs the risk level assigned to an organization.

BPhysical security

Physical security is a category of protective control that may be evaluated during a risk assessment, but it is an implementation domain rather than a component of the assessment process itself.

CLogical interface

Logical interface is a networking concept referring to virtual or software-defined interfaces and is not a recognized element of risk assessment methodology.

DDMZ

A DMZ is a network segmentation architecture used to isolate public-facing systems and is a security control to be evaluated, not a component of the risk assessment process.

Concept tested: Risk assessment components and administrative safeguards

Source: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Topics

#risk assessment#administrative safeguards#security controls

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice