350-201(NEW-127Q) Question #85: Real Exam Question with Answer & Explanation

Question

Options

• Aevaluating the sensitivity of data in the asset management system, pinpointing network vulnerabilities, and correlating these with external threats like malware
• Banalyzing general industry threats without specific focus on the company's network vulnerabilities or digital asset importance
• Cconcentrating on high-value digital assets without assessing network vulnerabilities or external threats
• Destimating the cost of IT asset replacement in a cyber incident, independent of specific vulnerabilities or threats

Explanation

Option A is correct because comprehensive cyber risk is calculated by combining all three elements: asset value (data sensitivity), vulnerability assessment (network weaknesses), and threat correlation (external dangers like malware) - this mirrors the foundational risk formula: Risk = Asset × Vulnerability × Threat.

• B is wrong because analyzing generic industry threats without tying them to this company's specific assets and vulnerabilities produces no actionable risk picture.
• C is wrong because focusing only on high-value assets while ignoring vulnerabilities and threats tells you what's worth protecting, not how exposed it actually is.
• D is wrong because replacement cost estimation is a financial impact exercise, not a risk determination - it ignores what vulnerabilities or threats make a loss likely in the first place.

Memory tip: Think of cyber risk as a three-legged stool - Asset, Vulnerability, Threat (AVT). Remove any one leg and the stool (your risk analysis) collapses. Option A is the only choice that keeps all three legs standing.

No community discussion yet for this question.