CERTIFIED-IN-CYBERSECURITY · Question #163
CERTIFIED-IN-CYBERSECURITY Question #163: Real Exam Question with Answer & Explanation
The correct answer is A: Risk mitigation. Risk mitigation is not part of risk assessment. Risk mitigation is a process that follows risk assessment. It involves developing strategies and actions to reduce and control the risk to the organization's data or IT infrastructure. For example, a cybersecurity engineer might ide
Question
Which of the following is NOT a part of 'Risk assessment'? ()
Options
- ARisk mitigation
- BRisk prioritization
- CRisk identification
- DRisk evaluation
Explanation
Risk mitigation is not part of risk assessment. Risk mitigation is a process that follows risk assessment. It involves developing strategies and actions to reduce and control the risk to the organization's data or IT infrastructure. For example, a cybersecurity engineer might identify a risk in a financial organization, such as potential phishing attacks. The engineer would then assess this risk, evaluate its potential impact, and prioritize it among other identified risks. However, the process of managing that risk--deciding how to mitigate it, implementing the necessary controls, and monitoring the effectiveness of those controls--falls under risk mitigation, not risk assessment. On the other hand, risk identification, risk evaluation, and risk prioritization are all components of risk assessment. Risk identification involves identifying potential threats or vulnerabilities. Risk evaluation involves determining the potential impact of those identified risks, and risk prioritization involves ranking those risks in order of potential impact or likelihood of
Topics
Community Discussion
No community discussion yet for this question.