nerdexam
(ISC)2

CISSP-ISSMP · Question #112

Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.

The correct answer is A. They can be analyzed and measured by the risk analysis process. C. They can be mitigated by reviewing and taking responsible actions based on possible risks. D. They are considered an indicator of threats coupled with vulnerability.. Security risks have three key characteristics reflected in options A, C, and D. (A) Risks CAN be analyzed and measured - this is precisely the purpose of the risk analysis process, which quantifies likelihood and impact. (C) Risks CAN be mitigated - organizations review potential

Security Leadership and Management

Question

Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.

Options

  • AThey can be analyzed and measured by the risk analysis process.
  • BThey can be removed completely by taking proper actions.
  • CThey can be mitigated by reviewing and taking responsible actions based on possible risks.
  • DThey are considered an indicator of threats coupled with vulnerability.

How the community answered

(42 responses)
  • A
    95% (40)
  • B
    5% (2)

Explanation

Security risks have three key characteristics reflected in options A, C, and D. (A) Risks CAN be analyzed and measured - this is precisely the purpose of the risk analysis process, which quantifies likelihood and impact. (C) Risks CAN be mitigated - organizations review potential risks and take responsible actions to reduce them to an acceptable level. (D) Risks ARE defined as the combination of a threat and a vulnerability - no vulnerability means no exploitable risk, even if a threat exists. Option B is FALSE because risks can never be completely eliminated; they can only be reduced, transferred, or accepted. This is a foundational principle of risk management.

Topics

#Risk Management#Risk Analysis#Risk Mitigation#Threats and Vulnerabilities

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSMP Practice