CRISC Question #175: Real Exam Question with Answer & Explanation

The correct answer is C: To understand vulnerabilities associated with the use of the assets. The primary reason for a risk practitioner to review an IT asset inventory is to understand the vulnerabilities associated with those assets.

Submitted by lucia.co· Apr 18, 2026IT Risk Assessment

Question

Which of the following is the PRIMARY reason for a risk practitioner to review an organization's IT asset inventory?

Options

ATo plan for the replacement of assets at the end of their life cycles
BTo assess requirements for reducing duplicate assets
CTo understand vulnerabilities associated with the use of the assets
DTo calculate mean time between failures (MTBF) for the assets

Explanation

The primary reason for a risk practitioner to review an IT asset inventory is to understand the vulnerabilities associated with those assets.

Common mistakes.

A. Planning for asset replacement is an IT operations function, not a primary risk management activity.
B. Reducing duplicate assets is an efficiency and cost-saving measure, not the primary focus of risk assessment.
D. Calculating MTBF is for reliability engineering and capacity planning, not the core function of a risk practitioner reviewing inventory.

Concept tested. Asset inventory in risk management

Reference. https://learn.microsoft.com/en-us/compliance/assurance/shared-responsibility-for-cloud-security#asset-management

Topics

#IT Asset Inventory#Vulnerability Identification#IT Risk Assessment Foundations

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions