CRISC Question #198: Real Exam Question with Answer & Explanation

The correct answer is B: Identify conditions that may cause disruptions.. When assessing a new service for continuity, the first step is to identify conditions that could cause disruptions, as this forms the basis for all subsequent risk planning.

Submitted by manish99· Apr 18, 2026IT Risk Assessment

Question

When performing a risk assessment of a new service to support a core business process, which of the following should be done FIRST to ensure continuity of operations?

Options

ADefine metrics for restoring availability.
BIdentify conditions that may cause disruptions.
CReview incident response procedures.
DEvaluate the probability of risk events.

Explanation

When assessing a new service for continuity, the first step is to identify conditions that could cause disruptions, as this forms the basis for all subsequent risk planning.

Common mistakes.

A. Defining metrics for restoring availability, such as RTO/RPO, is a critical step but can only be effectively done after identifying what disruptions might occur and their potential impact.
C. Reviewing incident response procedures is part of planning for continuity, but the adequacy of these procedures depends on first understanding the range of potential disruptions.
D. Evaluating the probability of risk events is a crucial component of a risk assessment, but it logically follows the initial identification of the specific events or conditions themselves.

Concept tested. Risk assessment initial steps (continuity)

Topics

#Risk Assessment Process#Disruption Identification#Business Continuity Planning#New Service Risk

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions