CRISC Question #75: Real Exam Question with Answer & Explanation

The correct answer is A: Impact analysis. An impact analysis is the best tool for enabling risk-based decision-making in support of a Business Continuity Plan (BCP).

Submitted by fatema_kw· Apr 18, 2026IT Risk Assessment

Question

Which of the following BEST enables risk-based decision making in support of a business continuity plan (BCP)?

Options

AImpact analysis
BControl analysis
CRoot cause analysis
DThreat analysis

Explanation

An impact analysis is the best tool for enabling risk-based decision-making in support of a Business Continuity Plan (BCP).

Common mistakes.

B. Control analysis evaluates the effectiveness of security controls but doesn't directly assess the business impact of an incident needed for BCP prioritization.
C. Root cause analysis is performed after an incident to identify underlying causes, not to proactively support BCP decision-making.
D. Threat analysis identifies potential threats but does not quantify the business impact or recovery objectives, which are critical for BCP decisions.

Concept tested. Business Impact Analysis (BIA)

Reference. https://www.nist.gov/itl/smallbusinesscyber/security-topic-areas/contingency-planning/business-impact-analysis-bia

Topics

#Business Continuity Planning (BCP)#Business Impact Analysis (BIA)#Risk-based decision making#Impact assessment

Community Discussion

No community discussion yet for this question.

Full CRISC Practice Browse All CRISC Questions