(ISC)2(ISC)2
SSCP · Question #1232
SSCP Question #1232: Real Exam Question with Answer & Explanation
The correct answer is B: Identifying threats. The two most crucial elements of risk analysis are identifying an organization's valuable assets and the threats that could potentially harm them.
Submitted by layla.eg· Apr 18, 2026Risk Identification, Monitoring and Analysis
Question
What are the two most critical aspects of risk analysis? (Choose two)
Options
- AIdentifying vulnerabilities
- BIdentifying threats
- CIdentifying resources
- DIdentifying assets
Explanation
The two most crucial elements of risk analysis are identifying an organization's valuable assets and the threats that could potentially harm them.
Common mistakes.
- A. Identifying vulnerabilities is important but follows asset and threat identification, as vulnerabilities are weaknesses that threats exploit.
- C. Identifying resources is a broader concept; while assets are resources, 'assets' specifically refers to the valuable items being protected in a risk analysis context.
Concept tested. Risk analysis fundamentals
Reference. https://learn.microsoft.com/en-us/compliance/regulatory/risk-assessment-approach
Topics
#Risk Analysis#Asset Identification#Threat Identification#Risk Management Fundamentals
Community Discussion
No community discussion yet for this question.