SSCP · Question #1245
SSCP Question #1245: Real Exam Question with Answer & Explanation
The correct answer is A: Vulnerability levels. A comprehensive risk assessment report should include vulnerability levels, data sensitivity classifications, and Annualized Loss Expectancy (ALE) calculations to effectively evaluate and present risks.
Question
When compiling a risk assessment report, which of the following items should be included? (Choose all that apply)
Options
- AVulnerability levels
- BMethod of attack used
- CNames of frequent security violators
- DData sensitivity levels
- EALE calculations
Explanation
A comprehensive risk assessment report should include vulnerability levels, data sensitivity classifications, and Annualized Loss Expectancy (ALE) calculations to effectively evaluate and present risks.
Common mistakes.
- B. While knowledge of attack methods is part of identifying threats, a risk assessment report typically focuses on the potential for attack, vulnerabilities, and impact, rather than detailing specific methods used in past attacks, which would be part of an incident report or threat intelligence.
- C. Including names of frequent security violators in a public or widely distributed risk assessment report is generally not appropriate, as it can raise privacy concerns and is typically handled through internal HR or disciplinary processes, not in the risk assessment itself.
Concept tested. Risk assessment report components
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/risk-management
Topics
Community Discussion
No community discussion yet for this question.