Exam SY0-701 topic 1 question 501 discussion

While both are part of risk management, "risk identification" is the initial step of recognizing and listing potential risks, while "risk assessment" involves analyzing and evaluating those identified risks to determine their likelihood and potential impact, essentially prioritizing them for mitigation strategies; in simpler terms, risk identification is just listing possible threats, while risk assessment is figuring out how serious each threat could be

Answer: B. Risk identification Risk identification is the step in the risk management process where the scope of the project is established, and potential risks are identified. This step lays the groundwork for understanding what risks could impact the project. Why the other options are not correct: A. Risk assessment Risk assessment involves analyzing and evaluating the identified risks to determine their likelihood and impact. It occurs after risk identification, so it doesn't involve establishing the scope or identifying potential risks initially. C. Risk treatment Risk treatment focuses on developing and implementing strategies to mitigate, avoid, transfer, or accept risks. This step occurs after risks have been identified and assessed, so it doesn't involve establishing the scope or identifying risks.

Preparation -> Identification Containment Eradication Recovery Lessons Learned

From explanation in ComTIA security + Guide it is risk assessment

The correct answer is: A. Risk assessment Explanation: Risk assessment is the step in the risk management process that involves evaluating and identifying the potential risks associated with a project. This includes determining the scope of the project, identifying risks, analyzing their impact and likelihood, and helping to prioritize the risks based on their potential impact on the organization.

The step in the risk management process that involves establishing the scope and potential risks involved with a project is called "Risk Identification