Suppose you are working in Company Inc. and you are using risk scenarios for estimating the likelihood and impact of the significant risks on this organization. Which of the following assessment are you doing?
Suggested Answer:C🗳️
Threat and vulnerability assessment consider the full spectrum of risks. It identifies the likelihood of occurrence of risks and impact of the significant risks on the organization using the risk scenarios. For example: Natural threats can be evaluated by using historical data concerning frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, etc. Incorrect Answers: A, B: These use either some technical evaluation tool or assessment methodologies to evaluate risk but do not use risk scenarios. D: Risk assessment uses quantitative and qualitative analysis approaches to evaluate each significant risk identified.
When using risk scenarios to estimate the likelihood and impact of significant risks on an organization, you are conducting:
D. Risk assessment.
Risk assessment is a process in which you identify potential threats and vulnerabilities, then analyze the likelihood and impact of these risks on the organization. This process often involves creating hypothetical scenarios to understand how different risks could potentially affect the organization's operations, assets, or objectives. It's a key component of a comprehensive risk management strategy.
The correct answer is D. Risk assessment.
Risk assessment is the process of identifying, analyzing, and evaluating potential risks to an organization. It involves estimating the likelihood and impact of each risk, and developing mitigation strategies to reduce the likelihood or impact of the risk.
IT security assessment, IT audit, and threat and vulnerability assessment are all subprocesses of risk assessment. They are used to gather information about the organization's IT infrastructure, identify potential threats and vulnerabilities, and assess the likelihood and impact of potential risks.
Therefore, the assessment you are doing when using risk scenarios for estimating the likelihood and impact of the significant risks on this organization is D. Risk assessment.
C is correct because Threat & vulnerability assessment is a type of Qualitative risk analysis. Risk assessment is generally high level & includes Risk analysis actually assigns probability & likelihood. Hence C is the closest answer to Risk Analysis (Type)
In this scenario, you are using risk scenarios to estimate the likelihood and impact of significant risks on the organization. This is indicative of a risk assessment, which is the process of identifying, analyzing, and evaluating risks to determine their potential impact on an organization and the likelihood of those risks occurring.
it should be risk assessment. Threat & vulnerability assessment is used to identify threats, actor, events, vector and vulnerabilities exploitable. Risk Assessment comprise of risk analysis & evaluation
i.e. impact & likelihood identification and estimation through qualitative & quantitative analysis.
That’s what I thought too but would like to hear from others...
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Abbey2
9 months, 3 weeks agoKennethlim79
11 months agoJulianleehk
1 year, 7 months agoNaanz
3 years, 3 months agoShaws1
3 years, 7 months agoSuperMax
1 year agokhushiag
4 years, 1 month agoismo
4 years, 7 months agoRooks
4 years, 2 months ago