New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin ITSM20F.EN Exam - Topic 2 Question 120 Discussion

Actual exam question for Exin's ITSM20F.EN exam
Question #: 120
Topic #: 2
[All ITSM20F.EN Questions]

Which of the following is a best practice concerning Information Security Risk assessment?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Susy at Nov 22, 2025, 11:07 AM

Limited Time Offer

25%

Off

Get Premium ITSM20F.EN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jess
3 days ago
C is the correct answer. Gotta stay on top of those risks, not just do it annually.
upvoted 0 times
...
Annabelle
8 days ago
Haha, D? Once a year? That's like checking your smoke alarm batteries once a decade. C is the clear winner here.
upvoted 0 times
...
Ilona
13 days ago
I'm going with C. Performing risk assessments on a schedule and during changes is a best practice.
upvoted 0 times
...
Jean
18 days ago
C is the way to go. Consistency is key when it comes to risk management.
upvoted 0 times
...
Chanel
24 days ago
Definitely C. Performing risk assessments at regular intervals and during changes is crucial for effective information security.
upvoted 0 times
...
Matilda
29 days ago
C) Information Security Risk assessments should be performed at agreed intervals and be maintained during Changes.
upvoted 0 times
...
Jennifer
1 month ago
I vaguely recall that assessments should be ongoing, not just once a year like option D suggests. That seems too infrequent.
upvoted 0 times
...
Kimbery
1 month ago
I feel like option A could be valid since objectivity is important, but I’m not convinced it’s the best practice overall.
upvoted 0 times
...
Rory
1 month ago
I’m not entirely sure, but I think we practiced a question that mentioned the importance of timing in risk assessments. Could that relate to option C too?
upvoted 0 times
...
Miriam
2 months ago
Option C is the way to go. Consistent, scheduled risk assessments that are updated as changes occur is crucial for effective information security management.
upvoted 0 times
...
Ahmed
2 months ago
I'm leaning towards C as well. Performing regular assessments and keeping them current seems like the best way to proactively manage information security risks.
upvoted 0 times
...
Camellia
2 months ago
C definitely seems like the most comprehensive and practical approach. Maintaining risk assessments during changes is really important for keeping security up-to-date.
upvoted 0 times
...
Tuyet
2 months ago
I remember discussing how regular assessments are crucial, so I think option C makes the most sense.
upvoted 0 times
...
Golda
3 months ago
I disagree with D, once a year isn't enough in today's fast-paced environment.
upvoted 0 times
...
Brendan
3 months ago
I think C is the best choice. Regular assessments keep us updated.
upvoted 0 times
...
Erinn
3 months ago
I'm a bit confused on this one. I'm not sure if the external auditor or the yearly assessment is the better approach. I'll have to think it through more.
upvoted 0 times
...
Brett
3 months ago
I think C is the best answer. Performing risk assessments at agreed intervals and maintaining them during changes seems like a good practice to me.
upvoted 0 times
Sheridan
2 months ago
Definitely! Changes can introduce new risks.
upvoted 0 times
...
Lelia
3 months ago
I agree, C makes the most sense. Regular assessments keep us updated.
upvoted 0 times
...
...

Save Cancel