Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin ITSM20F.EN Exam - Topic 2 Question 120 Discussion

Actual exam question for Exin's ITSM20F.EN exam
Question #: 120
Topic #: 2
[All ITSM20F.EN Questions]

Which of the following is a best practice concerning Information Security Risk assessment?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Susy at Nov 22, 2025, 11:07 AM

Limited Time Offer

25%

Off

Get Premium ITSM20F.EN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ashlyn
3 days ago
B is too reactive. We need a proactive approach.
upvoted 0 times
...
Charlette
8 days ago
A sounds good too, but external audits can be costly.
upvoted 0 times
...
Beatriz
13 days ago
Agreed! C ensures we adapt to changes quickly.
upvoted 0 times
...
Tegan
18 days ago
Wait, people actually think D is a best practice? That's shocking!
upvoted 0 times
...
Annett
24 days ago
B makes sense too, incidents should trigger reviews for sure!
upvoted 0 times
...
Josue
29 days ago
A sounds good, but can we really trust external auditors completely?
upvoted 0 times
...
Catarina
1 month ago
C is definitely the way to go! Regular assessments keep things secure.
upvoted 0 times
...
Jess
2 months ago
C is the correct answer. Gotta stay on top of those risks, not just do it annually.
upvoted 0 times
...
Annabelle
2 months ago
Haha, D? Once a year? That's like checking your smoke alarm batteries once a decade. C is the clear winner here.
upvoted 0 times
...
Ilona
2 months ago
I'm going with C. Performing risk assessments on a schedule and during changes is a best practice.
upvoted 0 times
...
Jean
2 months ago
C is the way to go. Consistency is key when it comes to risk management.
upvoted 0 times
...
Chanel
2 months ago
Definitely C. Performing risk assessments at regular intervals and during changes is crucial for effective information security.
upvoted 0 times
...
Matilda
3 months ago
C) Information Security Risk assessments should be performed at agreed intervals and be maintained during Changes.
upvoted 0 times
...
Jennifer
3 months ago
I vaguely recall that assessments should be ongoing, not just once a year like option D suggests. That seems too infrequent.
upvoted 0 times
...
Kimbery
3 months ago
I feel like option A could be valid since objectivity is important, but I’m not convinced it’s the best practice overall.
upvoted 0 times
...
Rory
3 months ago
I’m not entirely sure, but I think we practiced a question that mentioned the importance of timing in risk assessments. Could that relate to option C too?
upvoted 0 times
...
Miriam
3 months ago
Option C is the way to go. Consistent, scheduled risk assessments that are updated as changes occur is crucial for effective information security management.
upvoted 0 times
...
Ahmed
3 months ago
I'm leaning towards C as well. Performing regular assessments and keeping them current seems like the best way to proactively manage information security risks.
upvoted 0 times
...
Camellia
4 months ago
C definitely seems like the most comprehensive and practical approach. Maintaining risk assessments during changes is really important for keeping security up-to-date.
upvoted 0 times
...
Tuyet
4 months ago
I remember discussing how regular assessments are crucial, so I think option C makes the most sense.
upvoted 0 times
...
Golda
4 months ago
I disagree with D, once a year isn't enough in today's fast-paced environment.
upvoted 0 times
...
Brendan
5 months ago
I think C is the best choice. Regular assessments keep us updated.
upvoted 0 times
...
Erinn
5 months ago
I'm a bit confused on this one. I'm not sure if the external auditor or the yearly assessment is the better approach. I'll have to think it through more.
upvoted 0 times
...
Brett
5 months ago
I think C is the best answer. Performing risk assessments at agreed intervals and maintaining them during changes seems like a good practice to me.
upvoted 0 times
Sheridan
4 months ago
Definitely! Changes can introduce new risks.
upvoted 0 times
...
Lelia
4 months ago
I agree, C makes the most sense. Regular assessments keep us updated.
upvoted 0 times
...
...

Save Cancel