U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin ITSM20F.EN Exam - Topic 2 Question 120 Discussion

Which of the following is a best practice concerning Information Security Risk assessment?
C) Information Security Risk assessments should be performed at agreed intervals and be maintained during Changes.
A) Information Security Risk assessments should be carried out by an external auditor to maintain objectivity.
B) Information Security Risk assessments should be performed as a result of the review of every Incident.
D) Information Security Risk assessments should be performed once a year.

Exin ITSM20F.EN Exam - Topic 2 Question 120 Discussion

Actual exam question for Exin's ITSM20F.EN exam
Question #: 120
Topic #: 2
[All ITSM20F.EN Questions]

Which of the following is a best practice concerning Information Security Risk assessment?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Susy at Nov 22, 2025, 11:07 AM

Limited Time Offer

25%

Off

Get Premium ITSM20F.EN Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Yong
2 months ago
C balances consistency and adaptability. Makes sense!
upvoted 0 times
...
Merilyn
2 months ago
D is outdated. Risks change too fast for yearly checks.
upvoted 0 times
...
Ashlyn
2 months ago
B is too reactive. We need a proactive approach.
upvoted 0 times
...
Charlette
2 months ago
A sounds good too, but external audits can be costly.
upvoted 0 times
...
Beatriz
2 months ago
Agreed! C ensures we adapt to changes quickly.
upvoted 0 times
...
Tegan
3 months ago
Wait, people actually think D is a best practice? That's shocking!
upvoted 0 times
...
Annett
3 months ago
B makes sense too, incidents should trigger reviews for sure!
upvoted 0 times
...
Josue
3 months ago
A sounds good, but can we really trust external auditors completely?
upvoted 0 times
...
Catarina
3 months ago
C is definitely the way to go! Regular assessments keep things secure.
upvoted 0 times
...
Jess
4 months ago
C is the correct answer. Gotta stay on top of those risks, not just do it annually.
upvoted 0 times
...
Annabelle
4 months ago
Haha, D? Once a year? That's like checking your smoke alarm batteries once a decade. C is the clear winner here.
upvoted 0 times
...
Ilona
4 months ago
I'm going with C. Performing risk assessments on a schedule and during changes is a best practice.
upvoted 0 times
...
Jean
4 months ago
C is the way to go. Consistency is key when it comes to risk management.
upvoted 0 times
...
Chanel
4 months ago
Definitely C. Performing risk assessments at regular intervals and during changes is crucial for effective information security.
upvoted 0 times
...
Matilda
5 months ago
C) Information Security Risk assessments should be performed at agreed intervals and be maintained during Changes.
upvoted 0 times
...
Jennifer
5 months ago
I vaguely recall that assessments should be ongoing, not just once a year like option D suggests. That seems too infrequent.
upvoted 0 times
...
Kimbery
5 months ago
I feel like option A could be valid since objectivity is important, but I’m not convinced it’s the best practice overall.
upvoted 0 times
...
Rory
5 months ago
I’m not entirely sure, but I think we practiced a question that mentioned the importance of timing in risk assessments. Could that relate to option C too?
upvoted 0 times
...
Miriam
5 months ago
Option C is the way to go. Consistent, scheduled risk assessments that are updated as changes occur is crucial for effective information security management.
upvoted 0 times
...
Ahmed
5 months ago
I'm leaning towards C as well. Performing regular assessments and keeping them current seems like the best way to proactively manage information security risks.
upvoted 0 times
...
Camellia
6 months ago
C definitely seems like the most comprehensive and practical approach. Maintaining risk assessments during changes is really important for keeping security up-to-date.
upvoted 0 times
...
Tuyet
6 months ago
I remember discussing how regular assessments are crucial, so I think option C makes the most sense.
upvoted 0 times
...
Golda
6 months ago
I disagree with D, once a year isn't enough in today's fast-paced environment.
upvoted 0 times
...
Brendan
7 months ago
I think C is the best choice. Regular assessments keep us updated.
upvoted 0 times
...
Erinn
7 months ago
I'm a bit confused on this one. I'm not sure if the external auditor or the yearly assessment is the better approach. I'll have to think it through more.
upvoted 0 times
...
Brett
7 months ago
I think C is the best answer. Performing risk assessments at agreed intervals and maintaining them during changes seems like a good practice to me.
upvoted 0 times
Raymon
1 month ago
I like C as well. Consistency is key in security!
upvoted 0 times
...
Gail
1 month ago
A is good too, but C feels more proactive.
upvoted 0 times
...
Willow
2 months ago
C is solid. We need to adapt as our systems evolve.
upvoted 0 times
...
Sheridan
6 months ago
Definitely! Changes can introduce new risks.
upvoted 0 times
...
Lelia
6 months ago
I agree, C makes the most sense. Regular assessments keep us updated.
upvoted 0 times
...
...

Save Cancel