IIA Exam IIA-CCSA Topic 12 Question 101 Discussion

Actual exam question for IIA's IIA-CCSA exam

Question #: 101
Topic #: 12

[All IIA-CCSA Questions]

Which if the following is Correct?

AVulnerability/control risk is determined after ranking control activities.

BVulnerability/control risk is determined after ranking risk assessment.

CVulnerability/control risk is determined after ranking inherent risk.

DVulnerability/control risk is determined after ranking competence and integrity values.

Show Suggested Answer

Suggested Answer: C

by Quentin at May 02, 2025, 12:53 PM

Limited Time Offer

25%

Off

Get Premium IIA-CCSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lang

1 months ago

I think Freeman is right, because inherent risk is the starting point for determining vulnerability/control risk.

upvoted 0 times

...

Vallie

1 months ago

But don't we need to assess the control activities first before determining the vulnerability/control risk?

upvoted 0 times

...

Jose

2 months ago

Haha, I bet the answer is D. Gotta rank those competence and integrity values, you know? That's the key to everything!

upvoted 0 times

...

Freeman

2 months ago

I disagree, I believe it's C) Vulnerability/control risk is determined after ranking inherent risk.

upvoted 0 times

...

Salome

2 months ago

Hmm, I'm not sure about that. I think option B makes more sense - ranking risk assessment should come before vulnerability/control risk.

upvoted 0 times

Maryln

20 days ago

I see your point, but I still think option B is the most logical choice in this scenario.

upvoted 0 times

...

Cristina

28 days ago

I think option C could also be a possibility. Ranking inherent risk before vulnerability/control risk could be important.

upvoted 0 times

...

Thurman

1 months ago

I agree, option B does make more sense. Ranking risk assessment first is crucial.

upvoted 0 times

...

Vallie

2 months ago

I think the correct answer is A) Vulnerability/control risk is determined after ranking control activities.

upvoted 0 times

...

Jennifer

2 months ago

I think option C is the correct answer. Vulnerability/control risk is determined after ranking inherent risk.

upvoted 0 times

Valentin

29 days ago

I'm not sure, but I think it might be option B, vulnerability/control risk is determined after ranking risk assessment.

upvoted 0 times

...

Cecily

30 days ago

I think it's actually option A, vulnerability/control risk is determined after ranking control activities.

upvoted 0 times

...

Karol

1 months ago

I agree with you, option C is the correct answer.

upvoted 0 times

...