New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27005-Risk-Manager Exam - Topic 1 Question 10 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 10
Topic #: 1
[All ISO-IEC-27005-Risk-Manager Questions]

Scenario 1

The risk assessment process was led by Henry, Bontton's risk manager. The first step that Henry took was identifying the company's assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber attackers, as a great number of organizations were experiencing cyberattacks during that time. After analyzing the identified risks, Henry evaluated them and concluded that new controls must be implemented if the company wants to use the application. Among others, he stated that training should be provided to personnel regarding the use of the application and that awareness sessions should be conducted regarding the importance of protecting customers' personal data.

Lastly, Henry communicated the risk assessment results to the top management. They decided that the application will be used only after treating the identified risks.

Based on the scenario above, answer the following question:

Bontton established a risk management process based on ISO/IEC 27005, to systematically manage information security threats. Is this a good practice?

Show Suggested Answer Hide Answer
Suggested Answer: C

The information security risk assessment process, as outlined in ISO/IEC 27005, typically includes identifying risks, assessing their potential impact, and prioritizing them. However, selecting risk treatment options is not part of the risk assessment process itself; it is part of the subsequent risk treatment phase. Therefore, option C is the correct answer as it is not included in the risk assessment process.


by Delmy at Sep 17, 2024, 04:32 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gail
3 months ago
Wow, I didn’t know ISO/IEC 27005 was that comprehensive!
upvoted 0 times
...
Stevie
3 months ago
I think it’s a bit overkill for smaller companies, though.
upvoted 0 times
...
Harrison
3 months ago
Agreed, training and awareness are key parts of the process!
upvoted 0 times
...
Nicholle
4 months ago
Not sure if it covers all sectors equally, especially food.
upvoted 0 times
...
Hailey
4 months ago
Definitely a good practice, ISO/IEC 27005 is solid for info security!
upvoted 0 times
...
Elenor
4 months ago
I feel like I might be confused about the specifics, but I do remember that ISO/IEC 27005 is meant for managing information security risks, which makes A seem like the right choice.
upvoted 0 times
...
Marjory
4 months ago
I practiced similar questions, and I recall that ISO/IEC 27005 is applicable across various sectors, including food, so I don't think C is correct.
upvoted 0 times
...
Lettie
4 months ago
I'm not entirely sure, but I think ISO/IEC 27005 is more about information security specifically, not all types of threats. So, I might lean towards A as well.
upvoted 0 times
...
Paulina
5 months ago
I remember studying ISO/IEC 27005 and it definitely focuses on information security risk management, so I think option A makes sense.
upvoted 0 times
...
Gail
5 months ago
Based on the information provided, I believe the correct answer is A. The scenario clearly states that Bontton used ISO/IEC 27005 to systematically manage information security threats, which is exactly what the standard is designed to do. I feel confident in this response.
upvoted 0 times
...
Cordelia
5 months ago
I'm a little confused by the wording of the question. It's asking if this is a good practice, but the scenario seems to suggest that it is. I'll need to re-read the options carefully to make sure I'm selecting the right answer.
upvoted 0 times
...
Bettina
5 months ago
Okay, I think I've got this. The key is that the scenario specifically mentions Bontton establishing a risk management process based on ISO/IEC 27005. Since this standard provides guidelines for systematically managing information security threats, it seems like a good practice for the company to follow.
upvoted 0 times
...
Crista
5 months ago
Hmm, I'm a bit unsure about this one. The scenario talks about managing information security threats, but the question asks if using ISO/IEC 27005 is a good practice. I'll need to carefully review the details to make sure I understand the connection.
upvoted 0 times
...
Reiko
5 months ago
This seems like a straightforward question about the benefits of using ISO/IEC 27005 for information security risk management. The scenario provides good context, so I think I can confidently select the correct answer.
upvoted 0 times
...
Denise
5 months ago
I'm uncertain about the YouTube videos... I mean, they might not be as in-depth as what the customer needs.
upvoted 0 times
...
Patti
9 months ago
Wait, Bontton is in the food sector? Oh man, they're gonna need more than just ISO/IEC 27005 to protect their customers' data. Better call in the cybersecurity chefs!
upvoted 0 times
...
Eva
9 months ago
I'm not so sure. Doesn't ISO/IEC 27005 only apply to the IT sector? I'm not convinced it's the right framework for a company in the food industry.
upvoted 0 times
...
Mignon
10 months ago
I agree, following ISO/IEC 27005 is a best practice. It helps organizations like Bontton stay ahead of the curve when it comes to cybersecurity.
upvoted 0 times
Devora
8 months ago
I agree, following ISO/IEC 27005 is a best practice. It helps organizations like Bontton stay ahead of the curve when it comes to cybersecurity.
upvoted 0 times
...
Jacquelyne
9 months ago
B) Yes, ISO/IEC 27005 provides guidelines to systematically manage all types of threats that organizations may face
upvoted 0 times
...
Jacinta
9 months ago
A) Yes, ISO/IEC 27005 provides guidelines for information security risk management that enable organizations to systematically manage information security threats
upvoted 0 times
...
...
Alecia
10 months ago
ISO/IEC 27005 is definitely the way to go for managing information security risks. It provides a structured approach to identifying, analyzing, and treating those threats.
upvoted 0 times
Karl
9 months ago
B) Yes, ISO/IEC 27005 provides guidelines to systematically manage all types of threats that organizations may face
upvoted 0 times
...
Virgilio
9 months ago
ISO/IEC 27005 is a great framework for managing information security risks.
upvoted 0 times
...
Jody
9 months ago
A) Yes, ISO/IEC 27005 provides guidelines for information security risk management that enable organizations to systematically manage information security threats
upvoted 0 times
...
...
Nana
10 months ago
I think it's important to have a systematic approach to managing information security threats, so I also believe that using ISO/IEC 27005 is a good practice.
upvoted 0 times
...
Horace
10 months ago
I agree with Ellsworth. Using ISO/IEC 27005 for information security risk management is a good practice.
upvoted 0 times
...
Ellsworth
11 months ago
A) Yes, ISO/IEC 27005 provides guidelines for information security risk management that enable organizations to systematically manage information security threats.
upvoted 0 times
...

Save Cancel