Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB Exam ISO-IEC-27005-Risk-Manager Topic 1 Question 16 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 16
Topic #: 1
[All ISO-IEC-27005-Risk-Manager Questions]

Which statement regarding information gathering techniques is correct?

Show Suggested Answer Hide Answer
Suggested Answer: C

ISO/IEC 27005 advises that even after risks have been treated, any residual risks should be continuously monitored and reviewed. This is necessary to ensure that they remain within acceptable levels and that any changes in the internal or external environment do not escalate the risk beyond acceptable thresholds. Monitoring also ensures that the effectiveness of the controls remains adequate over time. Option A is incorrect because all risks, including those meeting the risk acceptance criteria, should be monitored. Option B is incorrect because monitoring is necessary regardless of the perceived severity if it occurs, to detect changes early.


by Joanna at Jan 23, 2025, 02:09 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Mari
1 months ago
Option B all the way! Gotta use all the tools in the toolbox to get a complete picture. Who needs those old-fashioned questionnaires anyway?
upvoted 0 times
Billye
8 days ago
Questionnaires can be helpful too, but I see your point about using all available tools.
upvoted 0 times
...
Rory
27 days ago
I agree, using technical tools can really help identify vulnerabilities.
upvoted 0 times
...
...
Herman
2 months ago
Personally, I think option B covers the bases. Leveraging technology to gather intel is a smart way to go about it.
upvoted 0 times
...
Carlton
2 months ago
Ha! Option C is a bit too narrow-minded. You need input from a variety of personnel, not just the security managers.
upvoted 0 times
...
Theola
2 months ago
I disagree with option A. Gathering feedback from a range of stakeholders is crucial for understanding the full scope of information security concerns.
upvoted 0 times
Selma
5 days ago
I believe option B is more effective. Using technical tools can help identify vulnerabilities and assess risks accurately.
upvoted 0 times
...
Marleen
8 days ago
I agree with you. It's important to gather feedback from a diverse group of people to fully understand the information security landscape.
upvoted 0 times
...
Nell
1 months ago
I think option A is not the best approach. We need input from various stakeholders to get a comprehensive view of information security.
upvoted 0 times
...
...
Nichelle
2 months ago
Option B sounds like the right approach to me. Using technical tools to identify vulnerabilities and assess assets is key for a thorough risk assessment.
upvoted 0 times
Annabelle
17 days ago
Technical tools can help organizations stay ahead of potential security threats.
upvoted 0 times
...
Joaquin
22 days ago
It's important to have a holistic approach when gathering information for risk assessment.
upvoted 0 times
...
Ivette
1 months ago
I agree, using technical tools can provide a more comprehensive view of potential risks.
upvoted 0 times
...
...
Renea
3 months ago
I agree with Laura. Option C makes more sense for information gathering techniques.
upvoted 0 times
...
Laura
3 months ago
I disagree, I believe option C is the correct statement. Interviews should be conducted with those responsible for security.
upvoted 0 times
...
Keneth
3 months ago
I think option B is correct. Technical tools can help identify vulnerabilities.
upvoted 0 times
...

Save Cancel