New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27005-Risk-Manager Exam - Topic 1 Question 20 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 20
Topic #: 1
[All ISO-IEC-27005-Risk-Manager Questions]

According to CRAMM methodology, how is risk assessment initiated?

Show Suggested Answer Hide Answer
Suggested Answer: A

According to the CRAMM (CCTA Risk Analysis and Management Method) methodology, risk assessment begins by collecting detailed information on the system and identifying all assets that fall within the defined scope. This foundational step ensures that the assessment is comprehensive and includes all relevant assets, which could be potential targets for risk. This makes option A the correct answer.


by Natalie at Apr 09, 2025, 10:08 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Leonardo
2 months ago
I thought it was C at first, but A makes more sense.
upvoted 0 times
...
Susana
2 months ago
Wait, are we sure it's not B? Seems like a valid point too.
upvoted 0 times
...
Delpha
3 months ago
Totally agree, A is the way to go!
upvoted 0 times
...
Jill
3 months ago
Huh, I always thought risk assessment started with identifying risks, not assets.
upvoted 0 times
...
Andra
3 months ago
It's definitely A, you start with the assets.
upvoted 0 times
...
Stephaine
3 months ago
I thought it was about determining methods for managing risks, but that seems more like a later step in the process.
upvoted 0 times
...
Ceola
4 months ago
I feel like the first step is about understanding the assets, but I could be mixing it up with another framework.
upvoted 0 times
...
Camellia
4 months ago
I remember a practice question that emphasized identifying security risks first, but that might be a different methodology.
upvoted 0 times
...
Zona
4 months ago
I think risk assessment starts with gathering information about the system and its assets, but I'm not entirely sure.
upvoted 0 times
...
Noble
4 months ago
I'm feeling pretty confident about this one. The CRAMM methodology starts by gathering information on the system and identifying the key assets that need to be assessed for risk. That's the logical first step.
upvoted 0 times
...
Domonique
4 months ago
Okay, I've got this. The first step in CRAMM is to gather information on the system and identify the assets that need to be protected. That's the foundation for the whole risk assessment process.
upvoted 0 times
...
Tiffiny
5 months ago
Hmm, I'm a little unsure about this one. I know CRAMM is a risk assessment methodology, but I can't quite remember the specific steps. I'll have to think this through carefully.
upvoted 0 times
...
Rosenda
5 months ago
I think the key here is to focus on the first step of the CRAMM methodology, which is gathering information on the system and identifying assets. That seems like the logical starting point for risk assessment.
upvoted 0 times
...
Afton
9 months ago
Option A is the way to go. It's like trying to paint a picture without having any canvas or paints - you need to set up the basics before you can start creating. Plus, it's the only one that mentions 'system', and we all know systems are the backbone of risk assessment.
upvoted 0 times
Garry
8 months ago
User 4: Setting up the basics is key before diving into risk assessment.
upvoted 0 times
...
Juliana
8 months ago
User 3: Without identifying assets, how can you even begin to assess the risks?
upvoted 0 times
...
James
8 months ago
User 2: I agree, gathering information on the system is crucial for risk assessment.
upvoted 0 times
...
Clarence
9 months ago
User 1: Option A is definitely the way to go.
upvoted 0 times
...
...
Gayla
10 months ago
I'm gonna go with option A. It's like trying to solve a mystery without any clues - you need to gather the information first before you can start identifying the risks. Plus, it's the only one that mentions 'assets', and who doesn't love a good asset?
upvoted 0 times
Gussie
8 months ago
User 3: Definitely, without that initial step, it would be hard to assess the risks accurately.
upvoted 0 times
...
Felix
8 months ago
User 2: Yeah, gathering information on the system and identifying assets makes sense.
upvoted 0 times
...
Jamika
9 months ago
User 1: I agree, option A seems like the logical first step.
upvoted 0 times
...
...
Rory
10 months ago
I believe determining methods and procedures for managing risks is also important in the risk assessment process.
upvoted 0 times
...
Janey
10 months ago
Option A sounds like the logical starting point. Gotta know what you're working with before you can figure out the risks, right? It's like going on a hike without a map - not a great idea.
upvoted 0 times
Eliseo
9 months ago
Noel: It's all about being prepared and knowing what you're up against.
upvoted 0 times
...
Ria
9 months ago
User 3: Once you have that information, then you can start identifying the risks.
upvoted 0 times
...
Noel
10 months ago
User 2: Definitely, you need to know what assets you have to protect.
upvoted 0 times
...
Dacia
10 months ago
User 1: Option A sounds like the logical starting point.
upvoted 0 times
...
...
Mariko
10 months ago
I agree with Cassie, that's how CRAMM methodology starts the risk assessment process.
upvoted 0 times
...
Cassie
10 months ago
I think risk assessment is initiated by gathering information on the system and identifying assets within the scope.
upvoted 0 times
...
Silvana
11 months ago
I think gathering information on the system and identifying assets within the scope is the way to initiate risk assessment. It's like building a strong foundation before tackling the risks.
upvoted 0 times
Darell
9 months ago
I agree, it's important to have a solid understanding of the system before assessing risks.
upvoted 0 times
...
Erick
9 months ago
C) By determining methods and procedures for managing risks
upvoted 0 times
...
Kimberely
9 months ago
B) By identifying the security risks
upvoted 0 times
...
Ammie
9 months ago
A) By gathering information on the system and identifying assets within the scope
upvoted 0 times
...
Anisha
9 months ago
True, once you have the information, you can then pinpoint the specific risks to address.
upvoted 0 times
...
Barney
10 months ago
B) By identifying the security risks
upvoted 0 times
...
Graciela
10 months ago
That makes sense, it's important to know what you're working with before assessing risks.
upvoted 0 times
...
Joanna
10 months ago
A) By gathering information on the system and identifying assets within the scope
upvoted 0 times
...
...

Save Cancel