PECB ISO-IEC-27005-Risk-Manager Exam - Topic 2 Question 27 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam

Question #: 27
Topic #: 2

[All ISO-IEC-27005-Risk-Manager Questions]

Does information security reduce the impact of risks?

AYes, information security reduces risks and their impact by protecting the organization against threats and vulnerabilities

BNo, information security does not have an impact on risks as information security and risk management are separate processes

CYes, information security reduces the impact of risks by eliminating the likelihood of exploitation of vulnerabilities by threats

Show Suggested Answer

Suggested Answer: A

Information security aims to protect information assets against threats and vulnerabilities that could lead to unauthorized access, disclosure, alteration, or destruction. By implementing effective security measures (such as access controls, encryption, and monitoring), an organization reduces the likelihood of vulnerabilities being exploited and mitigates the potential impact of risks. According to ISO/IEC 27005, risk management in information security includes identifying, assessing, and applying controls to reduce both the likelihood and impact of potential risks. Thus, option A is correct because it acknowledges the role of information security in reducing the impact of risks. Option B is incorrect because information security is a key component of risk management, and option C is incorrect because information security does not eliminate risks entirely; it mitigates their impact.

by Theola at Apr 03, 2026, 11:52 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27005-Risk-Manager Questions as Interactive Web-Based Practice Test or PDF