The Chief Information Security Officer of a large multinational organization has asked the security risk manager to use risk scenarios during a risk analysis. Which of the following is the most likely reason for this approach?
❌ Why not the others?
A. To connect risks to business objectives
This is a broader risk management goal, but risk scenarios specifically help make risks relatable, not necessarily tie them directly to business objectives.
B. To ensure a consistent approach to risk
Consistency is achieved through frameworks and methodologies, not necessarily through scenarios.
C. To present a comprehensive view of risk
A comprehensive view involves looking at all risk categories and sources. Scenarios typically focus on specific examples, not the entire risk landscape.
D. To provide context to the relevancy of risk
✅ Explanation:
Risk scenarios are hypothetical situations that help an organization understand how risks could materialize in real-world terms, and what their impact would be. They provide a tangible context that makes abstract risks more understandable and relevant to business decision-makers.
By using risk scenarios, the security risk manager is:
Illustrating how a specific threat could affect the organization.
Helping prioritize risks based on their business impact and likelihood.
Providing clarity and context to stakeholders who may not be familiar with technical risk language.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CAS-005 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
vicbersong
1 month agovicbersong
1 month ago