ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 486 discussion

Actual exam question from Isaca's CISA
Question #: 486
Topic #: 1
[All CISA Questions]

Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?

  • A. Impact assessment
  • B. Control self-assessment (CSA)
  • C. Risk classification
  • D. Risk identification
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ItsBananass at June 29, 2023, 2:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
a84n
7 months, 4 weeks ago
Selected Answer: A
Answer: A option A focuses specifically on evaluating the potential consequences or impact of identified risks. This assessment helps management understand the severity of each risk scenario, enabling them to prioritize mitigation efforts and allocate resources accordingly option C alone does not provide management with specific information on how to mitigate risks.
upvoted 2 times
...
Rachy
11 months, 1 week ago
Selected Answer: C
C. Risk Classification
upvoted 1 times
...
ItsBananass
1 year, 5 months ago
I think its.. C. Identify the owner and custody of the asset. Identify and list information systems assets of the organization. (List all interfacing applications, people, hardware or other containers for each asset.) Containers are the place where an information asset or data “lives” or any type of information asset (data) is stored transported or processed.3 Identify the security objectives of confidentiality, integrity and availability (CIA) and a weighting of the asset to conduct an impact assessment based upon the criticality of the asset to the operation of the company. Identify the asset’s security categories and its estimated value. Determine the threat and vulnerability’s quantitative value and rates. Estimate the probability of occurrence/likelihood of impact. Identify existing controls and perform a gap analysis
upvoted 1 times
ChaBum
9 months, 2 weeks ago
Risk Classification is not as obvious for people outside the Risk management system than Impact, which represent potential scenarios
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel