sorry for confusion i think its D. BIA identifies what is critical, making it possible to know which threats matter most , VA identifies weaknesses, but doesn’t assess business relevance or impact, and PT Focuses on technical weaknesses, not on the relevance or impact of threats on business processes
B. Vulnerability Assessment identify weakness in the system, then map them with relevant threat actor to expose them.
PT is done after VA to validate , can someone get in?
A vulnerability assessment is the most effective process to determine the relevance of threats for specific risk scenarios because it:
Identifies weaknesses or exposures in systems, applications, or processes.
Helps correlate which threats are actually applicable based on known vulnerabilities.
Enables risk practitioners to prioritize risk scenarios based on realistic threat vectors.
By understanding the organization’s vulnerabilities, practitioners can determine which threats are relevant and likely to be exploited, making the risk scenario more accurate and actionable.
I think A is the most correct answer, reason being that threats exploits vulnerabilities so unless a threat exploits a vulnerability a risk event would not occur.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
faed87a
3Â weeks, 6Â days agofaed87a
3Â weeks, 6Â days agofaed87a
3Â weeks, 6Â days agofaed87a
3Â weeks, 6Â days agod9iceguy
1Â month, 1Â week agokaykaymuon
3Â months, 1Â week agoRozitas
5Â months, 2Â weeks ago