The answer B for this stem question - Analyzing risk scenario, does not make much sense. I think the closest answer would be D and it is also not quite a good answer.
Analyzing risk scenarios primarily aims to determine the potential impact (loss) and the likelihood of that impact occurring due to the realization of the given scenarios. This assessment provides an understanding of the loss expectancy, which is crucial for risk management decisions.
D. Assessing loss expectancy.
The main reason for analyzing risk scenarios is to assess the loss expectancy associated with each scenario. This analysis helps organizations understand the potential impact and consequences of specific risks if they were to materialize. By quantifying the potential losses, organizations can prioritize their risk management efforts and allocate resources effectively to mitigate or manage the most critical risks. This process supports informed decision-making and helps organizations focus on the risks that matter most to their objectives and stakeholders.
Going with D. In the ISACA Review Manual 7th Edition, sec 2.4.4, page 113 the focus of analysis of risk scenarios is all about understanding impact of the scenario, so D aligns the most.
I will chose D even if the idiots at ISACA mark it false.
Analyzing risk scenarios is a key step in the risk management process. It involves identifying potential risks, evaluating their likelihood and potential impact, and determining the measures that can be taken to mitigate or manage them. One of the key objectives of analyzing risk scenarios is to assess the loss expectancy associated with each scenario. This involves estimating the potential financial, operational, or reputational losses that may result from the occurrence of each risk scenario.
There are a lot of ISACA certification candidates who are tired of the cryptic and unintuitive orientation of some questions, but here we are. Hussmohsin has perfectly expressed how we feel, but it is true that in the CRISC (7th) manual, within the section on 'development of risk scenarios' for IT, it is indicated 'deduce complex scenarios from simple scenarios showing impact and dependencies'. For example, a scenario where there is a risk of a major hardware failure can be combined with a disaster recovery plan failure scenario.
Should be D - https://www.isaca.org/resources/isaca-journal/past-issues/2012/using-scenario-analysis-for-managing-technology-risk
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hussmohsin
Highly Voted 3 years, 3 months agoRooks
Highly Voted 3 years, 8 months agoeblue
Most Recent 7 months, 3 weeks agoStaanlee
7 months, 3 weeks agoCbtL
1 year agoKoulyo
1 year, 1 month agojohn_boogieman
1 year, 3 months agoSuchib
1 year, 4 months agoRaj1510
2 years, 3 months agoTsuresh
3 years, 2 months ago