Exam ISO-IEC-27005-Risk-Manager Topic 3 Question 6 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 6
Topic #: 3
Which statement regarding information gathering techniques is correct?

Suggested Answer: B Vote an answer

ISO/IEC 27005 supports the use of various information-gathering techniques, including technical tools, to identify and assess risks. Technical tools such as vulnerability scanners and asset management software can help organizations identify technical vulnerabilities and compile a list of assets that are critical for risk assessment. This aligns with the standard's recommendation to use automated tools for an effective risk assessment process. Option B is correct because it accurately describes an effective information-gathering technique.
Reference:
ISO/IEC 27005:2018, Clause 8.2, "Risk Identification," which discusses using tools and techniques to identify risks.

by Theodore at Apr 08, 2025, 09:57 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10