Exam ISO-IEC-27035-Lead-Incident-Manager Topic 2 Question 64 Discussion
Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam
Question #: 64
Topic #: 2
Question #: 64
Topic #: 2
Scenario 3: L&K Associates is a graphic design firm headquartered in Johannesburg, South Africa. It specializes in providing innovative and creative design solutions to clients across various industries. With offices in multiple parts of the country, they effectively serve clients, delivering design solutions that meet their unique needs and preferences.
In its commitment to maintaining information security, L&K Associates is implementing an information security incident management process guided by ISO/IEC 27035-1 and ISO/IEC 27035-2. Leona, the designated leader overseeing the implementation of the incident management process, customized the scope of incident management to align with the organization's unique requirements. This involved specifying the IT systems, services, and personnel involved in the incident management process while excluding potential incident sources beyond those directly related to IT systems and services.
In scenario 3, which technique did L&K Associates use for its risk analysis process?
In its commitment to maintaining information security, L&K Associates is implementing an information security incident management process guided by ISO/IEC 27035-1 and ISO/IEC 27035-2. Leona, the designated leader overseeing the implementation of the incident management process, customized the scope of incident management to align with the organization's unique requirements. This involved specifying the IT systems, services, and personnel involved in the incident management process while excluding potential incident sources beyond those directly related to IT systems and services.
In scenario 3, which technique did L&K Associates use for its risk analysis process?
Suggested Answer: C Vote an answer
Comprehensive and Detailed Explanation From Exact Extract:
In the scenario, Leona used a methodology that estimates "practical values for consequences and their probabilities," which clearly points to a quantitative risk analysis approach.
Quantitative risk analysis, as defined in ISO/IEC 27005:2018, involves assigning numerical values (e.g., monetary impact, frequency rates) to both the probability and consequence of risks. This allows for risk prioritization based on actual or estimated figures, enabling data-driven decisions on mitigation strategies.
Qualitative analysis uses descriptive categories (e.g., high/medium/low), and semi-quantitative methods mix ranking scales with partial numeric estimations - neither of which are described in this scenario.
Reference:
ISO/IEC 27005:2018, Clause 8.3.3: "Quantitative risk analysis estimates the probability and impact of risk using numerical values to derive a risk level." Therefore, the correct answer is C: Quantitative risk analysis.
-
In the scenario, Leona used a methodology that estimates "practical values for consequences and their probabilities," which clearly points to a quantitative risk analysis approach.
Quantitative risk analysis, as defined in ISO/IEC 27005:2018, involves assigning numerical values (e.g., monetary impact, frequency rates) to both the probability and consequence of risks. This allows for risk prioritization based on actual or estimated figures, enabling data-driven decisions on mitigation strategies.
Qualitative analysis uses descriptive categories (e.g., high/medium/low), and semi-quantitative methods mix ranking scales with partial numeric estimations - neither of which are described in this scenario.
Reference:
ISO/IEC 27005:2018, Clause 8.3.3: "Quantitative risk analysis estimates the probability and impact of risk using numerical values to derive a risk level." Therefore, the correct answer is C: Quantitative risk analysis.
-
by Norma at Nov 09, 2025, 10:28 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).