Q: 10
Which of the following should be included in a risk scenario to be used for risk analysis?
Options
Discussion
B. threat type is part of building the scenario itself, the others come later. Pretty sure that's what ISACA expects here.
Its B, threat type is what you need for the scenario. Appetite and tolerance aren't part of the initial scenario setup.
B makes sense here because threat type is what defines the risk scenario up front. Stuff like risk appetite and residual risk come into play after, when you're analyzing or responding to the risk. I think ISACA always expects threat type for building scenarios but open to other views.
Guessing B. Threat type flips this because it's the actual scenario ingredient, not just an outcome or a preference like risk appetite or residual risk. Seen a similar question on some practice tests, but would double-check ISACA terminology.
C or D? Actually pretty sure it's B, since threat type is a core part of building out the risk scenario itself. Residual risk (D) is more about what remains after treatment, so that's not included up front. Not 100 percent if ISACA will always stick to this though.
Every CRISC practice set seems to throw this one in, always a pain. Probably B
Its B. Official guide and the CRISC manual both point to threat type as part of a risk scenario.
Maybe B. Threat type is what makes up the risk scenario for analysis, not appetite or tolerance. I'm still a bit unsure just because ISACA questions sometimes use odd phrasings, so feel free to push back if you see it differently.
A is wrong, D. Encountered exactly similar question in my exam last year and D was listed as the right piece.
B , threat type is the main thing you actually build the scenario around for analysis. Appetite and tolerance are more about organization limits, not scenario details. Almost sure ISACA wants B here but open to other logic.
Be respectful. No spam.
