Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 88

A company's web server availability was breached by a DDoS attack and was offline for 3 hours because it was not deemed a critical asset in the incident response playbook. Leadership has requested a risk assessment of the asset. An analyst conducted the risk assessment using the threat sources, events, and vulnerabilities. Which additional element is needed to calculate the risk?

Answer options

• A. assessment scope
• B. event severity and likelihood
• C. incident response playbook
• D. risk model framework

Correct answer: D

Explanation

To accurately calculate the risk, a risk model framework is essential as it provides the structure to evaluate the identified threats, vulnerabilities, and their potential impacts. The other options, while relevant, do not directly contribute to the calculation of risk in the same way that a risk model framework does.