CompTIA Security+ (SY0-701) — Question 448

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

Answer options

• A. Risk assessment
• B. Risk identification
• C. Risk treatment
• D. Risk monitoring and review

Correct answer: B

Explanation

The correct answer is B, as risk identification is specifically focused on recognizing potential risks and defining the project's scope. A, risk assessment, typically involves evaluating the identified risks, while C, risk treatment, refers to managing the risks, and D, risk monitoring and review, is about ongoing oversight of risk management efforts.