Certified Incident Handler (ECIH v3) — Question 5
Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC. How many primary steps does NIST's risk assessment methodology involve?
Answer options
- A. Twelve
- B. Four
- C. Six
- D. Nine
Correct answer: C
Explanation
The correct answer is C, as NIST's risk assessment methodology comprises six primary steps designed to effectively evaluate and manage risks. Options A, B, and D are incorrect because they do not accurately reflect the number of steps outlined in NIST's framework.