Certified Incident Handler (ECIH v3) — Question 70

In which of the steps of NIST's risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the system identified?

Answer options

• A. Likelihood Determination
• B. Control recommendation
• C. System characterization
• D. Control analysis

Correct answer: C

Explanation

The correct answer is C, System characterization, as it specifically involves identifying the boundaries of the IT system and detailing its resources and information. The other options do not focus on defining the system's limits; A deals with assessing risks' frequency, B is about suggesting controls, and D evaluates controls' effectiveness.