Certified Ethical Hacker (CEH) — Question 108

What information should an IT system analysis provide to the risk assessor?

Answer options

• A. Management buy-in
• B. Threat statement
• C. Security architecture
• D. Impact analysis

Correct answer: C

Explanation

The correct answer, 'Security architecture', is essential for understanding how the system is designed to protect against threats. While 'Management buy-in', 'Threat statement', and 'Impact analysis' are important, they do not provide the comprehensive overview of the security measures in place that the security architecture does.