Certified in Risk and Information Systems Control (CRISC) — Question 933

Which of the following is the PRIMARY reason for a risk practitioner to review an organization’s IT asset inventory?

Answer options

• A. To plan for the replacement of assets at the end of their life cycles
• B. To understand vulnerabilities associated with the use of the assets
• C. To calculate mean time between failures (MTBF) for the assets
• D. To assess requirements for reducing duplicate assets

Correct answer: B

Explanation

The correct answer is B because understanding vulnerabilities is crucial for managing risks associated with IT assets. The other options, while relevant to asset management, do not directly address the primary concern of risk assessment.