ISACA IT Risk Fundamentals — Question 1

Which of the following is an example of an inductive method to gather information?

Answer options

• A. Controls gap analysis
• B. Vulnerability analysis
• C. Penetration testing

Correct answer: A

Explanation

Controls gap analysis is an inductive method because it involves assessing current controls and identifying deficiencies to gather insights about potential risks. In contrast, vulnerability analysis and penetration testing are more deductive as they focus on identifying specific weaknesses or exploiting them, rather than gathering data inductively.