Question 94
Main Page
You’re conducting a risk evaluation using ISO 27005. What are you doing at this stage?
A. Documenting executive names
B. Estimating likelihood and impact of identified risks
C. Deploying endpoint protection
D. Tracking antivirus updates
Answer: B. Estimating likelihood and impact of identified risks
Risk evaluation builds on analysis by applying thresholds and priorities based on business objectives and risk criteria.