Risk management
⏱ ~3-min readAceMark GuideWhat this topic is really about
Qualitative risk assessment categorizes the likelihood and impact of threats using descriptive terms rather than precise numerical values. This approach is useful when exact data are unavailable or when stakeholders need a straightforward understanding of risk levels. Quantitative methods assign monetary values, while hybrid combines both, and asset valuation focuses on asset worth.
Regular testing through tabletop exercises and drills ensures that the incident response team remains familiar with their roles and that the plan stays updated against evolving threats. In contrast, testing only after a real breach (Option C) is too late, as unaddressed flaws in the plan could lead to catastrophic damage during an actual security incident.
See the mechanism
Penetration testing involves actively exploiting discovered vulnerabilities to evaluate system defenses, whereas vulnerability scans simply identify and report potential weaknesses without exploiting them. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
A vulnerability scan differs from a penetration test because:
- Identify what the question tests: A vulnerability scan differs from a penetration test because:.
- Penetration testing involves actively exploiting discovered vulnerabilities to evaluate system defenses, whereas vulnerability scans simply identify and report potential weaknesses without exploiting them.
- Option D is incorrect because penetration tests rely heavily on manual expertise and simulated attacks rather than automated tools alone.
Traps the examiner sets
- Option D is incorrect because penetration tests rely heavily on manual expertise and simulated attacks rather than automated tools alone.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Risk management and see it stick.
Practice more of this topic →