Andreas is conduting a rick assessment of a network. He ask: What is the target? How serious is the threat of intrusion? What is the probability of the threat occurring?
He is doing what?
A. Using the existing management and control architecture.
B. Evaluating the existing perimeter and internal security.
C. Analyzing, categorizing and prioritizing resources.
D. Considering the business concerns.

　　ahmao给解释一下吧
问题和答案我都看不大明白

　　i would choose C. Analyze to find out the possible source of attacks and categorizing them into importance or seriousness

　　i want to know not only the answer but also the reason.
because i want not to be a paper.

　　my answer still C. what Andreas was asking seemed to be the first stage of assessment before the system is being builted, tested and evaluated. just my 5 cent worth point of view