nerdexam
EC-Council

312-50V10 · Question #255

Which of the following is considered an acceptable option when managing a risk?

The correct answer is C. Mitigate the risk.. Risk management has four accepted responses - avoid, accept, transfer, and mitigate. Only mitigation is listed among the choices as a valid option.

Information Security and Ethical Hacking Fundamentals

Question

Which of the following is considered an acceptable option when managing a risk?

Options

  • AReject the risk.
  • BDeny the risk.
  • CMitigate the risk.
  • DInitiate the risk.

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    91% (21)

Why each option

Risk management has four accepted responses - avoid, accept, transfer, and mitigate. Only mitigation is listed among the choices as a valid option.

AReject the risk.

Rejecting a risk is not a recognized risk management strategy - risks must be formally responded to through accepted methods, not dismissed.

BDeny the risk.

Denying a risk is not a valid response option and implies ignoring the risk exists, which is never acceptable practice.

CMitigate the risk.Correct

Mitigating a risk means implementing controls to reduce its likelihood or impact to an acceptable level. This is one of the four standard risk response strategies alongside risk avoidance, risk acceptance, and risk transference. These strategies are formally recognized in frameworks such as NIST SP 800-37 and are tested on certifications like CompTIA Security+.

DInitiate the risk.

Initiating a risk is not a response strategy - it describes creating or starting a risk, which is the opposite of managing one.

Concept tested: Risk management response strategies

Source: https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final

Topics

#risk management#risk mitigation#risk acceptance#security governance

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice