312-50V10 · Question #255
Which of the following is considered an acceptable option when managing a risk?
The correct answer is C. Mitigate the risk.. Risk management has four accepted responses - avoid, accept, transfer, and mitigate. Only mitigation is listed among the choices as a valid option.
Question
Which of the following is considered an acceptable option when managing a risk?
Options
- AReject the risk.
- BDeny the risk.
- CMitigate the risk.
- DInitiate the risk.
How the community answered
(23 responses)- A4% (1)
- B4% (1)
- C91% (21)
Why each option
Risk management has four accepted responses - avoid, accept, transfer, and mitigate. Only mitigation is listed among the choices as a valid option.
Rejecting a risk is not a recognized risk management strategy - risks must be formally responded to through accepted methods, not dismissed.
Denying a risk is not a valid response option and implies ignoring the risk exists, which is never acceptable practice.
Mitigating a risk means implementing controls to reduce its likelihood or impact to an acceptable level. This is one of the four standard risk response strategies alongside risk avoidance, risk acceptance, and risk transference. These strategies are formally recognized in frameworks such as NIST SP 800-37 and are tested on certifications like CompTIA Security+.
Initiating a risk is not a response strategy - it describes creating or starting a risk, which is the opposite of managing one.
Concept tested: Risk management response strategies
Source: https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final
Topics
Community Discussion
No community discussion yet for this question.