312-50V11 · Question #255
Which of the following is considered an acceptable option when managing a risk?
The correct answer is C. Mitigate the risk.. Risk management defines four standard responses to identified risks - avoid, transfer, accept, and mitigate - and only mitigation appears among the valid answer choices.
Question
Which of the following is considered an acceptable option when managing a risk?
Options
- AReject the risk.
- BDeny the risk.
- CMitigate the risk.
- DInitiate the risk.
How the community answered
(37 responses)- A3% (1)
- B3% (1)
- C95% (35)
Why each option
Risk management defines four standard responses to identified risks - avoid, transfer, accept, and mitigate - and only mitigation appears among the valid answer choices.
Rejecting a risk is not a recognized risk management strategy - risks must be acknowledged and formally responded to through an accepted treatment option, not dismissed.
Denying a risk is not an accepted management option because denial implies refusing to acknowledge that the risk exists, which is not a legitimate or documentable control strategy.
Mitigating a risk means implementing security controls to reduce the likelihood or impact of the risk to an acceptable level. It is one of the four formally recognized risk response strategies defined in frameworks such as NIST SP 800-30 and ISO 31000, making it a legitimate and widely applied risk management option.
Initiating a risk has no meaning within risk management frameworks - organizations respond to identified risks, they do not initiate risks as a treatment action.
Concept tested: Risk management response strategies and mitigation
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
Topics
Community Discussion
No community discussion yet for this question.