nerdexam
EC-Council

312-50V11 · Question #483

The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

The correct answer is C. Delegate. The five standard risk response strategies do not include 'Delegate'; that term is not recognized in any major risk management framework.

Information Security and Ethical Hacking Fundamentals

Question

The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

Options

  • AAccept
  • BMitigate
  • CDelegate
  • DAvoid

How the community answered

(29 responses)
  • A
    3% (1)
  • C
    93% (27)
  • D
    3% (1)

Why each option

The five standard risk response strategies do not include 'Delegate'; that term is not recognized in any major risk management framework.

AAccept

Accept is a valid risk response where the organization acknowledges the risk and consciously decides to take no action to alter its probability or impact.

BMitigate

Mitigate is a valid risk response that reduces the likelihood or impact of a risk to an acceptable threshold through controls or countermeasures.

CDelegateCorrect

Delegate is not one of the five recognized risk response strategies in frameworks such as PMBOK or NIST SP 800-30. The standard five responses are Accept, Mitigate, Transfer, Avoid, and Exploit (or Reject in some frameworks). Delegating responsibility does not constitute a formal risk response strategy on its own.

DAvoid

Avoid is a valid risk response that eliminates the risk entirely by removing the cause or changing the plan to sidestep the threat.

Concept tested: Standard risk management response strategy categories

Source: https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Topics

#risk response#risk management#risk strategies#risk treatment

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice