nerdexam
EC-Council

312-50V9 · Question #350

The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

The correct answer is C. Delegate. 'Delegate' is not a recognized risk response strategy; the five standard responses are Accept, Avoid, Transfer, Mitigate, and Exploit.

Introduction to Ethical Hacking

Question

The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

Options

  • AAccept
  • BMitigate
  • CDelegate
  • DAvoid

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    91% (21)

Why each option

'Delegate' is not a recognized risk response strategy; the five standard responses are Accept, Avoid, Transfer, Mitigate, and Exploit.

AAccept

Accept is a valid risk response where the organization acknowledges the risk and decides to proceed without additional controls, often when the cost of mitigation exceeds the potential impact.

BMitigate

Mitigate is a valid risk response that involves taking actions to reduce the probability or impact of a risk to an acceptable level.

CDelegateCorrect

Delegate is not one of the five standard risk response strategies recognized in risk management frameworks such as NIST SP 800-39 and PMBOK. Delegation may describe an administrative act of assigning responsibility, but it is not a strategy for addressing the risk itself. The five recognized responses are: Accept (acknowledge and live with the risk), Avoid (eliminate the activity causing the risk), Transfer (shift the risk to a third party such as through insurance), Mitigate (reduce the likelihood or impact), and Exploit (for positive risks or opportunities).

DAvoid

Avoid is a valid risk response where the organization changes its plans or activities to eliminate the risk or protect objectives from its impact.

Concept tested: Five standard risk response strategies in risk management

Source: https://csrc.nist.gov/publications/detail/sp/800-39/final

Topics

#risk response#risk management#risk treatment#security policy

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice