nerdexam
(ISC)2

CAP · Question #17

You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with th

The correct answer is B. These risks can be added to a low priority risk watch list.. Not all identified risks warrant a full risk response plan. Small, low-impact risks that are unlikely to significantly affect the project are best placed on a low-priority risk watch list. This allows the project team to monitor them without expending unnecessary resources on for

Security and Privacy Governance, Risk Management, and Compliance Program

Question

You and your project team are identifying the risks that may exist within your project. Some of the risks are small risks that won't affect your project much if they happen. What should you do with these identified risk events?

Options

  • AThese risks can be accepted.
  • BThese risks can be added to a low priority risk watch list.
  • CAll risks must have a valid, documented risk response.
  • DThese risks can be dismissed.

How the community answered

(34 responses)
  • A
    9% (3)
  • B
    71% (24)
  • C
    18% (6)
  • D
    3% (1)

Explanation

Not all identified risks warrant a full risk response plan. Small, low-impact risks that are unlikely to significantly affect the project are best placed on a low-priority risk watch list. This allows the project team to monitor them without expending unnecessary resources on formal response planning. Choice A (acceptance) is a valid strategy but less precise than a watch list for tracking. Choice C is incorrect - not all risks require a documented response; a watch list is sufficient for minor risks. Choice D is incorrect - risks should never simply be dismissed without documentation.

Topics

#Risk Management#Risk Identification#Risk Monitoring#Risk Response

Community Discussion

No community discussion yet for this question.

Full CAP Practice