CERTIFIED-IN-CYBERSECURITY · Question #305
CERTIFIED-IN-CYBERSECURITY Question #305: Real Exam Question with Answer & Explanation
The correct answer is B: Acknowledging that certain risks are too costly or impractical to mitigate and accepting the. Risk acceptance is a component of the risk management process that involves recognizing when it may be more practical or cost-effective to accept a certain level of risk rather than attempting to eliminate it entirely (see ISC2 Study Guide, Module 2, under Risk Treatment). This d
Question
In the risk management process, which of the following best describes the concept of 'risk acceptance'?
Options
- AImplementing controls and countermeasures to eliminate all risks
- BAcknowledging that certain risks are too costly or impractical to mitigate and accepting the
- CIgnoring potential risks and their impacts
- DAvoiding the need for a risk management process
Explanation
Risk acceptance is a component of the risk management process that involves recognizing when it may be more practical or cost-effective to accept a certain level of risk rather than attempting to eliminate it entirely (see ISC2 Study Guide, Module 2, under Risk Treatment). This decision is an informed choice typically based on the organization's risk appetite and on carefully analyzing the potential costs and benefits of implementing additional controls or countermeasures. By contrast, implementing controls and countermeasures to eliminate all risks, ignoring potential risks and their impacts, and avoiding the need for a risk management process are all incorrect options, as these approaches do not accurately describe the concept of informed choice underlying risk
Topics
Community Discussion
No community discussion yet for this question.