nerdexam
(ISC)2

CISSP-ISSEP · Question #132

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the ris

The correct answer is C. Corrective action. Corrective action (C) is a valid risk response because it is a direct, intentional action taken to realign project performance with the plan - making it appropriate both as a planned contingency response and as a proactive measure when a high-probability threat looms. The other o

Risk Management

Question

Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

Options

  • AEarned value management
  • BRisk audit
  • CCorrective action
  • DTechnical performance measurement

How the community answered

(57 responses)
  • A
    4% (2)
  • B
    9% (5)
  • C
    72% (41)
  • D
    16% (9)

Explanation

Corrective action (C) is a valid risk response because it is a direct, intentional action taken to realign project performance with the plan - making it appropriate both as a planned contingency response and as a proactive measure when a high-probability threat looms. The other options describe monitoring and measurement tools, not responses.

  • A (Earned Value Management) is a performance measurement technique that tracks cost and schedule variance; it tells you how the project is performing, but doesn't act on the risk.
  • B (Risk Audit) is a review process that examines the effectiveness of risk responses already in place; it evaluates risk management, it doesn't respond to a risk event.
  • D (Technical Performance Measurement) compares planned vs. actual technical achievements during execution - again, a monitoring technique, not a response.

Memory tip: Think "respond vs. record/review/report." EVM, risk audits, and technical performance measurement are all ways to observe the project; only corrective action changes something. On the exam, if a risk needs a response, look for the option that actually does something to address the event.

Topics

#Risk Management#Project Risk#Risk Response#Corrective Action

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice