CISSP-ISSEP · Question #152
There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?
The correct answer is A. Acceptance. Acceptance is correct because it is one of the five responses to negative risks (threats) - alongside Avoid, Transfer, Mitigate, and Escalate. Acceptance means the team acknowledges the risk and decides not to change the project plan, either actively (preparing a contingency rese
Question
There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?
Options
- AAcceptance
- BEnhance
- CShare
- DExploit
How the community answered
(48 responses)- A92% (44)
- B4% (2)
- C2% (1)
- D2% (1)
Explanation
Acceptance is correct because it is one of the five responses to negative risks (threats) - alongside Avoid, Transfer, Mitigate, and Escalate. Acceptance means the team acknowledges the risk and decides not to change the project plan, either actively (preparing a contingency reserve) or passively (doing nothing and dealing with consequences if they occur).
Enhance (B), Share (C), and Exploit (D) are all responses to positive risks (opportunities), not threats. Exploit maximizes an opportunity, Enhance increases its probability or impact, and Share involves partnering with another party to capture the benefit.
Memory tip: Use the acronym "ATME-A" - Avoid, Transfer, Mitigate, Escalate, Accept for threats. For opportunities, flip the mindset: "ESEA" - Exploit, Share, Enhance, Accept. Notice that Accept and Escalate appear in both lists - they're the two universal responses that work for either type.
Topics
Community Discussion
No community discussion yet for this question.