nerdexam
(ISC)2

CISSP-ISSEP · Question #152

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?

The correct answer is A. Acceptance. Acceptance is correct because it is one of the five responses to negative risks (threats) - alongside Avoid, Transfer, Mitigate, and Escalate. Acceptance means the team acknowledges the risk and decides not to change the project plan, either actively (preparing a contingency rese

Risk Management

Question

There are seven risk responses for any project. Which one of the following is a valid risk response for a negative risk event?

Options

  • AAcceptance
  • BEnhance
  • CShare
  • DExploit

How the community answered

(48 responses)
  • A
    92% (44)
  • B
    4% (2)
  • C
    2% (1)
  • D
    2% (1)

Explanation

Acceptance is correct because it is one of the five responses to negative risks (threats) - alongside Avoid, Transfer, Mitigate, and Escalate. Acceptance means the team acknowledges the risk and decides not to change the project plan, either actively (preparing a contingency reserve) or passively (doing nothing and dealing with consequences if they occur).

Enhance (B), Share (C), and Exploit (D) are all responses to positive risks (opportunities), not threats. Exploit maximizes an opportunity, Enhance increases its probability or impact, and Share involves partnering with another party to capture the benefit.

Memory tip: Use the acronym "ATME-A" - Avoid, Transfer, Mitigate, Escalate, Accept for threats. For opportunities, flip the mindset: "ESEA" - Exploit, Share, Enhance, Accept. Notice that Accept and Escalate appear in both lists - they're the two universal responses that work for either type.

Topics

#Risk response strategies#Negative risk#Risk management#Project risk management

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice