nerdexam
ExamsCRISCQuestions#125
IsacaIsaca

CRISC · Question #125

CRISC Question #125: Real Exam Question with Answer & Explanation

The correct answer is B: Accept. Accepting a risk, either positive or negative, is a strategy where management acknowledges the risk but decides not to take action, allowing for either the potential gain or loss to occur.

Submitted by viktor_hu· Apr 18, 2026Risk Response and Reporting

Question

Which risk response strategy could management apply to both positive and negative risk that has been identified?

Options

  • ATransfer
  • BAccept
  • CExploit
  • DMitigate

Explanation

Accepting a risk, either positive or negative, is a strategy where management acknowledges the risk but decides not to take action, allowing for either the potential gain or loss to occur.

Common mistakes.

  • A. Transferring risk (e.g., through insurance) typically applies to negative risks, shifting the financial burden to a third party.
  • C. Exploit is a strategy specifically for positive risks (opportunities), aiming to increase the probability or impact of the beneficial outcome.
  • D. Mitigate (or treat) is a strategy primarily for negative risks, aiming to reduce the probability or impact of an adverse event.

Concept tested. Risk response strategies for positive and negative risks

Reference. https://csrc.nist.gov/publications/detail/sp/800-39/final

Topics

#Risk Response#Risk Acceptance#Positive Risk#Negative Risk

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CRISC PracticeBrowse All CRISC Questions