nerdexam
PMI

PMI-RMP · Question #504

An organization with a large computer network identified a potential cyber security threat. Although certain measures were implemented to avoid the risk, the cyber security threat occurs. The measures

The correct answer is D. Apply a work around to eliminate or mitigate the impact of the threat.. When a risk occurs and the planned response only partially succeeds, and a new unforeseen risk emerges, a workaround is the correct tool. A workaround is an unplanned response developed in real time to deal with risks that were not previously identified or whose responses were in

Risk Monitoring and Reporting

Question

An organization with a large computer network identified a potential cyber security threat. Although certain measures were implemented to avoid the risk, the cyber security threat occurs. The measures were partially successful and a new unforeseen risk emerges. What should the risk owner do?

Options

  • ADevelop an efficient network protection solution quickly to mitigate the risk.
  • BEscalate the case to the risk manager and wait for their instructions.
  • CConduct an analysis to determine the root cause of the failed response.
  • DApply a work around to eliminate or mitigate the impact of the threat.

How the community answered

(42 responses)
  • A
    5% (2)
  • B
    2% (1)
  • C
    12% (5)
  • D
    81% (34)

Explanation

When a risk occurs and the planned response only partially succeeds, and a new unforeseen risk emerges, a workaround is the correct tool. A workaround is an unplanned response developed in real time to deal with risks that were not previously identified or whose responses were insufficient. As the risk owner, this person has the authority and responsibility to act immediately. Option A (developing a long-term protection solution) is too slow for an active, unfolding threat. Option B (escalating and waiting) is passive and may allow the situation to worsen before any action is taken. Option C (root cause analysis) is valuable but is a post-incident activity-the immediate priority is to contain or mitigate the active impact.

Topics

#Risk response failure#Issue management#Workarounds#Secondary risk

Community Discussion

No community discussion yet for this question.

Full PMI-RMP Practice