PMI-RMP · Question #621
PMI-RMP Question #621: Real Exam Question with Answer & Explanation
The correct answer is C: Reassess the inherent risk level.. Residual risk refers to the remaining risk after implementing risk responses or controls. In this scenario, despite the policy requiring complex passwords and regular updates, some employees' inability to comply increases the likelihood of password compromise. This non-compliance
Question
A company has implemented a policy requirement for employees to use complex passwords and update them regularly. A few employees are unable to make the changes, which increases the likelihood of cybercriminals compromising their passwords. What should the risk manager do?
Options
- AIncrease the residual risk monitoring.
- BIncrease the inherent risk monitoring.
- CReassess the inherent risk level.
- DReassess the residual risk level.
Explanation
Residual risk refers to the remaining risk after implementing risk responses or controls. In this scenario, despite the policy requiring complex passwords and regular updates, some employees' inability to comply increases the likelihood of password compromise. This non-compliance elevates the residual risk beyond acceptable levels. The risk manager should reassess the residual risk to determine its current status and evaluate whether additional controls or actions are necessary to mitigate the heightened threat. This reassessment ensures that the organization's risk management strategies remain effective and aligned with its security
Topics
Community Discussion
No community discussion yet for this question.