Certified Network Defender (CND) — Question 125

Management decides to implement a risk management system to reduce and maintain the organization's risk at an acceptable level. Which of the following is the correct order in the risk management phase?

Answer options

• A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review
• B. Risk Identification, Risk Assessment, Risk Monitoring & Review, Risk Treatment
• C. Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment
• D. Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification

Correct answer: A

Explanation

The correct sequence begins with Risk Identification, followed by Risk Assessment, then Risk Treatment, and finally Risk Monitoring & Review. This order is logical as you must first identify risks before assessing them, then treat the risks, and continuously monitor the effectiveness of the treatments. The other options misplace the steps, which could lead to ineffective risk management.