Certified Ethical Hacker (CEH v11) — Question 289

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is
50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

Answer options

• A. Accept the risk
• B. Introduce more controls to bring risk to 0%
• C. Mitigate the risk
• D. Avoid the risk

Correct answer: A

Explanation

Accepting the risk is the best decision since the current risk level of 10% is below the established threshold of 20%. Introducing more controls to reduce the risk to 0% may be unnecessary and costly, while mitigating the risk is not needed as it is already acceptable. Avoiding the risk is impractical and could lead to loss of business opportunities.