Certified in Risk and Information Systems Control (CRISC) — Question 980
Which risk response strategy could management apply to both positive and negative risk that has been identified?
Answer options
- A. Accept
- B. Exploit
- C. Mitigate
- D. Transfer
Correct answer: A
Explanation
The correct answer is 'Accept' because it is a strategy that applies to both positive and negative risks, allowing the organization to acknowledge the risk without taking action. The other options, such as 'Exploit', 'Mitigate', and 'Transfer', are more specialized strategies that do not cover both types of risks equally.