Certified Secure Software Lifecycle Professional (CSSLP) — Question 7

Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure. What risk response has been enacted in this project?

Answer options

• A. Mitigation
• B. Transference
• C. Acceptance
• D. Avoidance

Correct answer: D

Explanation

The correct answer is Avoidance, as Bill and Virginia have chosen to eliminate the risk by removing the project requirements associated with it. Mitigation involves reducing the impact or likelihood of a risk, transference shifts the risk to another party, and acceptance means acknowledging the risk without taking action to change it, none of which apply in this situation.