PECB Lead Implementer (ISO/IEC 27001) — Question 41

What risk treatment option has Company A implemented if it has required from its employees the change of email passwords at least once every 60 days?

Answer options

Correct answer: A

Explanation

The correct answer is A, Risk modification, as requiring regular password changes is a proactive measure to reduce the likelihood of unauthorized access. Risk avoidance would imply eliminating the risk entirely, which is not the case here, and risk retention means accepting the risk without taking any action, which is not aligned with the password change policy.