ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 59 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 59
Topic #: 1
[All 312-50v11 Questions]

Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is
50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

  • A. Accept the risk
  • B. Introduce more controls to bring risk to 0%
  • C. Mitigate the risk
  • D. Avoid the risk
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by [deleted] at Oct. 26, 2021, 7:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Germ8790
Highly Voted 1 year, 9 months ago
It says it dropped to 10%, not by 10%. Tripped me up
upvoted 11 times
...
bpareja
Most Recent 8 months, 2 weeks ago
Selected Answer: A
It is below the threshold of the company 10<20%
upvoted 2 times
...
qovert
9 months, 1 week ago
Answer: A Since the risk level has been reduced to 10%, which is below the risk threshold of 20%, it is acceptable for the project to continue without introducing additional controls. Accepting the risk means acknowledging and monitoring the residual risk while carrying on with the project. The other options would involve additional cost, effort, or project changes that may not be necessary, given that the current risk level is below the established threshold.
upvoted 2 times
...
piccolopersiano
9 months, 2 weeks ago
C. Why not mitigate
upvoted 2 times
...
Shekhdaviraj
10 months, 1 week ago
C. Mitigate the risk The best risk decision in this scenario would be to mitigate the risk. This means implementing additional controls or measures to further reduce the risk of a breach in the main company application.
upvoted 1 times
...
guspukeydo
10 months, 1 week ago
C. Mitigate the risk The best risk decision in this scenario would be to mitigate the risk. This means implementing additional controls or measures to further reduce the risk of a breach in the main company application.
upvoted 1 times
...
DataTraveler
11 months ago
The keys here are the business profit and the fact that the threshold of 20% was already more than satisfied.
upvoted 2 times
...
[Removed]
2 years, 2 months ago
why not mitigate a risk?
upvoted 2 times
Snipa_x
2 years, 1 month ago
Yes plus one to Silascarter.
upvoted 2 times
...
Silascarter
2 years, 1 month ago
This is called Residual Risk. Your risk level can never be Zero as no security is absolute.
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel