This is incorrect. Some risks can be eliminated completely through risk mitigation, transfer, or avoidance. But most risks are not totally addressed cause it is not cost-effective or practical... but it is possible in some cases.
It says "the most important outcome", not "the most desirable outcome". For sure you want to eliminate the risk at 100%, if possible, but the most IMPORTANT is A
Word "elimination" really bothers me, but it is the best answer, since since some risks can indeed be eliminated though risk treatment option such as risk avoidance. If you stop doing the thing that brings risk, you effectively eliminated the risk, for all intents and purposes.
A. Implementation of corrective actions is the correct answer. B. Elimination of risk is an ideal that cannot be achieved. It's like striving for the ideal of perfection. According to CISM Review Manual: Preparing for ISACA Certified Information Security Manager Exam by Gwen Bettwy, Mark Williams, Mike Beevers, Eliminating risk is not always practical or feasible.
I go with A- Implementation of corrective actions. The manner in which B is worded is not the correct answer because risk can never be eliminated until there is no risk left. Risk can only be mitigated.
The goal of risk treatment is to reduce the level of risk to an acceptable level that aligns with the organization's risk appetite and objectives. The closest one to this is (B) Elimination of Risk.
Rationale:
A. Implementation of corrective actions is incorrect cause this takes place after the risk has been realized, but the goal of risk treatment is preventative (i.e. before the risk is realized)
C. Timely reporting of incidents is great, but it does nothing to address risks.
D. Reduced cost of acquiring controls is great, but it does not reduce the risk.
The most important outcome of effective risk treatment is the elimination or reduction of risk to an acceptable level. This is accomplished by implementing appropriate controls and measures to mitigate the potential impact of identified risks. Other outcomes, such as implementation of corrective actions, timely reporting of incidents and reduced cost of acquiring controls, are important aspects of risk management, but they are ultimately secondary to achieving the primary goal of reducing or eliminating risk.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
bambs
Highly Voted 1 year, 11 months agodark_3k03r
1 year, 8 months agoMarcelus1714
11 months, 2 weeks agoshootnot
Most Recent 8 months agoSalilgen
10 months agoAlexJacobson
11 months, 2 weeks agoSoleandheel
1 year, 1 month agoMarcovic00
1 year, 1 month agoNillanash
1 year, 5 months agorichck102
1 year, 6 months agodark_3k03r
1 year, 8 months agoBroesweelies
1 year, 11 months agojennarink13
1 year, 6 months agoAlexJacobson
11 months, 2 weeks ago