exam questions

Exam CRISC All Questions

View all questions & answers for the CRISC exam

Exam CRISC topic 1 question 915 discussion

Actual exam question from Isaca's CRISC
Question #: 915
Topic #: 1
[All CRISC Questions]

An organization has decided to postpone the assessment and treatment of several risk scenarios because stakeholders are unavailable. As a result of this decision, the risk associated with these new entries has been:

  • A. accepted
  • B. mitigated
  • C. deferred
  • D. transferred
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cyberbugnx
3 months, 3 weeks ago
Selected Answer: C
When an organization postpones the assessment and treatment of risk scenarios due to stakeholder unavailability or other reasons, the risk is considered "deferred." This means the organization has chosen to delay action on the risk until a later time, rather than accepting, mitigating, or transferring it.
upvoted 1 times
...
Kennethlim79
1 year, 3 months ago
The best answer is C. deferred. Here's why: Postponed assessment and treatment: The organization has chosen to delay the assessment and treatment of the risks. This means that the risks have not been addressed in any way, and their potential impact remains unmitigated. Risk remains unaddressed: By delaying the assessment and treatment, the organization has essentially chosen to not address the risks at this time. This does not mean that the risks have been eliminated or resolved; they simply remain unaddressed and unmitigated. Deferred action: Deferring action implies that the organization intends to address the risks at a later date. This is different from accepting or transferring the risks, which would involve permanently relinquishing responsibility for them.
upvoted 1 times
...
eblue
1 year, 5 months ago
Selected Answer: D
According to ISACA, when an organization decides to postpone the assessment and treatment of several risk scenarios because stakeholders are unavailable, the risk associated with these new entries is deferred. : Communicating Information Security Risk Simply and Effectively, Part 2: A Three-Step Process for Top Management
upvoted 2 times
...
CbtL
1 year, 10 months ago
Selected Answer: A
It is A. There's no such thing as defer in ISACA materials for risk treatment options.
upvoted 1 times
...
john_boogieman
2 years, 1 month ago
Selected Answer: A
Some reasoning is a bit scary and can be solved simply with a little study of the basics. Obviously there is no risk treatment action that is 'deferring it' and 'avoiding it' means that the treatment associated with the risk is no longer carried out. Doing nothing means that the organization is accepting the risk.
upvoted 3 times
...
GRamos
2 years, 2 months ago
Risk Avoidance. They did not move on with the activity. Meaning they avoided the action. In other words deferred.
upvoted 1 times
...
[Removed]
2 years, 4 months ago
A is correct. No such thing as deferred risk. Change can be deferred.
upvoted 2 times
...
johnwalters
2 years, 5 months ago
A is correct
upvoted 2 times
...
Kozy
2 years, 5 months ago
Selected Answer: A
TBH this is the first time I heard 'deffer' as risk response strategy. If they postponed the risk response due to certain reasons they accepted the risk as it will be untreated until stakeholders are not available.
upvoted 4 times
CbtL
1 year, 10 months ago
Defer is definitely not a concept in the 7th edition review manual.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago