New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca IT Risk Fundamentals Exam - Topic 1 Question 17 Discussion

Actual exam question for Isaca's IT Risk Fundamentals exam
Question #: 17
Topic #: 1
[All IT Risk Fundamentals Questions]

Which of the following risk response strategies involves the implementation of new controls?

Show Suggested Answer Hide Answer
Suggested Answer: A

Definition and Context:

Mitigation involves taking steps to reduce the severity, seriousness, or painfulness of something, often by implementing new controls or safeguards. This can include processes, procedures, or physical measures designed to reduce risk.

Avoidance means completely avoiding the risk by not engaging in the activity that generates the risk.

Acceptance means acknowledging the risk and choosing not to act, either because the risk is deemed acceptable or because there is no feasible way to mitigate or avoid it.

Application to IT Risk Management:

In IT risk management, Mitigation often involves implementing new controls such as security patches, firewalls, encryption, user authentication protocols, and regular audits to reduce risk levels.

This aligns with the principles outlined in various IT control frameworks and standards, such as ISA 315 which emphasizes the importance of controls in managing IT-related risks.

Conclusion:

Therefore, when considering risk response strategies involving the implementation of new controls, Mitigation is the correct answer as it specifically addresses the action of implementing measures to reduce risk.


by Jettie at Jul 08, 2025, 10:14 AM

Limited Time Offer

25%

Off

Get Premium IT Risk Fundamentals Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Willow
2 months ago
Are we sure it's not acceptance? Sounds off to me.
upvoted 0 times
...
Jacquelyne
2 months ago
A makes sense, totally agree with that!
upvoted 0 times
...
Starr
3 months ago
I thought avoidance was the right answer.
upvoted 0 times
...
Carli
3 months ago
Wait, new controls? Isn't that just more work?
upvoted 0 times
...
Chi
3 months ago
Definitely A, that's what mitigation is all about!
upvoted 0 times
...
Ardella
3 months ago
I'm a bit confused, but I feel like Mitigation is definitely the one that relates to adding controls. I hope I'm right!
upvoted 0 times
...
Johnna
4 months ago
Acceptance seems more like just acknowledging the risk without doing anything, so it can't be the right answer.
upvoted 0 times
...
Portia
4 months ago
I remember practicing a question like this, and I think Avoidance is about eliminating the risk altogether, not adding controls.
upvoted 0 times
...
Adell
4 months ago
I think the answer might be Mitigation since it involves implementing new controls, but I'm not completely sure.
upvoted 0 times
...
Cary
4 months ago
Yeah, I agree with Mitsue. Mitigation is the way to go here. Implementing new controls is the key to that strategy, so it has to be the right answer.
upvoted 0 times
...
Mitsue
4 months ago
Okay, I think I've got it. Mitigation is the risk response strategy that involves implementing new controls to manage the risk. The other options, Avoidance and Acceptance, don't involve adding new controls.
upvoted 0 times
...
Shakira
5 months ago
Hmm, I'm a little unsure about this one. I know Mitigation involves reducing the risk, but I can't remember if that's the same as implementing new controls. I'll have to think this through carefully.
upvoted 0 times
...
Ashlyn
5 months ago
This one seems pretty straightforward. I'm pretty sure the answer is Mitigation, since that involves implementing new controls to reduce the risk.
upvoted 0 times
...

Save Cancel