Q: 6
A common misconception about Enterprise Security Risk Management (ESRM) is that it is the same
as Enterprise Risk Management (ERM). which covers all risk for the business. What is the other
misconception?
Options
Discussion
Option B. D is a classic distractor here, people mix up ESRM with structural convergence but the real misconception is treating it like any other program. Pretty sure that's what exam reports say.
Its B. ESRM gets confused a lot with being just another security program or add-on when it's actually broader, more of a whole management approach. D talks about convergence, but that's not really the core misconception they're asking for. Pretty sure B is what they're fishing for here, but open to other takes.
D imo. I remember a similar scenario from labs where D was actually flagged as the main misconception, not B.
A or C
A is wrong, B. ESRM isn't just a new program or element you plug into existing security-it’s a philosophy that spans the enterprise. Some guides mention this confusion so I’m pretty sure B fits, but open to corrections.
B not C or D this time.
D I actually remember seeing that picked in some similar exam reports. Not sure if that's right but D was common.
D , seen mixed takes in practice tests and official guide. Anyone else pick D from recent exam reports?
B
I remember a similar scenario from labs, and pretty sure it's B. ESRM often gets mistaken for just another security program, but it's actually a broader strategy, not a standalone project. Not fully confident if other options could be traps though. Agree?
Be respectful. No spam.
