The finance department has started to use a new payment system that requires strict PII security restrictions on various network devices. The company decides to enforce the restrictions and configure all devices appropriately. Which of the following risk response strategies is being used?
A. Avoid
B. Mitigate
C. Transfer
D. Accept
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
D – Accept
Not A: Was the old system replaced because it could not adequately protect PII? If that is true then the new system might be considered avoiding that risk. The question didn’t indicate it so it cannot be assumed.
Not C: Nothing in the question indicates that it might be valid.
Not B: Since the new system requires to new restrictions and configurations to operate, implementing them is not a risk response but an operational requirement. Mitigating risk associated with PII would require implementing additional security beyond the system requirements.
mitigate
B – mitigate
Agreed.