In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.
Which of the following strategies should the engineer recommended be approved FIRST?
A. Avoid
B. Mitigate
C. Transfer
D. Accept
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Wouldn’t it be TRANSFER ?
I’m thinking you’ll “FIRST” (as stated in the question) try to mitigate and then either accept or transfer, which in this case would be latter.
B