Which of the following strategies would be BEST?

A financial institution’s information security officer is working with the risk management officer to determine what to do with the institution’s residual risk after all security controls have been implemented. Considering the institution’s very low risk tolerance, which of the following strategies would be BEST?
A. Transfer the risk.
B. Avoid the risk
C. Mitigate the risk.
D. Accept the risk.

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.

comptia-exams

2 thoughts on “Which of the following strategies would be BEST?

  1. A

    I agree with A. Residual risk is risk that can’t be avoided or mitigated. Since this company is very risk adverse it wouldn’t accept the risk, it would transfer it (buy insurance)

  2. risky question, I agree with A though. Answer B and C would be incorrect, because both are part of the “security controls” already implemented. Considering the institution “very low risk tolerance”, it is not wise to just accept the risk without trying to transfer (insurance).

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.