nerdexam
ExamsCAS-001Questions#315
CompTIA

CAS-001 · Question #315

CAS-001 Question #315: Real Exam Question with Answer & Explanation

The correct answer is B: Avoid, transfer, mitigate, and accept.. Answer B (Avoid, Transfer, Mitigate, Accept) is correct because these are the four universally recognized risk treatment/response options used in frameworks such as NIST SP 800-39, ISO 31000, and CASP+. 'Avoid' means eliminating the risk by not undertaking the activity; 'Transfer

Question

Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment?

Options

  • ARisk reduction, risk sharing, risk retention, and risk acceptance.
  • BAvoid, transfer, mitigate, and accept.
  • CRisk likelihood, asset value, and threat level.
  • DCalculate risk by determining technical likelihood and potential business impact.

Explanation

Answer B (Avoid, Transfer, Mitigate, Accept) is correct because these are the four universally recognized risk treatment/response options used in frameworks such as NIST SP 800-39, ISO 31000, and CASP+. 'Avoid' means eliminating the risk by not undertaking the activity; 'Transfer' means shifting risk to a third party (e.g., insurance, outsourcing); 'Mitigate' means reducing likelihood or impact through controls; 'Accept' means acknowledging the residual risk and taking no further action. Answer A uses alternative synonyms (reduction, sharing, retention) that are less standard in formal risk frameworks. Answer C describes risk inputs/factors, not response options. Answer D describes a calculation methodology, not response options.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice