CAS-003 · Question #275
CAS-003 Question #275: Real Exam Question with Answer & Explanation
The correct answer is B: Avoid, transfer, mitigate, and accept.. The four universally accepted risk treatment (response) options in risk management frameworks (ISO 31000, NIST RMF, CISA, CompTIA) are: Avoid (eliminate the activity causing the risk), Transfer (shift the risk to a third party, e.g., insurance), Mitigate (reduce likelihood or imp
Question
Options
- ARisk reduction, risk sharing, risk retention, and risk acceptance.
- BAvoid, transfer, mitigate, and accept.
- CRisk likelihood, asset value, and threat level.
- DCalculate risk by determining technical likelihood and potential business impact.
Explanation
The four universally accepted risk treatment (response) options in risk management frameworks (ISO 31000, NIST RMF, CISA, CompTIA) are: Avoid (eliminate the activity causing the risk), Transfer (shift the risk to a third party, e.g., insurance), Mitigate (reduce likelihood or impact), and Accept (acknowledge and tolerate the residual risk). Option B correctly names all four. Option A uses different terminology ('risk retention' instead of 'accept', 'risk sharing' instead of 'transfer') and is less standard. Options C and D describe risk assessment and calculation activities, not treatment options. A controls assessment specifically evaluates which treatment has been applied to each identified risk.
Community Discussion
No community discussion yet for this question.