nerdexam
ExamsCAS-003Questions#398
CompTIA

CAS-003 · Question #398

CAS-003 Question #398: Real Exam Question with Answer & Explanation

The correct answer is B: Mitigate. The critical context is the risk committee's established aversion to accepting even minimal risk. Although 'Accept' (D) might seem logical given the vulnerability is minor and expensive to mitigate, the committee's track record makes risk acceptance unlikely to be approved. 'Avoi

Question

In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against. Which of the following strategies should the engineer recommended be approved FIRST?

Options

  • AAvoid
  • BMitigate
  • CTransfer
  • DAccept

Explanation

The critical context is the risk committee's established aversion to accepting even minimal risk. Although 'Accept' (D) might seem logical given the vulnerability is minor and expensive to mitigate, the committee's track record makes risk acceptance unlikely to be approved. 'Avoid' is not feasible since the project is already proposed. 'Transfer' (insurance/third party) is possible but doesn't address the technical vulnerability. 'Mitigate' (B) is the strategy that reduces the vulnerability to a level the committee can tolerate without outright accepting the risk - making it the most likely to gain approval from a risk-averse committee. The question asks what would be approved FIRST, not what is technically optimal.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice