nerdexam
ExamsCAS-003Questions#665
CompTIA

CAS-003 · Question #665

CAS-003 Question #665: Real Exam Question with Answer & Explanation

The correct answer is C: Accept the risk. Residual risk is the risk that remains after all feasible controls have been implemented. When the board has denied additional budget and all planned controls are in place, the organization has exhausted its options for further mitigation or transfer without new funding. The appr

Question

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?

Options

  • ATransfer the risk
  • BBaseline the risk.
  • CAccept the risk
  • DRemove the risk

Explanation

Residual risk is the risk that remains after all feasible controls have been implemented. When the board has denied additional budget and all planned controls are in place, the organization has exhausted its options for further mitigation or transfer without new funding. The appropriate and realistic response is to accept the risk - formally acknowledging it exists and documenting the decision. Transferring risk (e.g., via insurance) requires budget and a deliberate action plan. Removing the risk would require additional resources. 'Baselining' risk is a measurement activity, not a risk treatment strategy.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice