CAS-005 · Question #292
CAS-005 Question #292: Real Exam Question with Answer & Explanation
The correct answer is A: Assess the residual risk.. After applying mitigations that reduce the likelihood of a risk's impact, the next step is to assess the residual risk--the risk that remains after controls are implemented. This ensures the organization understands if the mitigation is sufficient or if further action is needed,
Question
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?
Options
- AAssess the residual risk.
- BUpdate the organization's threat model.
- CMove to the next risk in the register.
- DRecalculate the magnitude of the impact.
Explanation
After applying mitigations that reduce the likelihood of a risk's impact, the next step is to assess the residual risk--the risk that remains after controls are implemented. This ensures the organization understands if the mitigation is sufficient or if further action is needed, aligning with risk management best practices.
Community Discussion
No community discussion yet for this question.