SY0-501 · Question #561
SY0-501 Question #561: Real Exam Question with Answer & Explanation
The correct answer is A: Transference. When a company moves to a third-party managed and insured cloud service, it shifts financial and operational responsibility for associated risks to that external provider, which is the definition of risk transference.
Question
A company recently replaced its unsecure email server with a cloud-based email and collaboration solution that is managed and insured by a third party. Which of the following actions did the company take regarding risks related to its email and collaboration services?
Options
- ATransference
- BAcceptance
- CMitigation
- DDeterrence
Explanation
When a company moves to a third-party managed and insured cloud service, it shifts financial and operational responsibility for associated risks to that external provider, which is the definition of risk transference.
Common mistakes.
- B. Acceptance means the company acknowledges the risk and chooses to do nothing about it, which is not the case here since the company actively replaced its insecure server with a third-party solution.
- C. Mitigation involves reducing the likelihood or impact of a risk through internal controls or improvements, but moving to a fully managed and insured third-party service transfers rather than internally reduces the risk.
- D. Deterrence involves discouraging threat actors from targeting the organization through warnings or consequences, which has no relevance to replacing an email server with a cloud-based managed service.
Concept tested. Risk management strategy: transference vs other responses
Community Discussion
No community discussion yet for this question.