ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 353 discussion

Actual exam question from CompTIA's CAS-004
Question #: 353
Topic #: 1
[All CAS-004 Questions]

A company is acquiring a competitor, and the security team is performing due diligence activities on the competitor prior to the acquisition. The team found a recent compliance audit of the competitor's environment that shows a mature security infrastructure, but it lacks a cohesive policy and process framework. Based on the audit findings, the security team determines the competitor's existing security capabilities are sufficient, but they will need to incorporate additional security policies. Which of the following risk management strategies is the security team recommending?

  • A. Mitigate and avoid
  • B. Transfer and accept
  • C. Avoid and transfer
  • D. Accept and mitigate
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by CoinUmbrella at Sept. 13, 2023, 8:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
weaponxcel
8 months ago
Selected Answer: D
D. Accept and mitigate risk management strategy. The security team is accepting the risk that the competitor's existing security policies and procedures are not comprehensive enough. However, the team is also mitigating this risk by implementing additional security policies.
upvoted 2 times
...
32d799a
8 months, 1 week ago
Selected Answer: D
Based on the above, the security team is: Accepting the existing security capabilities because they have deemed them sufficient. Planning to mitigate the lack of cohesive policy and process framework by incorporating additional security policies.
upvoted 1 times
...
Johnxyzzzz
9 months ago
Selected Answer: D
Accept and mitigate. The team accepts the risk and implements controls to mitigate the risk.
upvoted 1 times
...
CXSSP
9 months, 1 week ago
Selected Answer: D
The security team has determined that the competitor's existing security capabilities are sufficient, but they will need to incorporate additional security policies due to the lack of a cohesive policy and process framework. In this context, the recommended risk management strategy would indeed be: D. Accept and mitigate The security team acknowledges that the competitor already has sufficient security capabilities. They plan to accept this aspect but also recognize the need to mitigate the risk posed by the lack of a cohesive policy and process framework by incorporating additional security policies.
upvoted 1 times
...
CoinUmbrella
9 months, 2 weeks ago
Selected Answer: C
Avoid and Transfer
upvoted 1 times
Ariel235788
8 months, 3 weeks ago
Risk Avoidance is NOT a real thing. Its impossible to "avoid" risk
upvoted 1 times
ThatGuyOverThere
7 months, 3 weeks ago
Risk avoidance is a real thing. It's the wrong answer to this question but it exists. If a company determines an application they were using has a vulnerability that has no patch and no patch will be developed, they could decide to completely stop using the application. That would be risk avoidance.
upvoted 6 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel